IN THIS CHAPTER
Now that you have had a look at the tools, techniques, and methods that hackers and security auditors use to penetrate or test wireless networks, it is time to put all of these ideas together. This chapter will outline the general steps an attacker might take to hack both your wireless network and the wired network beyond. The target will be a test network that we have set up just for this illustration. In other words, until a law as jejune and ludicrous as the DMCA applies to auditing, we are fully within legal and moral boundaries to perform these actions as it is our own equipment and bandwidth . The purpose of this is to provide an example as close to real life as possible. In this way, you will hopefully get some useful and practical knowledge as to how this might occur in the "real" world.
You should not perform these tests on a network for which you are not responsible, and for which you have not been given prior written permission to probe.
Both hackers and careful security auditors perform the same steps when attempting to gain access to a system. These steps include the following:
Each step is typically performed in the order listed, although the target and the skill of the person attempting the hack determine the degree and length of each stage. In other words, a script kiddie attempting to find zombies for a distributed denial-of-service attack will spend a few seconds attempting to define the goal and in finding computers vulnerable to an attack. This is because they tend to use automated tools that scan several hundred computers at a time, looking for an open computer. A script kiddie typically will not select a specific target. Instead, the target will simply be the one computer in a list of 200 that has a particular weakness or vulnerability.
On the other hand, a security auditor will have a defined goal and spend hours, if not days or weeks, probing and investigating the target to find the one hole that will permit access. The security auditor has a completely different method of attack, mainly because the goal is to perform a service, instead of finding potential computers to exploit for personal gain. This chapter will take a look at how both groups attack a wireless network, and how you can defend against it.