Top positive review
Book Review: Hacking Exposed Wireless
on February 18, 2010
Hacking Exposed Wireless is built on the same template as the other excellent books in the Hacking Exposed series. I find the book very informative, and I'll keep it close, when I'll perform WiFi testing on the corporate network.
The Attack and Countermeasure sections in the chapters of the Hacking Exposed series, are one of the things I really like about books. They give you a good overview about the risks involved - and how to test and mitigate these risks.
The book consists of 11 chapters grouped in 3 sections: I) Overview, II) Hacking 802.11 Wireless Technologies and III) Hacking additional Wireless Technologies.
1. Section I - Overview.
* Chapter 1 gives you the fundamentals to Wireless technology and describes the common security problems.
* Chapter 2 is quite techie with some use of math for explaining how to calculate effect, antennas etc.
2. Section II - Hacking 802.11 Wireless Technologies.
This section explains from the basics of Wireless security to the more advanced and well protected implementations of Wireless security.
* Chapter 3 is a quite comprehensive guide to the history of the 802.11 protocol, and with that information, you are well equipped to go on to the following chapters. The description of the protocol is vital to understand how the vulnerabilities work.
* Chapter 4 is the description of how to discover and map wireless networks.
* Scanning and enumeration is the next step, and in Chapter 5 all the vital features are covered.
* Attacking `WEP secured WiFi networks' is covered in chapter 6, and I must say, I found this information useful. Having already done some pentesting on WEP secured Access Points (AP), I found the explanations and examples very interesting, and I'm going to try out some of the techniques explained here, next time I have an AP to test.
* WPA and WPA2 are normally considered to be pretty safe, if you choose the right password. But still the techniques described of how to deal with wireless enterprise setups, surprised me, and they should be taken in consideration, when documenting the risks in the corporate wireless network.
* Deploying security as described in chapter 8 covers the finer art of securing your wireless network.
3. Section III - Hacking additional Wireless Technologies
* A few acquaintances of mine have bragging about how weak the security is on hotels - and how they got free internet during their stay. Chapter 9 covers many of the weaknesses of public AP's like the ones in hotels, airports etc.
* The Bluetooth attack on a Mac from chapter 10 was quite new to me. I haven't done much in relation to Bluetooth. I have been aware of the fact, there is a risk involved with opening a Bluetooth connection in the public, but not that it could be exploited like that. It was a kind of eye-opener for me.
* The advanced attacks in chapter 11 are some of the issues I'll pay some attention next time I am to test a network. Especially the attacks that can be launched from Metasploit 3.0 sounds interesting (aka scary).
The book also covers threats like rough access points (and how to deal with them). I found this so much of an inspiration, that I want to try it out on one of the educational institutions in the town - of course with a formal approval.
If you work with issues of wireless security, I find this book a must have, and in my opinion, it is sufficient for penetration testers and technicians who are to install corporate networks. With the book in hand, they can do, what has to be done. The book is clearly not targeted against end-users.