Read Online Hacking Wireless Networks for Dummies by Peter T. Kevin.; Davis Beaver - Free Book Online Page A
Authors: Peter T. Kevin.; Davis Beaver
Tags: Team DDU
Ads: Link
exercise.
How does ethical hacking relate to penetration testing? Ethical hacking is a form of penetration testing originally used as a marketing ploy but has come to mean a penetration test of all systems — where there is more than one goal.
In either case, you have a goal. Your evaluation of the security of a wireless network should seek answers to three basic questions:
ߜ What can an intruder see on the target access points or networks?
ߜ What can an intruder do with that information?
ߜ Does anyone at the target notice the intruder’s attempts — or successes?
You might set a simplistic goal, such as finding unauthorized wireless access points. Or you might set a goal that requires you to obtain information from a system on the wired network. Whatever you choose, you must articulate your goal and communicate it to your sponsors.
07_597302_ch02.qxd 8/4/05 7:26 PM Page 21
Chapter 2: The Wireless Hacking Process
21
Involve others in your goal-setting. If you don’t, you will find the planning process quite difficult. The goal determines the plan. To paraphrase the Cheshire Cat’s response to Alice: “If you don’t know where you are going, any path will take you there.” Including stakeholders in the goal-setting process will build trust that will pay off in spades later on.
Thou shalt plan thy work,
lest thou go off course
Few, if any of us, have an unlimited budget. We usually are bound by one or more constraints. Money, personnel or time may constrain you. Consequently, it is important for you to plan your testing.
With respect to your plan, you should do the following:
1. Identify the networks you intend to test.
2. Specify the testing interval.
3. Specify the testing process.
4. Develop a plan and share it with all stakeholders.
5. Obtain approval of the plan.
Share your plan. Socialize it with as many people as you can. Don’t worry that lots of people will know that you are going to hack into the wireless network. If your organization is like most others, then it’s unlikely they can combat the organizational inertia to do anything to block your efforts. It is important, though, to remember that you do want to do your testing under
“normal” conditions.
Thou shalt obtain permission
When it comes to asking for permission, remember the case of the Internal Auditor who, when caught cashing a payroll check he didn’t earn, replied, “I wasn’t stealing. I was just testing the controls of the system.” When doing ethical hacking, don’t follow the old saw that “asking forgiveness is easier than asking for permission.” Not asking for permission may land you in prison!
You must get your permission in writing. This permission may represent the only thing standing between you and an ill-fitting black-and-white-striped suit and a lengthy stay in the Heartbreak Hotel. You must ask for — and get — a 07_597302_ch02.qxd 8/4/05 7:26 PM Page 22
22 Part I: Building the Foundation for Testing Wireless Networks Aw, we were just having fun . . .
In December 2004, a Michigan man became the
wireless networks, had found the wireless
first person ever convicted of wardriving (the
access point of a hardware chain store, had
unauthorized snagging of confidential informa-
used that connection to enter the chain’s cen-
tion via wireless access points, discussed in
tral computer system, and had installed a pro-
Chapters 9 and 10). Prosecutors presented evi-
gram to capture credit-card information.
dence that he and his cronies had scanned for
“get out of jail free” card. This card will state that you are authorized to perform a test according to the plan. It should also say that the organization will
“stand behind you” in case you are criminally charged or sued. This means they will provide legal and organizational support as long as you stayed within the bounds of the original plan (see Commandment Two).
Thou shalt work ethically
The term ethical in this context means
How does ethical hacking relate to penetration testing? Ethical hacking is a form of penetration testing originally used as a marketing ploy but has come to mean a penetration test of all systems — where there is more than one goal.
In either case, you have a goal. Your evaluation of the security of a wireless network should seek answers to three basic questions:
ߜ What can an intruder see on the target access points or networks?
ߜ What can an intruder do with that information?
ߜ Does anyone at the target notice the intruder’s attempts — or successes?
You might set a simplistic goal, such as finding unauthorized wireless access points. Or you might set a goal that requires you to obtain information from a system on the wired network. Whatever you choose, you must articulate your goal and communicate it to your sponsors.
07_597302_ch02.qxd 8/4/05 7:26 PM Page 21
Chapter 2: The Wireless Hacking Process
21
Involve others in your goal-setting. If you don’t, you will find the planning process quite difficult. The goal determines the plan. To paraphrase the Cheshire Cat’s response to Alice: “If you don’t know where you are going, any path will take you there.” Including stakeholders in the goal-setting process will build trust that will pay off in spades later on.
Thou shalt plan thy work,
lest thou go off course
Few, if any of us, have an unlimited budget. We usually are bound by one or more constraints. Money, personnel or time may constrain you. Consequently, it is important for you to plan your testing.
With respect to your plan, you should do the following:
1. Identify the networks you intend to test.
2. Specify the testing interval.
3. Specify the testing process.
4. Develop a plan and share it with all stakeholders.
5. Obtain approval of the plan.
Share your plan. Socialize it with as many people as you can. Don’t worry that lots of people will know that you are going to hack into the wireless network. If your organization is like most others, then it’s unlikely they can combat the organizational inertia to do anything to block your efforts. It is important, though, to remember that you do want to do your testing under
“normal” conditions.
Thou shalt obtain permission
When it comes to asking for permission, remember the case of the Internal Auditor who, when caught cashing a payroll check he didn’t earn, replied, “I wasn’t stealing. I was just testing the controls of the system.” When doing ethical hacking, don’t follow the old saw that “asking forgiveness is easier than asking for permission.” Not asking for permission may land you in prison!
You must get your permission in writing. This permission may represent the only thing standing between you and an ill-fitting black-and-white-striped suit and a lengthy stay in the Heartbreak Hotel. You must ask for — and get — a 07_597302_ch02.qxd 8/4/05 7:26 PM Page 22
22 Part I: Building the Foundation for Testing Wireless Networks Aw, we were just having fun . . .
In December 2004, a Michigan man became the
wireless networks, had found the wireless
first person ever convicted of wardriving (the
access point of a hardware chain store, had
unauthorized snagging of confidential informa-
used that connection to enter the chain’s cen-
tion via wireless access points, discussed in
tral computer system, and had installed a pro-
Chapters 9 and 10). Prosecutors presented evi-
gram to capture credit-card information.
dence that he and his cronies had scanned for
“get out of jail free” card. This card will state that you are authorized to perform a test according to the plan. It should also say that the organization will
“stand behind you” in case you are criminally charged or sued. This means they will provide legal and organizational support as long as you stayed within the bounds of the original plan (see Commandment Two).
Thou shalt work ethically
The term ethical in this context means
Similar Books
