WiFoo..The.Secrets.of.Wireless.Hacking [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

WiFoo..The.Secrets.of.Wireless.Hacking [Electronic resources] - نسخه متنی

Andrew A. Vladimirov

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Wi-Foo

Table of Contents

Copyright

Acknowledgments

About the Authors

Introduction

Why Does Wi-Foo Exist and for Whom Did We Write It?

What About the Funky Name?

How This Book Is Organized

Chapter 1. Real World Wireless Security

Why Do We Concentrate on 802.11 Security?

Getting a Grip on Reality: Wide Open 802.11 Networks Around Us

The Future of 802.11 Security: Is It as Bright as It Seems?

Summary

Chapter 2. Under Siege

Why Are "They" After Your Wireless Network?

Wireless Crackers: Who Are They?

Corporations, Small Companies, and Home Users: Targets Acquired

Target Yourself: Penetration Testing as Your First Line of Defense

Summary

Chapter 3. Putting the Gear Together: 802.11 Hardware

PDAs Versus Laptops

PCMCIA and CF Wireless Cards

Antennas

RF Amplifiers

RF Cables and Connectors

Summary

Chapter 4. Making the Engine Run: 802.11 Drivers and Utilities

Operating System, Open Source, and Closed Source

The Engine: Chipsets, Drivers, and Commands

Getting Used to Efficient Wireless Interface Configuration

Summary

Chapter 5. Learning to WarDrive: Network Mapping and Site Surveying

Active Scanning in Wireless Network Discovery

Monitor Mode Network Discovery and Traffic Analysis Tools

Tools That Use the iwlist scan Command

RF Signal Strength Monitoring Tools

Summary

Chapter 6. Assembling the Arsenal: Tools of the Trade

Encryption Cracking Tools

Wireless Frame-Generating Tools

Wireless Encrypted Traffic Injection Tools: Wepwedgie

Access Point Management Utilities

Summary

Chapter 7. Planning the Attack

The "Rig"

Network Footprinting

Site Survey Considerations and Planning

Proper Attack Timing and Battery Power Preservation

Stealth Issues in Wireless Penetration Testing

An Attack Sequence Walk-Through

Summary

Chapter 8. Breaking Through

The Easiest Way to Get in

A Short Fence to Climb: Bypassing Closed ESSIDs, MAC, and Protocols Filtering

Picking a Trivial Lock: Various Means of Cracking WEP

Picking the Trivial Lock in a Less Trivial Way: Injecting Traffic to Accelerate WEP Cracking

Field Observations in WEP Cracking

Cracking TKIP: The New Menace

The Frame of Deception: Wireless Man-in-the-Middle Attacks and Rogue Access Points Deployment

Breaking the Secure Safe

The Last Resort: Wireless DoS Attacks

Summary

Chapter 9. Looting and Pillaging: The Enemy Inside

Step 1: Analyze the Network Traffic

Step 2: Associate to WLAN and Detect Sniffers

Step 3: Identify the Hosts Present and Perform Passive Operating System Fingerprinting

Step 4: Scan and Exploit Vulnerable Hosts on WLAN

Step 5: Take the Attack to the Wired Side

Step 6: Check Wireless-to-Wired Gateway Egress Filtering Rules

Summary

Chapter 10. Building the Citadel: An Introduction to Wireless LAN Defense

Wireless Security Policy: The Cornerstone

Layer 1 Wireless Security Basics

The Usefulness of WEP, Closed ESSIDs, MAC Filtering, and SSH Port Forwarding

Secure Wireless Network Positioning and VLANs

Deploying a Linux-Based, Custom-Built Hardened Wireless Gateway

Proprietary Improvements to WEP and WEP Usage

802.11i Wireless Security Standard and WPA: The New Hope

Summary

Chapter 11. Introduction to Applied Cryptography: Symmetric Ciphers

Introduction to Applied Cryptography and Steganography

Modern-Day Cipher Structure and Operation Modes

Bit by Bit: Streaming Ciphers and Wireless Security

The Quest for AES

Between DES and AES: Common Ciphers of the Transition Period

Selecting a Symmetric Cipher for Your Networking or Programming Needs

Summary

Chapter 12. Cryptographic Data Integrity Protection, Key Exchange, and User Authentication Mechanisms

Cryptographic Hash Functions

Dissecting an Example Standard One-Way Hash Function

Hash Functions, Their Performance, and HMACs

Asymmetric Cryptography: A Different Animal

Summary

Chapter 13. The Fortress Gates: User Authentication in Wireless Security

RADIUS

Installation of FreeRADIUS

User Accounting

RADIUS Vulnerabilities

RADIUS-Related Tools

802.1x: The Gates to Your Wireless Fortress

LDAP

NoCat: An Alternative Method of Wireless User Authentication

Summary

Chapter 14. Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs

Why You Might Want to Deploy a VPN

VPN Topologies Review: The Wireless Perspective

Common VPN and Tunneling Protocols

Alternative VPN Implementations

The Main Player in the Field: IPSec Protocols, Operations, and Modes Overview

Deploying Affordable IPSec VPNs with FreeS/WAN

Summary

Chapter 15. Counterintelligence: Wireless IDS Systems

Categorizing Suspicious Events on WLANs

Examples and Analysis of Common Wireless Attack Signatures

Radars Up! Deploying a Wireless IDS Solution for Your WLAN

Summary

Afterword

Appendix A. Decibel-Watts Conversion Table

Appendix B. 802.11 Wireless Equipment

Appendix C. Antenna Irradiation Patterns

Omni-Directionals:

Semi-Directionals:

Highly-directionals

Appendix D. Wireless Utilities Manpages

1 Iwconfig

2 Iwpriv

3 Iwlist

4 Wicontrol

5 Ancontrol

Appendix E. Signal Loss for Obstacle Types

Appendix F. Warchalking Signs

Original Signs

Proposed New Signs

Appendix G. Wireless Penetration Testing Template

Arhont Ltd Wireless Network Security and Stability Audit Checklist Template

1 Reasons for an audit

2 Preliminary investigations

3 Wireless site survey

4 Network security features present

5 Network problems / anomalies detected

6 Wireless penetration testing procedure

7 Final recommendations

Appendix H. Default SSIDs for Several Common 802.11 Products

Glossary

Index

index_SYMBOL

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_J

index_K

index_L

index_M

index_N

index_O

index_P

index_Q

index_R

index_S

index_T

index_U

index_V

index_W

index_X

index_Y

index_Z
توضیحات
افزودن یادداشت جدید














Corporations, Small Companies, and Home Users: Targets Acquired




There is a general misconception that only large enterprises are at risk from cracking, wireless cracking included. This is a myth, but it is very prevalent. Large corporations are where the money and sensitive data are. However, every experienced attacker first looks after his or her own safety in regards to future legal responsibility, so he or she would start by looking for an easy target for anonymous access. At the same time, an inexperienced cracker goes for anything "crackable" without considering whose network it is and what its purpose is.


Large businesses usually have (or should have) trained security personnel, and a well-written and followed corporate security policy, as well as specific security equipment. This obviously increases the chances of discovering who the attackers are. In smaller companies and home networks many wireless attacks happen undetected and unmentioned until it is too late. Reinforcing the myth, however, the media pays attention to break-ins into major companies, thus creating an impression that smaller networks are of little interest for the underground.


Chapter 10). However, compatibility and interoperability issues can be a serious obstacle to deploying these solutions on large wireless networks that run legacy protocols (and probably using legacy wireless hardware). It is likely that such networks running DECnet or Banyan Vines will end up relying on static 128-bit (or 64-bit) WEP keys for security (the alternative is to drop that VAX and begin a new life). At the same time, the protocols in question are very chatty and constantly generate wireless traffic, even when no user activity on the network takes place. As described in Chapter 8, chatty network protocols (including IPX and AppleTalk) are WEP crackers' best friends.


Turning from large businesses and organizations to smaller enterprises and even home user networks, a common error is to consider them to be off the crackers "hit list" because they are "not interesting" and have "low value" for an attacker. At many business meetings we were told that "your services are not needed for our small company because the company does not handle any sensitive data or perform financial transactions online." Later on the very same people were inquiring about incident response and recovery services. The reasons wireless crackers would attack small business and home networks were already listed and are quite clear to anyone in the IT security field: anonymous access, low probability of getting caught, free bandwidth, and the ease of breaking in. Specific issues pertaining to wireless security in the small enterprise 802.11 LANs include the following:



The prevalence of a sole overloaded system administrator unfamiliar with wireless networking or the frequent absence of any qualified system administrator.



The use of low-end, cheap wireless equipment with limited security features (unless you deal with Open Source, you get what you pay for).



The absence of a centralized authentication server.



The absence of wireless IDS and centralized logging system.



The absence of a wireless security policy.



Insufficient funds to hire a decent wireless security auditor or consultant.




Although many would not expect the widespread use of wireless networks in the small business sector, this assumption is wrong. Frequently, WLAN deployment is a crucial money saver for a limited-size enterprise. Although wireless client cards and access points still cost more than Ethernet network interface cards and switches, the costs of cabling are often prohibitive for a small business. Whereas large enterprises usually have their buildings designed and built with Cat 5 or even fiber cables installed, smaller businesses often use older buildings not suitable for extensive network cabling. We have found that in central London many small and medium companies must resort to 802.11 because their offices are based in designated conservation buildings. Thus, the need to use wireless networks combined with a lack of resources for hardening these networks creates a great opportunity for wireless crackers that attack small enterprise WLANs.


It is interesting to mention that when it comes to the use of basic wireless security countermeasures such as WEP, we saw that home networks tend to use WEP more frequently than many WLANs at small businesses and even larger enterprises. The rationale is probably the involved users' interest and attention to their own network and data protection as compared to the "we do not have a problem" approach to WLANs at the workplace exhibited by many corporate business users and, unfortunately, some system administrators and network managers. On the other hand, the majority of the "default SSID + no WEP combination" WLANs are also home user networks.



/ 174