You are previewing Wireless Network Security: A Beginner’s Guide.
O'Reilly logo
Wireless Network Security: A Beginner’s Guide

Book Description

Security Smarts for the Self-Guided IT Professional

Protect wireless networks against all real-world hacks by learning how hackers operate. Wireless Network Security: A Beginner's Guide discusses the many attack vectors that target wireless networks and clients--and explains how to identify and prevent them. Actual cases of attacks against WEP, WPA, and wireless clients and their defenses are included.

This practical resource reveals how intruders exploit vulnerabilities and gain access to wireless networks. You'll learn how to securely deploy WPA2 wireless networks, including WPA2-Enterprise using digital certificates forauthentication. The book provides techniques for dealing with wireless guest access and rogue access points. Next-generation wireless networking technologies, such as lightweight access points and cloud-based wirelesssolutions, are also discussed. Templates, checklists, and examples give you the hands-on help you need to get started right away.

Wireless Network Security: A Beginner's Guide features:

• Lingo--Common security terms defined so that you’rein the know on the job

• IMHO--Frank and relevant opinions based on theauthor's years of industry experience

• In Actual Practice--Exceptions to the rules of security explained in real-world contexts

• Your Plan--Customizable checklists you can use onthe job now

• Into Action--Tips on how, why, and when to applynew skills and techniques at work

Table of Contents

  1. Cover 
  2. About the Author
  3. Copyright
  4. Dedication
  5. Contents 
  6. Acknowledgments
  7. Introduction
  8. Part I Wireless Foundations
    1. 1 Introduction to the Wireless Security Mindset
      1. What You Will Learn
      2. Security 101: The 11 Security Principles
        1. Principle 1: Security Versus Convenience
        2. Principle 2: It Is Impossible to Eliminate All Risks
        3. Principle 3: Rules of Risk Calculation and Mitigating Controls
        4. Principle 4: Not All Risks Must Be Mitigated
        5. Principle 5: Security Is Not Just Keeping the Bad Guys Out
        6. Principle 6: ROI Doesn’t Work for Security
        7. Principle 7: Defense In Depth
        8. Principle 8: Least Privilege
        9. Principle 9: CIA Triad
        10. Principle 10: Prevention, Detection, Deterrents
        11. Principle 11: Prevention Fails
      3. Wireless Networking Basics
        1. 802.11a/b/g/n
        2. Access Points
        3. Autonomous vs. Controller Based
        4. SSID, BSSID, MAC Address
        5. Beacons and Broadcasts
        6. Associating and Authenticating
        7. Encryption
    2. 2 Wireless Tools and Gadgets
      1. A Lab of Your Own
      2. Client Devices
        1. Phones
        2. Printers
      3. Access Points
        1. DD-WRT
        2. WRT54G
        3. Apple Airport Express
        4. Mini Access Points
        5. Mobile Hotspots
        6. Smartphones
        7. Enterprise-Grade Access Points
      4. Antennas
        1. Types of Antennas
      5. Gadgets
        1. GPS
        2. Smartphones and PDAs
        3. Pocket Wireless Scanners
        4. Spectrum Analyzer
      6. Operating System of Choice
  9. Part II Know Thy Enemy
    1. 3 Theory of Attacks on Wireless Networks
      1. Setting the Stage
        1. Wireless Reconnaissance
        2. SSID Decloaking
        3. Passive Packet Captures
        4. Store and Crack at Your Convenience
        5. Man-in-the-Middle Attacks
        6. MITM—OK, Now What?
      2. Authentication
        1. WEP Authentication
      3. Encryption
        1. Stream Ciphers vs. Block Ciphers
      4. How WEP Works
        1. History of Breaking WEP
        2. Attacking WEP Encrypted Networks
      5. How WPA Works
        1. WPA-PSK
        2. WPA-Enterprise
        3. WPA2 Encryption Algorithms
        4. Attacking WPA Protected Networks
        5. So What Should I Use?
    2. 4 Attacking Wireless Networks
      1. Wireless Reconnaissance
        1. The iwlist Command
        2. Kismet
        3. Kismac
        4. Wardrive
        5. Netstumbler
      2. Actively Attacking Wireless Networks
        1. Cracking WEP Encryption
        2. Cracking a WPA Passphrase
    3. 5 Attacking Wireless Clients
      1. Wireless World
        1. Wireless Client Vulnerabilities
        2. Factors That Exacerbate Wireless Client Vulnerabilities
      2. Wireless Reconnaissance
        1. Kismet
        2. Airodump
      3. Sniffing Insecure Communications
        1. Capturing Packets
        2. Can We Force the Client to Talk to Us?
        3. Creating a Linux Access Point
        4. Forcing the Client to Talk to Us
      4. Default Operations
      5. Man-in-the-Middle Attacks
        1. DNS Spoofing
        2. Fake Webauth
        3. SSL MITM
        4. SSL Stripping
        5. Fake AV Updates
  10. Part III Real-World Wireless Security Defenses
    1. 6 Theory of Defense for Securing Wireless Networks
      1. Setting the Stage
        1. Context
        2. Reality
        3. The Attacker Has the Advantage
      2. Phases of Wireless Deployment
        1. New Deployments
        2. Existing Wireless Networks
        3. Wireless Refresh
      3. Secure Design Principles for Wireless Networks
        1. Defense In Depth
        2. Least Privilege
        3. Network Segmentation
        4. Wireless Assessments
        5. Secure the Infrastructure
        6. Rogue AP Detection
        7. Physical Security
        8. Change the Default Configurations
        9. Due Diligence
        10. Confidentiality Integrity Availability (CIA)
      4. Useless Defenses
        1. Faraday Cage
        2. MAC Filtering
        3. SSID Cloaking
        4. WEP
        5. WEP Cloaking
      5. Good Wireless Defenses
        1. Firewalls
        2. Routers
        3. Switches
        4. Intrusion Detection Systems and Intrusion Prevention Systems
        5. Wireless Intrusion Detection and Intrusion Prevention Systems
        6. Honeypots
        7. Web Authentication Gateways
    2. 7 Understanding the WPA2-Enterprise with Certificates Architecture
      1. Introduction to WPA2-Enterprise with Digital Certificates
      2. Public Key Infrastructure and Digital Certificates
        1. Public Key Cryptography: Asymmetric Encryption Algorithms
        2. Digital Certificates
        3. Microsoft Certificate Services
      3. Remote Authentication Dial-In User Service
      4. 802.1x: Port-Based Access Control
        1. RADIUS and 802.1x
      5. WPA Enterprise Architecture
    3. 8 Deploying a WPA-Enterprise Network with Certificates
      1. Install and Configure the Certification Authority
        1. Install Active Directory Certificate Services
        2. Configure the Certificate Template and Auto-Enrollment
        3. Allow Pre-logon Authentication
      2. Configure the RADIUS Server
      3. Configure the Wireless Access Point
        1. Authenticate to the Wireless Network
    4. 9 Deploying Secure Wireless Networks
      1. WPA2-Enterprise Wireless Networks
        1. Configure the Network Policy Server (RADIUS)
        2. Configure the Wireless Access Point
        3. Configure the Wireless Client
      2. Troubleshooting PEAP Authentication
        1. Troubleshooting RADIUS Authentication
      3. Securing Your Wireless Network
      4. Segmenting Wireless Networks
        1. Restricting Users
        2. Restricting Time
        3. Restricting Network Subnets and TCP Ports
    5. 10 Handling Wireless Guest Access
      1. Guest Networks and Internet Access
      2. Authenticating Guest Users and Managing Guest Credentials
        1. Using Captive Web Portals
        2. Guest Users Only
        3. Encrypting Traffic
        4. Using Auto-Expiring Credentials
      3. Allowing Secure Access to Internal Resources
        1. Authenticating Consultants
        2. Segmenting Guest Wireless Networks from Internal Networks
        3. DMZ with Jump Stations
        4. Virtual Private Networking
    6. 11 Handling Rogue Access Points and the Future of Wireless Security
      1. Handling Rogue Access Points
        1. Preventing Rogue Wireless Networks
        2. Manually Detecting Rogue Wireless Networks
        3. Tracing Malicious Rogue Access Points
        4. Handling Rogue Access Points
        5. Automated Detection of Rogue Wireless Networks
      2. Other Wireless Technologies
      3. Next-Gen Solutions
        1. Lightweight Wireless Solutions
        2. Cloud-based Wireless Solutions
        3. Dedicated Wireless IDS
      4. Client Protection
        1. User Education
        2. Technical Solutions for Endpoint Security
        3. Group Policy Objects
  11. A Introduction to Linux: The Wireless Engineer’s Operating System of Choice
    1. The Linux Operating System
      1. BackTrack: Our Linux Distribution of Choice
      2. Downloading and Burning BackTrack
      3. Booting BackTrack from a USB Drive
      4. Booting to BackTrack
    2. The Gnome Graphical Environment
    3. Basic Linux Commands
      1. Understanding the Linux Shell
      2. Running Commands
      3. Getting Help with Linux Commands
    4. Navigating the Linux File System
    5. Installing Software on BackTrack
      1. Basic User Administration
    6. Basic Networking Configuration
      1. Understanding Linux File Permissions
      2. Basic Scripting
    7. Conclusion
  12. Glossary
  13. Index