Introduction

"Friday night is "make-it". After the meeting we slip away into the darkness , the cold night flogging us with a primal urgency. Tonight we hack Dallas .

Crouched in a tricked-out SUV ”ebony with tinted windows ”the bizarre array of protruding antennas makes us a giant insect. We crawl along the Richardson Telecom Corridor, our faces deathly pallid in the glow of a laptop. It starts immediately, the walls of network security melting around us like ice. Within moments, the largest networks fly open. Nortel ”28 access points ”all wide open . Driving a little farther, our antenna starts to hum. Fujitsu, Ericsson, Alcatel hundreds of unsecured portals streaming down our laptop in a torrent. A few are encrypted, albeit weakly , but most are bereft of even a password. And we know that they are ours. And we feel ourselves rising , towering above these buildings of steel and glass, and like gods we look down on them in scorn and pity. And then we enter "

” ”Reprinted with permission from www.dallascon.com

The first time we presented this subject was at the DallasCon Wireless Security Conference (www.dallascon.com). We were stunned by the response. The conference attendees included IT managers, network administrators, law enforcement, military officers, and hackers, from ages 18 to 63. The audience was enraptured by the wireless security talks, and most stayed for the entire 16 straight hours of lectures. Upon being surveyed, a staggering 98% of them said they would return to hear the exact same lectures again.

After the conference venue kicked us out at midnight, many followed us to a local coffee shop, where we continued teaching until close to dawn. Since that fateful night, the attendees (many of whom have since become close friends ) have hounded us for any written material we could spare. This convinced us of the urgency for a printed reference on the subject.

This book is an answer to that urgency. This is the most practical guide to wireless security ever written, bar none. However, this book does not disparage any of the other excellent texts on the subject. In fact, the author of a competing wireless security book was kind enough to be our technical reviewer. Thus, we encourage other wireless security books as complementary. However, if you really want to learn how to war drive, then read this book first. If you do not audit your own wireless network very soon, then someone else will do it for you ”with malicious intent.

Above all else, this is meant to be a "practical" book. Although there is plenty of theory in here for the hobbyist, the emphasis in this book is where the rubber meets the road. We start with theory, but quickly implement it using practical examples and real-world applications. After reading this book, you will know exactly how to lock down your wireless networks, step-by-step. Although the technical level is advanced, examples and case studies facilitate the material.

This book is targeted toward the security consultant, network administrator, IT manager, and "ethical" hacker. The text assumes basic experience with networking in either Windows or Linux. No prior wireless security experience is required. The level of material will appeal to the intermediate to expert practitioner.

The book is divided into the following main sections:

• Part I: Wireless Fundamentals ” An introduction that includes wireless programming and WEP theory.

• Part II: Wireless Threats ” A cookbook for attacking and cracking your own wireless networks for self-defense; includes airborne viruses.

• Part III: Tools of the Trade ” A detailed and comprehensive review of the best wireless security tools, including step-by-step instructions for implementation.

• Part IV: Wireless Security ” A guide to locking down your wireless networks; this includes WLANs, 3G wireless PKI, and WAP.

For those who still doubt the perilous state of wireless security, consider the findings of one researcher who went war driving in Alexandria, VA and found a vulnerability at the Defense Information Systems Agency (DISA) headquarters. DISA, which houses the Defense Department's Global Network Operations Center and Computer Emergency Response Team, was using a wireless LAN to control the security cameras in its front yard ”without using even the most basic WEP encryption.