Wi-Foo: The Secrets of Wireless Hacking (Paperback)

by Andrew Vladimirov (Author), Konstantin V. Gavrilenko (Author), Andrei A. Mikhailovsky (Author)

Editorial Reviews

Product Description
"This is an excellent book. It contains the 'in the trenches' coverage that the enterprise administrator needs to know to deploy wireless networks securely." --Robert Haskins, Chief Technology Officer, ZipLink Wi-Foo: The Secrets of Wireless Hacking is the first practical and realistic book about 802.11 network penetration testing and hardening. Unlike other books, it is based on a daily experience of breaking into and securing wireless LANs. Rather than collecting random wireless security news, tools, and methodologies, Wi-Foo presents a systematic approach to wireless security threats and countermeasures starting from the rational wireless hardware selection for security auditing and finishing with how to choose the optimal encryption ciphers for the particular network you are trying to protect.

From the Back Cover
The definitive guide to penetrating and defending wireless networks.

Straight from the field, this is the definitive guide to hacking wireless networks. Authored by world-renowned wireless security auditors, this hands-on, practical guide covers everything you need to attack -- or protect -- any wireless network.

The authors introduce the 'battlefield,' exposing today's 'wide open' 802.11 wireless networks and their attackers. One step at a time, you'll master the attacker's entire arsenal of hardware and software tools: crucial knowledge for crackers and auditors alike. Next, you'll learn systematic countermeasures for building hardened wireless 'citadels''including cryptography-based techniques, authentication, wireless VPNs, intrusion detection, and more.

Coverage includes:

• Step-by-step walkthroughs and explanations of typical attacks
• Building wireless hacking/auditing toolkit: detailed recommendations, ranging from discovery tools to chipsets and antennas
• Wardriving: network mapping and site surveying
• Potential weaknesses in current and emerging standards, including 802.11i, PPTP, and IPSec
• Implementing strong, multilayered defenses
• Wireless IDS: why attackers aren't as untraceable as they think
• Wireless hacking and the law: what's legal, what isn't

If you're a hacker or security auditor, this book will get you in. If you're a netadmin, sysadmin, consultant, or home user, it will keep everyone else out.

See all Editorial Reviews

Product Details

• Paperback: 592 pages
• Publisher: Addison-Wesley Professional (July 8, 2004)
• Language: English
• ISBN-10: 0321202171
• ISBN-13: 978-0321202178
• Product Dimensions: 9 x 6.8 x 1.5 inches
• Shipping Weight: 2.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars See all reviews (20 customer reviews)
• Amazon.com Sales Rank: #41,749 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #25 in	Books > Computers & Internet > Business & Culture > Hacking
  #33 in	Books > Computers & Internet > Web Development > Security & Encryption > Encryption
  #54 in	Books > Computers & Internet > Business & Culture > Privacy

Customer Reviews

Most Helpful Customer Reviews

65 of 69 people found the following review helpful:

5.0 out of 5 stars This is why I didn't cover wireless in my security book!, July 29, 2004

By	Richard Bejtlich "TaoSecurity.com" (Metro Washington, DC) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

'Wi-Foo' is the wireless book the security community needs. The book mixes theory, tools, and techniques in a manner helpful to those on the offensive or defensive side of the wireless equation. After reading 'Wi-Foo,' I'm glad I didn't try to cover similar topics in my 'Tao of Network Security Monitoring' -- these authors have written the definitive wireless 'hacking' text.

Several aspects of 'Wi-Foo' make the book a winner. First, with the exception of crypto topics in chapters 11 and 12, they tend to defer to previously published works rather than rehash old topics. For example, rather than exhaustively explain 802.11i, they refer readers to 'Real 802.11 Security,' an excellent defense-oriented wireless book. 'Wi-Foo' also assumes readers are familiar with TCP/IP and system administration, leaving out potentially redundant material.

Second, the authors demonstrate the degree to which they are plugged in to the wireless hacking community. They discuss developments from security conventions like Def Con, and explain tools and techniques not yet released (at time of writing) from the 'underground.' The number of tools explained by 'Wi-Foo' well exceeds that found in other wireless books, and the authors clearly explain why they prefer certain tools and discard others. This 'use what works' mentality is pervasive and effective, and I was very glad to see BSD tools featured along with the usual Linux suspects. I was particularly impressed by ch 9, where readers learn what to do next after compromising a wireless network. Other books stop at 'cracking WEP,' for example. Ch 4 and 7 also give the best advice I've seen on different aspects of wireless hardware, on a chipset-comparison level.

Finally, the authors complement their advice on wireless vulnerability assessment and penetration testing with sound defensive strategies. Ch 13 explains how to combine FreeRADIUS, open1x, and OpenLDAP to make an open source wireless authentication system. NoCat is discussed as an alternative. I was very happy to see an entire chapter on wireless IDS, especially the layer-based requirements listing. This serves as a good guide when checking the capabilities of commercial wireless IDS products.

The only drawback I see to 'Wi-Foo' is the inclusion of two chapters on crypto (ch 11 and 12). I would have preferred the authors to refer readers elsewhere, perhaps to a book like 'Cryptography Decrypted' or a heavier tome by Schneier or the like. I also noticed slightly rough English in some places, but these did not bother me like other books I've reviewed.

Overall, 'Wi-Foo' is the best book available for wireless assessment teams, explaining tools in an exceptional manner and smashing myths behind which security administrators hide. (Think your wireless network doesn't produce enough packets for WEP to be cracked? Read ch 8.) I'm adding 'Wi-Foo' to my 'Weapons and Tactics' Listmania List, and I recommend readers add this surprise hit to their bookshelves.

26 of 28 people found the following review helpful:

5.0 out of 5 stars Complete Coverage, January 5, 2005

By	Jeff Pike (Mechanicsville, VA United States) - See all my reviews

The first two chapters (20 pages) are introductory. The next two chapters (50 pages) serve as a tutorial on getting wireless cards, drivers, and utilities running on Linux. The next five chapters cover attacks and tools. Details of the attacks are covered in depth. In some cases discussions reference latter chapters where the protocols are discussed in depth. Each took is discussed enough to get the reader started. After that, discovering the details of the tools is left as an exercise to the reader.

The remaining 7 chapters cover defense (230 pages). The authors approach though-out these sections is to explain the details of the protocols while discussing defensive techniques. Two chapters on cryptography strive to strike a balance between explanations for crypto experts and explanations for those without much of a mathematical background. It will take some work to fully understand these chapters because of the detail. By the same measure, they will make a great reference for me.

At 34.99 less Amazon discount, this book is a bargain. It's easily a 50 or 60 dollar book when compared to others. I paid full price for mine at Border's, because I couldn't wait to get into it. For those who need a comprehensive understanding of 802.11a through 802.11i security, I can't think of anything better.

17 of 18 people found the following review helpful:

4.0 out of 5 stars Great, but aims way too high on expertise scale, October 12, 2004

By	Dr Anton Chuvakin (CA, USA) - See all my reviews

Do you think there are too many wireless security books already? Let me tell you, you haven't read a wireless security book until you read `Wi-Foo'.

This book offers minimum coverage of the basics of wireless security and dives deep into advanced subjects (sometimes pushing my knowledge of wireless security to the wall). It lacks the typically redundant coverage of hardware and basic wireless technology. Also it doesn't get fixated on the tools (as some other volumes) and offers methodology and other sounds advise in addition to the tools. It also offers cryptography basics such as symmetric ciphers and key exchange protocols. It also covers many useful subjects around wireless security as the use of VPNs, central authentication fundamentals and design of the wireless intrusion detection systems. Appendices include signal single conversion tables and lists of wireless equipment other equipment as well as antenna radiation patterns.

Authors' writing style is pleasant and has some truly "British humor", which always makes the book more fun to read. The book slightly favors the attacking side over the defensive side, but still provides a lot of useful advice for those defending wireless networks. Another fun section is the one that covers what occurs after the attackers break for wireless security and get to the protected network.

The downside is that the authors often assume that just about every reader has the same level of expertise. I kind of know a thing or two about security, but a lot of stuff went over my head due to lack of background material. Thus, I suspect that only those knowledgeable in wireless security will benefit from the entire book, others will likely have places where the authors lost them.

If you deal with wireless security (attack or defense) - get it with no questions asked.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Security Strategist with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004) and a contributor to "Known Your Enemy II (AWL, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org