Read Online Hacking Wireless Networks for Dummies by Peter T. Kevin.; Davis Beaver - Free Book Online
Authors: Peter T. Kevin.; Davis Beaver
Tags: Team DDU
Ads: Link
networking transactions by spoofing MAC addresses (masquerading as a legitimate wireless user), setting up man-in-the-middle (inserting a wireless system between an AP and wireless client) attacks, and more
ߜ Exploiting network protocols such as SNMP
ߜ Performing denial-of-service (DoS) attacks
ߜ Jamming RF signals
Software attacks
As if the security problems with the 802.11 protocol weren’t enough, we now have to worry about the operating systems and applications on wireless-client machines being vulnerable to attack. Here are some examples of software attacks:
ߜ Hacking the operating system and other applications on wireless-client machines
ߜ Breaking in via default settings such as passwords and SSIDs that are easily determined
ߜ Cracking WEP keys and tapping into the network’s encryption system ߜ Gaining access by exploiting weak network-authentication systems 07_597302_ch02.qxd 8/4/05 7:26 PM Page 19
Chapter 2
The Wireless Hacking Process
In This Chapter
ᮣ Understanding the hacking process
ᮣ The Ten Commandments of Ethical Hacking
ᮣ Understanding the standards
ᮣ Evaluating your results
We teach courses on ethical hacking — and when you’re teaching, you need an outline. Our teaching outline always starts with the introduction to the ethical-hacking process that comprises most of this chapter.
Inevitably, when the subject of an ethical hacking process comes up, the class participants visibly slump into their chairs, palpable disappointment written all over their faces. They cross their arms across their chests and shuffle their feet. Some even jump up and run from class to catch up on their phone calls. Why? Well, every class wants to jump right in and learn parlor tricks they can use to amaze their friends and boss. But that takes procedure and practice. Without a defined process, you may waste time doing nonessential steps while omitting crucial ones. So bear with us for a while; this background information may seem tedious, but it’s important.
Obeying the Ten Commandments
of Ethical Hacking
In his book Hacking For Dummies (Wiley), Kevin discussed the hacker genre and ethos. In Chapter 1, he enumerated the Ethical Hacking Commandments.
In that book, Kevin listed three commandments. But (as with everything in networking) the list has grown to fill the available space. Now these commandments were not brought down from Mount Sinai, but thou shalt follow these commandments shouldst thou decide to become a believer in the doctrine of ethical hacking. The Ten Commandments are
1. Thou shalt set thy goals.
2. Thou shalt plan thy work, lest thou go off course.
07_597302_ch02.qxd 8/4/05 7:26 PM Page 20
20 Part I: Building the Foundation for Testing Wireless Networks 3. Thou shalt obtain permission.
4. Thou shalt work ethically.
5. Thou shalt work diligently.
6. Thou shalt respect the privacy of others.
7. Thou shalt do no harm.
8. Thou shalt use a scientific process.
9. Thou shalt not covet thy neighbor’s tools.
10. Thou shalt report all thy findings.
Thou shalt set thy goals
When Peter was a kid, he used to play a game at camp called Capture the Flag. The camp counselors would split all the campers into two teams: one with a red flag and one with a blue flag. The rules were simple: If you were on the blue team, then you tried to find the red flag that the red team had hidden and protected, and vice versa. Despite appearances, this game could get rough — on the order of, say, Australian Rules Football. It was single-minded: Capture the flag. This single-mindedness is similar to the goals of a penetration test, a security test with a defined goal that ends either when the goal is achieved or when time runs out. Getting access to a specific access point is not much different from capturing a flag: Your opponent has hidden it and is protecting it, and you’re trying to circumvent the defenses. Penetration testing is Capture the Flag without the intense physical
ߜ Exploiting network protocols such as SNMP
ߜ Performing denial-of-service (DoS) attacks
ߜ Jamming RF signals
Software attacks
As if the security problems with the 802.11 protocol weren’t enough, we now have to worry about the operating systems and applications on wireless-client machines being vulnerable to attack. Here are some examples of software attacks:
ߜ Hacking the operating system and other applications on wireless-client machines
ߜ Breaking in via default settings such as passwords and SSIDs that are easily determined
ߜ Cracking WEP keys and tapping into the network’s encryption system ߜ Gaining access by exploiting weak network-authentication systems 07_597302_ch02.qxd 8/4/05 7:26 PM Page 19
Chapter 2
The Wireless Hacking Process
In This Chapter
ᮣ Understanding the hacking process
ᮣ The Ten Commandments of Ethical Hacking
ᮣ Understanding the standards
ᮣ Evaluating your results
We teach courses on ethical hacking — and when you’re teaching, you need an outline. Our teaching outline always starts with the introduction to the ethical-hacking process that comprises most of this chapter.
Inevitably, when the subject of an ethical hacking process comes up, the class participants visibly slump into their chairs, palpable disappointment written all over their faces. They cross their arms across their chests and shuffle their feet. Some even jump up and run from class to catch up on their phone calls. Why? Well, every class wants to jump right in and learn parlor tricks they can use to amaze their friends and boss. But that takes procedure and practice. Without a defined process, you may waste time doing nonessential steps while omitting crucial ones. So bear with us for a while; this background information may seem tedious, but it’s important.
Obeying the Ten Commandments
of Ethical Hacking
In his book Hacking For Dummies (Wiley), Kevin discussed the hacker genre and ethos. In Chapter 1, he enumerated the Ethical Hacking Commandments.
In that book, Kevin listed three commandments. But (as with everything in networking) the list has grown to fill the available space. Now these commandments were not brought down from Mount Sinai, but thou shalt follow these commandments shouldst thou decide to become a believer in the doctrine of ethical hacking. The Ten Commandments are
1. Thou shalt set thy goals.
2. Thou shalt plan thy work, lest thou go off course.
07_597302_ch02.qxd 8/4/05 7:26 PM Page 20
20 Part I: Building the Foundation for Testing Wireless Networks 3. Thou shalt obtain permission.
4. Thou shalt work ethically.
5. Thou shalt work diligently.
6. Thou shalt respect the privacy of others.
7. Thou shalt do no harm.
8. Thou shalt use a scientific process.
9. Thou shalt not covet thy neighbor’s tools.
10. Thou shalt report all thy findings.
Thou shalt set thy goals
When Peter was a kid, he used to play a game at camp called Capture the Flag. The camp counselors would split all the campers into two teams: one with a red flag and one with a blue flag. The rules were simple: If you were on the blue team, then you tried to find the red flag that the red team had hidden and protected, and vice versa. Despite appearances, this game could get rough — on the order of, say, Australian Rules Football. It was single-minded: Capture the flag. This single-mindedness is similar to the goals of a penetration test, a security test with a defined goal that ends either when the goal is achieved or when time runs out. Getting access to a specific access point is not much different from capturing a flag: Your opponent has hidden it and is protecting it, and you’re trying to circumvent the defenses. Penetration testing is Capture the Flag without the intense physical
Similar Books
