| |
| |
Acknowledgments | |
| |
| |
Introduction | |
| |
| |
| |
Wireless Foundations | |
| |
| |
| |
Introduction to the Wireless Security Mindset | |
| |
| |
What You Will Learn | |
| |
| |
Security 101: The 11 Security Principles | |
| |
| |
Principle 1: Security Versus Convenience | |
| |
| |
Principle 2: It Is Impossible to Eliminate All Risks | |
| |
| |
Principle 3: Rules of Risk Calculation and Mitigating Controls | |
| |
| |
Principle 4: Not All Risks Must Be Mitigated | |
| |
| |
Principle 5: Security Is Not Just Keeping the Bad Guys Out | |
| |
| |
Principle 6: ROI Doesn't Work for Security | |
| |
| |
Principle 7: Defense In Depth | |
| |
| |
Principle 8: Least Privilege | |
| |
| |
Principle 9: CIA Triad | |
| |
| |
Principle 10: Prevention, Detection, Deterrents | |
| |
| |
Principle 11: Prevention Fails | |
| |
| |
Wireless Networking Basics | |
| |
| |
802.11a/b/g/n | |
| |
| |
Access Points | |
| |
| |
Autonomous vs. Controller Based | |
| |
| |
SSID, BSSID, MAC Address | |
| |
| |
Beacons and Broadcasts | |
| |
| |
Associating and Authenticating | |
| |
| |
Encryption | |
| |
| |
| |
Wireless Tools and Gadgets | |
| |
| |
A Lab of Your Own | |
| |
| |
Client Devices | |
| |
| |
Phones | |
| |
| |
Printers | |
| |
| |
Access Points | |
| |
| |
DD-WRT | |
| |
| |
WRT54G | |
| |
| |
Apple Airport Express | |
| |
| |
Mini Access Points | |
| |
| |
Mobile Hotspots | |
| |
| |
Smartphones | |
| |
| |
Enterprise-Grade Access Points | |
| |
| |
Antennas | |
| |
| |
Types of Antennas | |
| |
| |
Gadgets | |
| |
| |
GPS | |
| |
| |
Smartphones and PDAs | |
| |
| |
Pocket Wireless Scanners | |
| |
| |
Spectrum Analyzer | |
| |
| |
Operating System of Choice | |
| |
| |
| |
Know Thy Enemy | |
| |
| |
| |
Theory of Attacks on Wireless Networks | |
| |
| |
Setting the Stage | |
| |
| |
Wireless Reconnaissance | |
| |
| |
SSID Decloaking | |
| |
| |
Passive Packet Captures | |
| |
| |
Store and Crack at Your Convenience | |
| |
| |
Man-in-the-Middle Attacks | |
| |
| |
MTTM-OK, Now What? | |
| |
| |
Authentication | |
| |
| |
WEP Authentication | |
| |
| |
Encryption | |
| |
| |
Stream Ciphers vs. Block Ciphers | |
| |
| |
How WEP Works | |
| |
| |
History of Breaking WEP | |
| |
| |
Attacking WEP Encrypted Networks | |
| |
| |
How WPA Works | |
| |
| |
WPA-PSK | |
| |
| |
WPA-Enterprise | |
| |
| |
WPA2 Encryption Algorithms | |
| |
| |
Attacking WPA Protected Networks | |
| |
| |
So What Should I Use? | |
| |
| |
| |
Attacking Wireless Networks | |
| |
| |
Wireless Reconnaissance | |
| |
| |
The iwlist Command | |
| |
| |
Kismet | |
| |
| |
Kismac | |
| |
| |
Wardrive | |
| |
| |
Netstumbler | |
| |
| |
Actively Attacking Wireless Networks | |
| |
| |
Cracking WEP Encryption | |
| |
| |
Cracking a WPA Passphrase | |
| |
| |
| |
Attacking Wireless Clients | |
| |
| |
Wireless World | |
| |
| |
Wireless Client Vulnerabilities | |
| |
| |
Factors That Exacerbate Wireless Client Vulnerabilities | |
| |
| |
Wireless Reconnaissance | |
| |
| |
Kismet | |
| |
| |
Airodump | |
| |
| |
Sniffing Insecure Communications | |
| |
| |
Capturing Packets | |
| |
| |
Can We Force the Client to Talk to Us? | |
| |
| |
Creating a Linux Access Point | |
| |
| |
Forcing the Client to Talk to Us | |
| |
| |
Default Operations | |
| |
| |
Man-in-the-Middle Attacks | |
| |
| |
DNS Spoofing | |
| |
| |
Fake Webauth | |
| |
| |
SSL MTTM | |
| |
| |
SSL Stripping | |
| |
| |
Fake AV Updates | |
| |
| |
| |
Real-World Wireless Security Defenses | |
| |
| |
| |
Theory of Defense for Securing Wireless Networks | |
| |
| |
Setting the Stage | |
| |
| |
Context | |
| |
| |
Reality | |
| |
| |
The Attacker Has the Advantage | |
| |
| |
Phases of Wireless Deployment | |
| |
| |
New Deployments | |
| |
| |
Existing Wireless Networks | |
| |
| |
Wireless Refresh | |
| |
| |
Secure Design Principles for Wireless Networks | |
| |
| |
Defense In Depth | |
| |
| |
Least Privilege | |
| |
| |
Network Segmentation | |
| |
| |
Wireless Assessments | |
| |
| |
Secure the Infrastructure | |
| |
| |
Rogue AP Detection | |
| |
| |
Physical Security | |
| |
| |
Change the Default Configurations | |
| |
| |
Due Diligence | |
| |
| |
Confidentiality Integrity Availability (CIA) | |
| |
| |
Useless Defenses | |
| |
| |
Faraday Cage | |
| |
| |
MAC Filtering | |
| |
| |
SSID Cloaking | |
| |
| |
WEP | |
| |
| |
WEP Cloaking | |
| |
| |
Good Wireless Defenses | |
| |
| |
Firewalls | |
| |
| |
Routers | |
| |
| |
Switches | |
| |
| |
Intrusion Detection Systems and Intrusion Prevention Systems | |
| |
| |
Wireless Intrusion Detection and Intrusion Prevention Systems | |
| |
| |
Honeypots | |
| |
| |
Web Authentication Gateways | |
| |
| |
| |
Understanding the WPA2-Enterprise with Certificates Architecture | |
| |
| |
Introduction to WPA2-Enterprise with Digital Certificates | |
| |
| |
Public Key Infrastructure and Digital Certificates | |
| |
| |
Public Key Cryptography: Asymmetric Encryption Algorithms | |
| |
| |
Digital Certificates | |
| |
| |
Microsoft Certificate Services | |
| |
| |
Remote Authentication Dial-In User Service | |
| |
| |
802. 1x: Port-Based Access Control | |
| |
| |
RADIUS and 802.1x | |
| |
| |
WPA Enterprise Architecture | |
| |
| |
| |
Deploying a WPA-Enterprise Network with Certificates | |
| |
| |
Install and Configure the Certification Authority | |
| |
| |
Install Active Directory Certificate Services | |
| |
| |
Configure the Certificate Template and Auto-Enrollment | |
| |
| |
Allow Pre-logon Authentication | |
| |
| |
Configure the RADIUS Server | |
| |
| |
Configure the Wireless Access Point | |
| |
| |
Authenticate to the Wireless Network | |
| |
| |
| |
Deploying Secure Wireless Networks | |
| |
| |
WPA2-Enterprise Wireless Networks | |
| |
| |
Configure the Network Policy Server (RADIUS) | |
| |
| |
Configure the Wireless Access Point | |
| |
| |
Configure the Wireless Client | |
| |
| |
Troubleshooting PEAP Authentication | |
| |
| |
Troubleshooting RADIUS Authentication | |
| |
| |
Securing Your Wireless Network | |
| |
| |
Segmenting Wireless Networks | |
| |
| |
Restricting Users | |
| |
| |
Restricting Time | |
| |
| |
Restricting Network Subnets and TCP Ports | |
| |
| |
| |
Handling Wireless Guest Access | |
| |
| |
Guest Networks and Internet Access | |
| |
| |
Authenticating Guest Users and Managing Guest Credentials | |
| |
| |
Using Captive Web Portals | |
| |
| |
Guest Users Only | |
| |
| |
Encrypting Traffic | |
| |
| |
Using Auto-Expiring Credentials | |
| |
| |
Allowing Secure Access to Internal Resources | |
| |
| |
Authenticating Consultants | |
| |
| |
Segmenting Guest Wireless Networks from Internal Networks | |
| |
| |
DMZ with Jump Stations | |
| |
| |
Virtual Private Networking | |
| |
| |
| |
Handling Rogue Access Points and the Future of Wireless Security | |
| |
| |
Handling Rogue Access Points | |
| |
| |
Preventing Rogue Wireless Networks | |
| |
| |
Manually Detecting Rogue Wireless Networks | |
| |
| |
Tracing Malicious Rogue Access Points | |
| |
| |
Handling Rogue Access Points | |
| |
| |
Automated Detection of Rogue Wireless Networks | |
| |
| |
Other Wireless Technologies | |
| |
| |
Next-Gen Solutions | |
| |
| |
Lightweight Wireless Solutions | |
| |
| |
Cloud-based Wireless Solutions | |
| |
| |
Dedicated Wireless IDS | |
| |
| |
Client Protection | |
| |
| |
User Education | |
| |
| |
Technical Solutions for Endpoint Security | |
| |
| |
Group Policy Objects | |
| |
| |
A Introduction to Linux: The Wireless Engineer's Operating System of Choice | |
| |
| |
The Linux Operating System | |
| |
| |
BackTrack: Our Linux Distribution of Choice | |
| |
| |
Downloading and Burning BackTrack | |
| |
| |
Booting BackTrack from a USB Drive | |
| |
| |
Booting to BackTrack | |
| |
| |
The Gnome Graphical Environment | |
| |
| |
Basic Linux Commands | |
| |
| |
Understanding the Linux Shell | |
| |
| |
Running Commands | |
| |
| |
Getting Help with Linux Commands | |
| |
| |
Navigating the Linux File System | |
| |
| |
Installing Software on BackTrack | |
| |
| |
Basic User Administration | |
| |
| |
Basic Networking Configuration | |
| |
| |
Understanding Linux File Permissions | |
| |
| |
Basic Scripting | |
| |
| |
Conclusion | |
| |
| |
Glossary | |
| |
| |
Index | |