Hacking Exposed Wireless: Wireless Security Secrets & Solutions [Paperback]

Johnny Cache (Author), Vincent Liu (Author)

Book Description

ISBN-10: 0072262583 | ISBN-13: 978-0072262582 | Publication Date: March 26, 2007 | Edition: 1

Secure Your Wireless Networks the Hacking Exposed Way

Defend against the latest pervasive and devastating wireless attacks using the tactical security information contained in this comprehensive volume. Hacking Exposed Wireless reveals how hackers zero in on susceptible networks and peripherals, gain access, and execute debilitating attacks. Find out how to plug security holes in Wi-Fi/802.11 and Bluetooth systems and devices. You'll also learn how to launch wireless exploits from Metasploit, employ bulletproof authentication and encryption, and sidestep insecure wireless hotspots. The book includes vital details on new, previously unpublished attacks alongside real-world countermeasures.

• Understand the concepts behind RF electronics, Wi-Fi/802.11, and Bluetooth
• Find out how hackers use NetStumbler, WiSPY, Kismet, KisMAC, and AiroPeek to target vulnerable wireless networks
• Defend against WEP key brute-force, aircrack, and traffic injection hacks
• Crack WEP at new speeds using Field Programmable Gate Arrays or your spare PS3 CPU cycles
• Prevent rogue AP and certificate authentication attacks
• Perform packet injection from Linux
• Launch DoS attacks using device driver-independent tools
• Exploit wireless device drivers using the Metasploit 3.0 Framework
• Identify and avoid malicious hotspots
• Deploy WPA/802.11i authentication and encryption using PEAP, FreeRADIUS, and WPA pre-shared keys

Editorial Reviews

About the Author

<

Johnny Cache received his Masters in Computer Science from the Naval Postgraduate School in 2006. His thesis work, which focused on fingerprinting 802.11 device drivers, won the Gary Kildall award for the most innovative computer science thesis. Johnny wrote his first program on a Tandy 128K color computer sometime in 1988. Since then he has spoken at several security conferences including BlackHat, BlueHat, and ToorCon. He has also released a number of papers related to 802.11 security, and is the author of many wireless tools. Most of his wireless utilities are included in the Airbase suite, available at 802.11mercenary.net.

Vincent Liu , CISSP is the Managing Director at Stach & Liu, a professional services firm providing IT security consulting to the Fortune 500, national law firms, and global financial institutions. Before founding Stach & Liu, Vincent led the Attack & Penetration and Reverse Engineering teams for the Global Security unit at Honeywell International. Prior to that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency. Vincent is a developer for the Metasploit Project and an experienced speaker, having presented his research at conferences including BlackHat, ToorCon, and Microsoft BlueHat. Vincent has been published in interviews, journals, and books with highlights including: Penetration Tester’s Open Source Toolkit; Writing Security Tools and Exploits; Sockets, and Shellcode, Porting, and Coding. Vincent holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology.

Product Details

• Paperback: 386 pages
• Publisher: McGraw-Hill Osborne Media; 1 edition (March 26, 2007)
• Language: English
• ISBN-10: 0072262583
• ISBN-13: 978-0072262582
• Product Dimensions: 9.3 x 7.3 x 1 inches
• Shipping Weight: 1.5 pounds
• Average Customer Review: 4.0 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #892,668 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

13 of 15 people found the following review helpful:

3.0 out of 5 stars Doesn't live up to the Hacking Exposed reputation, September 22, 2007

By 

Chris Gates (NoVA, USA) - See all my reviews

This review is from: Hacking Exposed Wireless: Wireless Security Secrets & Solutions (Paperback)

I have a ton of those red covered books on the book shelf. The Hacking Exposed series has been good to me and good to every person trying to learn security. So, I was excited to have my new green covered Hacking Exposed Wireless book show up at the house so I could learn some wireless hacking. The first 60 pages or so of background technical content is interesting but not totally necessary to get going with the topic. I do realize to be a good "hacker" you need to understand the technology, but the other HE's have been able to balance giving us the background and still able to use the tools for some hacking action.

I felt that once we finally got into the technical content (starts with 802.11 discovery) that they talked around topics but really didn't cover how to actually "do" anything. There isn't much to running kismet after configuring the one or two lines of the conf file. Then its a simple #kismet or $sudo kismet and it runs. Netstumbler is even easier since you have GUI to help you out and its on Windows and same same with KisMAC on OS X.

The cracking WEP section starts out with saying use an old kernel and the madwifi-old drivers. That may have been great advice when the book was published but it is certainly not useful for the average user today especially since it appears the bugs have been worked out of the new madwifi driver and aircrack-ng. (We do have to take into account that I read the book in Sep 07 and it was published in March 07). The section on using aircrack to break WEP on linux on pages 180-182 was decent but certainly not anything you cant get on the aircrack-ng homepage. A little more content on how we do fake authentication attempts and then why and how we have aireplay send our ARP packets would have been nice. The current version of aireplay when you run that capture makes you pick which capture we want to use, since they don't cover what packet to use it may be difficult for the person following along. The shell of the instructions are there, but the details are missing.
The opportunity to shine by talking about the Fragmentation and ChopChop attacks is devoid of actually using aircrack-ng or other tools to launch the attacks, so it falls short.

The Hacking Hotspots section (CH 9) looked to be the redeeming section at first glance but much like the WEP cracking section is lacking any useful screenshots or how to use any of the tools they mention. The most frustrating part was the author telling us how they have a slick SSH set up to use public hotspots but provides no information on how to set up one of our own. The tunneling using ozymanDNS attack gives no useful information on how to use the tool, the billing attacks section gives no useful information either. While I understand its illegal to steal wifi, if you aren't going to actually cover it, don't bother talking all around it. The client attack section consisted of installing nmap and nessus and running it against clients on the LAN. That section was the perfect set up to really cover KARMA in-depth, sadly a missed opportunity.

The bluetooth section (CH 10) that looks to be written by Kevin Finisterre was excellent and met the high standards previous HE books set. He walks us through a fictional scenario with real code and explains how we can use the code to exploit bluetooth vulnerabilities on OSX and gives us the link to the code :-)

Overall I was disappointed in the book which is unfortunate because the authors are known to be very knowledgeable and skilled people in the security industry. It can be a good reference on wifi background and hardware if you need one but it falls a bit short IMO of being as useful as some of the other HE titles.

7 of 8 people found the following review helpful:

4.0 out of 5 stars Current Info On Wireless Network Security, June 11, 2007

By 

Tony Bradley "s3kur3" (Houston, TX) - See all my reviews
(VINE VOICE)   

This review is from: Hacking Exposed Wireless: Wireless Security Secrets & Solutions (Paperback)

Maybe it's just me, but it seems like the Hacking Exposed series was in an extended hiatus. It has emerged with a vengeance. Hacking Exposed - Wireless is just one of a series of new Hacking Exposed books and there are more to come throughout the coming months.

While it has been a while since there were new Hacking Exposed books, it seems like it has been even longer since we have had a new book on wireless network security. A topic as rapidly changing and evolving as wireless network technology and security needs updates and new contributions frequently to keep readers informed.

Cache and Liu do a respectable job of bringing the latest and greatest wireless attacks and security measures to the reader. The first chunk of the book- the first 3 chapters- are dedicated to providing a sort of overview of wireless technology and the history or evolution of network communication via RF, but then the book gets down to business.

The authors discuss how to enumerate and identify targets, and how to attack wireless networks, including ways to attack networks 'protected' with WPA encryption. Further into the book, they also provide coverage of wireless security in public hotspots, and a chapter on Bluetooth security.

Hacking Exposed - Wireless covers how attackers use various tools such as Kismet or Airopeek to identify vulnerable wireless networks, and how the Metasploit 3.0 Framework can be used to exploit and attack wireless networks. It also discusses packet injection and DoS (denial-of-service attacks).

Overall, I think the book covers the information well. It provides a good amount of detail about the flaws and weaknesses of wireless networking that can be exploited, and also instructs the reader on security countermeasures to defend against such attacks. Being the most current available also makes this book a must read.

7 of 8 people found the following review helpful:

4.0 out of 5 stars Solid but not exceptional, May 6, 2007

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Hacking Exposed Wireless: Wireless Security Secrets & Solutions (Paperback)

When I read and reviewed Wi-Foo: The Secrets of Wireless Hacking three years ago, I was really impressed. Wi-Foo is obviously showing its age now, but a second edition is in the works. I was excited to see Hacking Exposed: Wireless (HE:W), green cover and all, because I hoped it would be just as good as Wi-Foo but covering newer topics. Overall I think the next Wi-Foo will be better than HE:W, but HE:W is currently the most up-to-date book on wireless security available.

Most readers can avoid the first 60 pages or so of HE:W. It seems the different authors wrote the first two chapters, and I doubt most of us need radio, cryptography, and other history lessons. This is supposed to be a Hacking Exposed book, which should mean introducing technologies with a security spin and hands-on exercises from the first page onward. If you want to really understand wireless, read 802.11 Wireless Networks: The Definitive Guide, 2nd Ed by Matthew S Gast, which was my 2006 book of the year.

HE:W begins to be interesting on p 61 with a discussion of "802.11 Packet Types." From this point forward the authors share many unique insights which are either obscure or not well covered elsewhere. I appreciated reading items like the fact that all access points on a channel should honor frames with CTS bits set -- even if the APs belong to different enterprises. Chapter 6 offered great insights on wireless zero configuration in Windows. The authors also demonstrate a powerful ability to explain the workings of various complex security technologies and their weaknesses, e.g., PEAP certificate failure attacks in chapter 7. Chapter 10 offered a story similar to that found in Syngress' Stealing the Network series, where an obsessed hacker exploits Bluetooth on a woman's Mac laptop.

I recommend reading HE:W if you want a modern treatment of wireless security issues. The authors cover many aspects of up-to-date features and weaknesses of wireless technologies, although the focus is mostly 802.11. While I liked the story in chapter 10, I would have also enjoyed reading more traditional HE coverage of Bluetooth outside the story format. Overall I think Wi-Foo II (arriving in November) will be the book to beat. If you can't wait that long, I recommend reading HE:W.