ebook img

Hacking Wireless Networks For Dummies (For Dummies (Computer/Tech)) PDF

379 Pages·2005·8.08 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Hacking Wireless Networks For Dummies (For Dummies (Computer/Tech))

01_597302 _ffirs.qxd 8/4/05 7:08 PM Page i Hacking Wireless Networks FOR DUMmIES ‰ by Kevin Beaver and Peter T.Davis Foreword by Devin K.Akin Chief Technology Officer, The Certified Wireless Network Professional (CWNP) Program 01_597302 _ffirs.qxd 8/4/05 7:08 PM Page ii Hacking Wireless Networks For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks:Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REP- RESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CON- TENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CRE- ATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CON- TAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FUR- THER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFOR- MATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. For general information on our other products and services, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit www.wiley.com/techsupport. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Control Number: 2005924619 ISBN-13: 978-0-7645-9730-5 ISBN-10: 0-7645-9730-2 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1O/ST/QY/QV/IN 01_597302 _ffirs.qxd 8/4/05 7:08 PM Page iii About the Authors Kevin Beaver is founder and information security advisor with Principle Logic, LLC, an Atlanta-based information-security services firm. He has over 17 years of experience in the IT industry and specializes in information security assessments for those who take security seriously — and incident response for those who don’t. Before starting his own information-security services business, Kevin served in various information-technology and secu- rity roles for several healthcare, e-commerce, financial, and educational institutions. Kevin is author of Hacking For Dummiesas well as the e-book The Definitive Guide to Email Management and Security(Realtimepublishers.com). In addi- tion, Kevin co-authored The Practical Guide to HIPAA Privacy and Security Compliance(Auerbach Publications). He was also a contributing author and editor of Healthcare Information Systems, 2nd ed., (Auerbach Publications), and technical editor of Network Security For Dummies. Kevin is a regular columnist and information-security expert for SearchSecurity. com, SearchWindowsSecurity.com, SearchNetworking.com, SearchExchange. com, and SearchSmallBizIT.com. He also serves as a contributing editor for HCPro’s Briefings on HIPAA newsletter and is a Security Clinic Expert for ITsecurity.com. In addition, Kevin’s information-security work has been published in Information Security Magazine, SecurityFocus.com, and Computerworld.com. Kevin is an information-security instructor for the Southeast Cybercrime Institute, and frequently speaks on information security at various conferences for CSI, TechTarget, IIA, SecureWorld Expo, and the Cybercrime Summit. Kevin earned his bachelor’s degree in Computer Engineering Technology from Southern Polytechnic State University and his master’s degree in Management of Technology from Georgia Tech. He also holds MCSE, Master CNE, and IT Project+ certifications. Kevin can be reached at [email protected]. Peter T. Davis (CISA, CMA, CISSP, CWNA,CCNA, CMC, CISM) founded Peter Davis+Associates (a very original name) as a firm specializing in the security, audit, and control of information. A 30-year information-systems veteran, Mr. Davis’s career includes positions as programmer, systems analyst, security administrator, security planner, information-systems auditor, and consultant. Peter is also the founder (and past President) of the Toronto ISSA chapter, past Recording Secretary of the ISSA’s International Board, and past Computer Security Institute Advisory Committee member. Mr. Davis has written or co-written numerous articles and 10 books, including Wireless Networks For Dummiesand Securing and Controlling Cisco Routers. In addition, Peter was 01_597302 _ffirs.qxd 8/4/05 7:08 PM Page iv the technical editor for Hacking For Dummiesand Norton Internet Security For Dummies. Peter is listed in the International Who’s Who of Professionals. In addition, he was only the third editor in the three-decade history of EDPACS, a publication in the field of security, audit, and control. He finds time to be a part-time lecturer in data communications at Seneca College (http://cs.senecac.on.ca). He lives with his wife Janet, daughter Kelly, two cats, and a dog in Toronto, Ontario. Dedication Little G — this one’s for you. You’re such a great motivator and inspiration to me — more than words can say. Thanks for reminding me of what’s really important. Thanks for being you. —Kevin To all my friends and enemies. Hopefully, the first group is bigger than the second. —Peter Authors’ Acknowledgments Kevin: Thanks to Melody Layne, our acquisitions editor, for approaching me about this project and getting the ball rolling. I’d like to thank our project editor, Chris Morris, as well as Kevin Kirschner and all the behind-the-scenes copy editors for pulling this thing together. Many thanks to my co-author Peter T. Davis for working with me on this book. It has been an honor and a pleasure. I’d also like to thank Hugh Pepper, our technical editor, for the feedback and insight he gave us during the technical editing process. Also, many thanks to Devin Akin with Planet3 Wireless for writing the fore- word. Major kudos too for all the positive things you’ve done for the industry with the CWNP program. You’re a true wireless network pioneer. Many thanks to Ronnie Holland with WildPackets, Chia Chee Kuan with AirMagnet, Michael Berg with TamoSoft, Matt Foster with BLADE Software, Ashish Mistry with AirDefense, and Wayne Burkan with Interlink Networks for helping out with my requests. 01_597302 _ffirs.qxd 8/4/05 7:08 PM Page v Thanks, appreciation, and lots of love to Mom and Dad for all the values and common sense you instilled in me long ago. I wouldn’t be where I’m at today without it. Finally, to my dear wife Amy for all her support during this book. Yet another one I couldn’t have done without you! You’re the best. Peter: Melody Layne (our acquisitions editor) for pitching the book to the editorial committee and getting us a contract. As always, much appreciated. Chris Morris for helping us bring this project to fruition. Kudos, Chris. Hugh Pepper, tech editor, for his diligence in reviewing the material. Thanks, Hugh, for stepping in and stepping up. Peter would like to thank Kevin Beaver for suggesting we write this together. Thanks Kevin. Peter would also like to thank Ken Cutler, Gerry Grindler, Ronnie Holland, Carl Jackson, Ray Kaplan, Kevin Kobelsky, Carrie Liddie, Dexter Mills Jr. and Larry Simon for responding to a request for wireless infor- mation. Thanks for answering the call for help. And a really big shout-out to John Selmys and Danny Roy for their efforts. Thanks, guys. The provided information shows in this book. Peter would be remiss should he not thank the NHL and NHLPA for canceling the hockey season. Thanks for freeing up his time to write this book. But the book is done, so get it together so he has something to watch this fall! (Come on guys, the Raptors don’t quite fill the void.) A special thanks to Janet and Kelly for allowing Peter to work on the book as they painted the family room. Now he can kick back and enjoy the room! 01_597302 _ffirs.qxd 8/4/05 7:08 PM Page vi Publisher’s Acknowledgments We’re proud of this book; please send us your comments through our online registration form located at www.dummies.com/register/. Some of the people who helped bring this book to market include the following: Acquisitions, Editorial, Composition Services and Media Development Project Coordinator: Adrienne Martinez Project Editor:Christopher Morris Layout and Graphics: Carl Byers, Andrea Dahl, Acquisitions Editor:Melody Layne Mary Gillot Virgin Copy Editors:Barry Childs-Helton, Proofreaders: Jessica Kramer, Joe Niesen, Andy Hollandbeck, Beth Taylor Carl William Pierce, Dwight Ramsey, TECHBOOKS Production Services Technical Editor:Hugh Pepper Indexer: TECHBOOKS Production Services Editorial Manager:Kevin Kirschner Editorial Assistant:Amanda Foxworth Cartoons:Rich Tennant (www.the5thwave.com) Publishing and Editorial for Technology Dummies Richard Swadley,Vice President and Executive Group Publisher Andy Cummings,Vice President and Publisher Mary Bednarek,Executive Acquisitions Director Mary C. Corder,Editorial Director Publishing for Consumer Dummies Diane Graves Steele,Vice President and Publisher Joyce Pepple,Acquisitions Director Composition Services Gerry Fahey,Vice President of Production Services Debbie Stailey,Director of Composition Services 02_597302_ftoc.qxd 8/4/05 7:28 PM Page vii Contents at a Glance Foreword ..................................................................xvii Introduction ................................................................1 Part I: Building the Foundation for Testing Wireless Networks .......................................7 Chapter 1: Introduction to Wireless Hacking .................................................................9 Chapter 2: The Wireless Hacking Process ....................................................................19 Chapter 3: Implementing a Testing Methodology .......................................................31 Chapter 4: Amassing Your War Chest ...........................................................................43 Part II: Getting Rolling with Common Wi-Fi Hacks .......65 Chapter 5: Human (In)Security ......................................................................................67 Chapter 6: Containing the Airwaves .............................................................................81 Chapter 7: Hacking Wireless Clients .............................................................................97 Chapter 8: Discovering Default Settings .....................................................................113 Chapter 9: Wardriving ...................................................................................................131 Part III: Advanced Wi-Fi Hacks ................................153 Chapter 10: Still at War .................................................................................................155 Chapter 11: Unauthorized Wireless Devices ..............................................................177 Chapter 12: Network Attacks .......................................................................................195 Chapter 13: Denial-of-Service Attacks .........................................................................225 Chapter 14: Cracking Encryption ................................................................................255 Chapter 15: Authenticating Users ...............................................................................281 Part IV: The Part of Tens ..........................................301 Chapter 16: Ten Essential Tools for Hacking Wireless Networks ............................303 Chapter 17: Ten Wireless Security-Testing Mistakes ................................................307 Chapter 18: Ten Tips for Following Up after Your Testing .......................................321 Part V: Appendixes ..................................................325 Appendix A: Wireless Hacking Resources ..................................................................327 Appendix B: Glossary of Acronyms ............................................................................341 Index.......................................................................347 02_597302_ftoc.qxd 8/4/05 7:28 PM Page ix Table of Contents Foreword ..................................................................xvii Introduction .................................................................1 Who Should Read This Book? ........................................................................2 About This Book ..............................................................................................2 How to Use This Book ....................................................................................2 Foolish Assumptions ......................................................................................3 How This Book Is Organized ..........................................................................3 Part I: Building the Foundation for Testing Wireless Networks ......4 Part II: Getting Rolling with Common Wi-Fi Hacks ............................4 Part III: Advanced Wi-Fi Hacks .............................................................4 Part IV: The Part of Tens .......................................................................5 Part V: Appendixes ................................................................................5 Icons Used in This Book .................................................................................5 Where to Go from Here ...................................................................................6 Part I: Building the Foundation for Testing Wireless Networks .......................................7 Chapter 1: Introduction to Wireless Hacking . . . . . . . . . . . . . . . . . . . . .9 Why You Need to Test Your Wireless Systems ..........................................10 Knowing the dangers your systems face ..........................................11 Understanding the enemy ..................................................................12 Wireless-network complexities ..........................................................14 Getting Your Ducks in a Row .......................................................................15 Gathering the Right Tools ............................................................................16 To Protect, You Must Inspect ......................................................................17 Non-technical attacks .........................................................................17 Network attacks ...................................................................................18 Software attacks ..................................................................................18 Chapter 2: The Wireless Hacking Process . . . . . . . . . . . . . . . . . . . . . .19 Obeying the Ten Commandments of Ethical Hacking ..............................19 Thou shalt set thy goals .....................................................................20 Thou shalt plan thy work, lest thou go off course ..........................21 Thou shalt obtain permission ............................................................21 Thou shalt work ethically ...................................................................22 Thou shalt keep records .....................................................................22 02_597302_ftoc.qxd 8/4/05 7:28 PM Page x x Hacking Wireless Networks For Dummies Thou shalt respect the privacy of others .........................................23 Thou shalt do no harm .......................................................................23 Thou shalt use a “scientific” process ...............................................24 Thou shalt not covet thy neighbor’s tools .......................................24 Thou shalt report all thy findings .....................................................25 Understanding Standards ............................................................................26 Using ISO 17799 ...................................................................................26 Using CobiT ..........................................................................................27 Using SSE-CMM ....................................................................................27 Using ISSAF ...........................................................................................27 Using OSSTMM ....................................................................................28 Chapter 3: Implementing a Testing Methodology . . . . . . . . . . . . . . . . .31 Determining What Others Know .................................................................32 What you should look for ...................................................................32 Footprinting: Gathering what’s in the public eye ............................33 Mapping Your Network .................................................................................35 Scanning Your Systems ................................................................................37 Determining More about What’s Running ..................................................39 Performing a Vulnerability Assessment .....................................................39 Manual assessment .............................................................................40 Automatic assessment ........................................................................40 Finding more information ...................................................................41 Penetrating the System ................................................................................41 Chapter 4: Amassing Your War Chest . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Choosing Your Hardware .............................................................................44 The personal digital assistant ............................................................44 The portable or laptop .......................................................................44 Hacking Software ...........................................................................................45 Using software emulators ...................................................................45 Linux distributions on CD ..................................................................55 Stumbling tools ....................................................................................56 You got the sniffers? ............................................................................56 Picking Your Transceiver .............................................................................57 Determining your chipset ...................................................................57 Buying a wireless NIC ..........................................................................59 Extending Your Range ...................................................................................59 Using GPS .......................................................................................................62 Signal Jamming ..............................................................................................63 Part II: Getting Rolling with Common Wi-Fi Hacks .......65 Chapter 5: Human (In)Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67 What Can Happen .........................................................................................68 Ignoring the Issues ........................................................................................69 02_597302_ftoc.qxd 8/4/05 7:28 PM Page xi xi Table of Contents Social Engineering .........................................................................................70 Passive tests .........................................................................................71 Active tests ...........................................................................................73 Unauthorized Equipment .............................................................................74 Default Settings ..............................................................................................76 Weak Passwords ............................................................................................77 Human (In)Security Countermeasures .......................................................78 Enforce a wireless security policy .....................................................78 Train and educate ...............................................................................79 Keep people in the know ....................................................................79 Scan for unauthorized equipment .....................................................80 Secure your systems from the start ..................................................80 Chapter 6: Containing the Airwaves . . . . . . . . . . . . . . . . . . . . . . . . . . . .81 Signal Strength ...............................................................................................81 Using Linux Wireless Extension and Wireless Tools .......................81 Using Wavemon ...................................................................................87 Using Wscan .........................................................................................88 Using Wmap .........................................................................................88 Using XNetworkStrength ....................................................................88 Using Wimon ........................................................................................88 Other link monitors .............................................................................88 Network Physical Security Countermeasures ...........................................90 Checking for unauthorized users ......................................................90 Antenna type ........................................................................................91 Adjusting your signal strength ..........................................................94 Chapter 7: Hacking Wireless Clients . . . . . . . . . . . . . . . . . . . . . . . . . . .97 What Can Happen .........................................................................................98 Probing for Pleasure .....................................................................................99 Port scanning .......................................................................................99 Using VPNMonitor .............................................................................102 Looking for General Client Vulnerabilities ...............................................103 Common AP weaknesses ..................................................................104 Linux application mapping ...............................................................105 Windows null sessions ......................................................................106 Ferreting Out WEP Keys .............................................................................109 Wireless Client Countermeasures .............................................................111 Chapter 8: Discovering Default Settings . . . . . . . . . . . . . . . . . . . . . . .113 Collecting Information ................................................................................113 Are you for Ethereal? ........................................................................113 This is AirTraf control, you are cleared to sniff ............................114 Let me AiroPeek at your data ..........................................................114 Another CommView of your data ....................................................115 Gulpit ...................................................................................................117 That’s Mognet not magnet ...............................................................119 Other analyzers .................................................................................119

Description:
Most of the Dummies series books are appetite wetters at best and that's where they end. They touch on the advanced things but don't explain enough for you to really fully realize the potential of anything. It's sort of like going into a suntan studio with a 3/4 raincoat on. You might get something
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.