Hacking Exposed Wireless: Wireless Security SecretsSolutions

See all shipping options

by: Michael Christensen (United States)
on: Thursday, 18-February-2010

Hacking Exposed Wireless is built on the same template as the other excellent books in the Hacking Exposed series. I find the book very informative, and Ill keep it close, when Ill perform WiFi testing on the corporate network.

The Attack and Countermeasure sections in the chapters of the Hacking Exposed series, are one of the things I really like about books. They give you a good overview about the risks involved - and how to test and mitigate these risks.

The book consists of 11 chapters grouped in 3 sections: I) Overview, II) Hacking 802.11 Wireless Technologies and III) Hacking additional Wireless Technologies.

1. Section I - Overview.

* Chapter 1 gives you the fundamentals to Wireless technology and describes the common security problems.
* Chapter 2 is quite techie with some use of math for explaining how to calculate effect, antennas etc.

2. Section II - Hacking 802.11 Wireless Technologies.
This section explains from the basics of Wireless security to the more advanced and well protected implementations of Wireless security.

* Chapter 3 is a quite comprehensive guide to the history of the 802.11 protocol, and with that information, you are well equipped to go on to the following chapters. The description of the protocol is vital to understand how the vulnerabilities work.
* Chapter 4 is the description of how to discover and map wireless networks.
* Scanning and enumeration is the next step, and in Chapter 5 all the vital features are covered.
* Attacking `WEP secured WiFi networks is covered in chapter 6, and I must say, I found this information useful. Having already done some pentesting on WEP secured Access Points (AP), I found the explanations and examples very interesting, and Im going to try out some of the techniques explained here, next time I have an AP to test.
* WPA and WPA2 are normally considered to be pretty safe, if you choose the right password. But still the techniques described of how to deal with wireless enterprise setups, surprised me, and they should be taken in consideration, when documenting the risks in the corporate wireless network.
* Deploying security as described in chapter 8 covers the finer art of securing your wireless network.

3. Section III - Hacking additional Wireless Technologies

* A few acquaintances of mine have bragging about how weak the security is on hotels - and how they got free internet during their stay. Chapter 9 covers many of the weaknesses of public APs like the ones in hotels, airports etc.
* The Bluetooth attack on a Mac from chapter 10 was quite new to me. I havent done much in relation to Bluetooth. I have been aware of the fact, there is a risk involved with opening a Bluetooth connection in the public, but not that it could be exploited like that. It was a kind of eye-opener for me.
* The advanced attacks in chapter 11 are some of the issues Ill pay some attention next time I am to test a network. Especially the attacks that can be launched from Metasploit 3.0 sounds interesting (aka scary).

The book also covers threats like rough access points (and how to deal with them). I found this so much of an inspiration, that I want to try it out on one of the educational institutions in the town - of course with a formal approval.

If you work with issues of wireless security, I find this book a must have, and in my opinion, it is sufficient for penetration testers and technicians who are to install corporate networks. With the book in hand, they can do, what has to be done. The book is clearly not targeted against end-users.

by: Chris Gates (NoVA, USA)
on: Saturday, 22-September-2007

I have a ton of those red covered books on the book shelf. The Hacking Exposed series has been good to me and good to every person trying to learn security. So, I was excited to have my new green covered Hacking Exposed Wireless book show up at the house so I could learn some wireless hacking. The first 60 pages or so of background technical content is interesting but not totally necessary to get going with the topic. I do realize to be a good hacker you need to understand the technology, but the other HEs have been able to balance giving us the background and still able to use the tools for some hacking action.

I felt that once we finally got into the technical content (starts with 802.11 discovery) that they talked around topics but really didnt cover how to actually do anything. There isnt much to running kismet after configuring the one or two lines of the conf file. Then its a simple #kismet or $sudo kismet and it runs. Netstumbler is even easier since you have GUI to help you out and its on Windows and same same with KisMAC on OS X.

The cracking WEP section starts out with saying use an old kernel and the madwifi-old drivers. That may have been great advice when the book was published but it is certainly not useful for the average user today especially since it appears the bugs have been worked out of the new madwifi driver and aircrack-ng. (We do have to take into account that I read the book in Sep 07 and it was published in March 07). The section on using aircrack to break WEP on linux on pages 180-182 was decent but certainly not anything you cant get on the aircrack-ng homepage. A little more content on how we do fake authentication attempts and then why and how we have aireplay send our ARP packets would have been nice. The current version of aireplay when you run that capture makes you pick which capture we want to use, since they dont cover what packet to use it may be difficult for the person following along. The shell of the instructions are there, but the details are missing.
The opportunity to shine by talking about the Fragmentation and ChopChop attacks is devoid of actually using aircrack-ng or other tools to launch the attacks, so it falls short.

The Hacking Hotspots section (CH 9) looked to be the redeeming section at first glance but much like the WEP cracking section is lacking any useful screenshots or how to use any of the tools they mention. The most frustrating part was the author telling us how they have a slick SSH set up to use public hotspots but provides no information on how to set up one of our own. The tunneling using ozymanDNS attack gives no useful information on how to use the tool, the billing attacks section gives no useful information either. While I understand its illegal to steal wifi, if you arent going to actually cover it, dont bother talking all around it. The client attack section consisted of installing nmap and nessus and running it against clients on the LAN. That section was the perfect set up to really cover KARMA in-depth, sadly a missed opportunity.

The bluetooth section (CH 10) that looks to be written by Kevin Finisterre was excellent and met the high standards previous HE books set. He walks us through a fictional scenario with real code and explains how we can use the code to exploit bluetooth vulnerabilities on OSX and gives us the link to the code :-)

Overall I was disappointed in the book which is unfortunate because the authors are known to be very knowledgeable and skilled people in the security industry. It can be a good reference on wifi background and hardware if you need one but it falls a bit short IMO of being as useful as some of the other HE titles.

by: Tony Bradley (Houston, TX)
on: Monday, 11-June-2007

Maybe its just me, but it seems like the Hacking Exposed series was in an extended hiatus. It has emerged with a vengeance. Hacking Exposed - Wireless is just one of a series of new Hacking Exposed books and there are more to come throughout the coming months.

While it has been a while since there were new Hacking Exposed books, it seems like it has been even longer since we have had a new book on wireless network security. A topic as rapidly changing and evolving as wireless network technology and security needs updates and new contributions frequently to keep readers informed.

Cache and Liu do a respectable job of bringing the latest and greatest wireless attacks and security measures to the reader. The first chunk of the book- the first 3 chapters- are dedicated to providing a sort of overview of wireless technology and the history or evolution of network communication via RF, but then the book gets down to business.

The authors discuss how to enumerate and identify targets, and how to attack wireless networks, including ways to attack networks protected with WPA encryption. Further into the book, they also provide coverage of wireless security in public hotspots, and a chapter on Bluetooth security.

Hacking Exposed - Wireless covers how attackers use various tools such as Kismet or Airopeek to identify vulnerable wireless networks, and how the Metasploit 3.0 Framework can be used to exploit and attack wireless networks. It also discusses packet injection and DoS (denial-of-service attacks).

Overall, I think the book covers the information well. It provides a good amount of detail about the flaws and weaknesses of wireless networking that can be exploited, and also instructs the reader on security countermeasures to defend against such attacks. Being the most current available also makes this book a must read.

by: Richard Bejtlich (Metro Washington, DC)
on: Sunday, 6-May-2007

When I read and reviewed Wi-Foo: The Secrets of Wireless Hacking three years ago, I was really impressed. Wi-Foo is obviously showing its age now, but a second edition is in the works. I was excited to see Hacking Exposed: Wireless (HE:W), green cover and all, because I hoped it would be just as good as Wi-Foo but covering newer topics. Overall I think the next Wi-Foo will be better than HE:W, but HE:W is currently the most up-to-date book on wireless security available.

Most readers can avoid the first 60 pages or so of HE:W. It seems the different authors wrote the first two chapters, and I doubt most of us need radio, cryptography, and other history lessons. This is supposed to be a Hacking Exposed book, which should mean introducing technologies with a security spin and hands-on exercises from the first page onward. If you want to really understand wireless, read 802.11 Wireless Networks: The Definitive Guide, 2nd Ed by Matthew S Gast, which was my 2006 book of the year.

HE:W begins to be interesting on p 61 with a discussion of 802.11 Packet Types. From this point forward the authors share many unique insights which are either obscure or not well covered elsewhere. I appreciated reading items like the fact that all access points on a channel should honor frames with CTS bits set -- even if the APs belong to different enterprises. Chapter 6 offered great insights on wireless zero configuration in Windows. The authors also demonstrate a powerful ability to explain the workings of various complex security technologies and their weaknesses, e.g., PEAP certificate failure attacks in chapter 7. Chapter 10 offered a story similar to that found in Syngress Stealing the Network series, where an obsessed hacker exploits Bluetooth on a womans Mac laptop.

I recommend reading HE:W if you want a modern treatment of wireless security issues. The authors cover many aspects of up-to-date features and weaknesses of wireless technologies, although the focus is mostly 802.11. While I liked the story in chapter 10, I would have also enjoyed reading more traditional HE coverage of Bluetooth outside the story format. Overall I think Wi-Foo II (arriving in November) will be the book to beat. If you cant wait that long, I recommend reading HE:W.