This Chapter introduces you to the world of wireless communication. Wireless communication plays a big role in most people's livesfrom cell phones, satellite TV, to data communication. Most of you probably use a cordless phone at your house or wireless Internet at the local coffee shop. Do you ever think about the security of these systems after the information leaves the local device? Your next door neighbor might be listening to your cordless phone calls with a UHF scanner, or the person next to you at the coffee shop might be sniffing your wireless connections to steal credit card numbers, passwords, or other information. Securing wireless communication is an important aspect of any security professional's duties. During an ethical hack or pen test, you might be asked to examine the types of wireless communications that the organization uses. You might even find that although the company doesn't officially use wireless networks, employees might have deployed them without permission.
After starting the Chapter with a brief discussion of the different types of wireless devices, wireless LANs are examined. For the exam, you need to know the basic types of wireless LANs that the standard wireless networks are built to, the frequencies they use, and the threats they face. The original protection mechanism that was developed for wireless networks was Wired Equivalent Privacy (WEP). It is introduced, and its vulnerabilities are discussed. Next, WEP's replacement is reviewed. It is called 802.11i or Wi-Fi protected access 2 (WPA2). See the improvements it has over WEP. Knowing the primary protection schemes of wireless networks isn't enough to ace the exam, so we turn our attention to the ways you can secure wireless by building defense in depth. Finally, some of the more popular wireless hacking tools are examined.
Wireless TechnologiesA Brief History |
Part I: Exam Preparation
The Business Aspects of Penetration Testing
The Technical Foundations of Hacking
Footprinting and Scanning
Enumeration and System Hacking
Linux and Automated Security Assessment Tools
Trojans and Backdoors
Sniffers, Session Hijacking, and Denial of Service
Web Server Hacking, Web Applications, and Database Attacks
Wireless Technologies, Security, and Attacks
IDS, Firewalls, and Honeypots
Buffer Overflows, Viruses, and Worms
Cryptographic Attacks and Defenses
Physical Security and Social Engineering
Part II: Final Review
Part III: Appendixes
Appendix A. Using the ExamGear Special Edition Software