I always say you've got to have the right tools to do a good job of
looking for and exploiting security holes. This is especially true
for wireless networks where tools (and the proper hardware
configuration to run them on) are harder to come by than
run-of-the-mill Windows security tools. Acquiring the right tools
is the first and most important step in testing your wireless
security.
For starters, you need good wireless cards -- not one but two,
maybe three. The reason is that different tools require -- or at
least work better with -- specific wireless chipsets. I've had good
luck with the old Orinoco Gold card as well as the Netgear
WAG511v2. Refer to your tool documentation for the best fit.
Another good thing to look for is a card that has an external
antenna connector for hooking up a
Cantenna or similar wireless
signal booster device. This can make all the difference in the
world when rooting out low-powered or hidden wireless devices.
As far as wireless security testing software goes, I recommend
the following:
Free Tools
-
NetStumbler quickly identifies basic wireless devices that will
respond to an "anybody out there?" request.
- Kismet
roots out wireless devices that have their SSIDs hidden or
otherwise won't respond to basic NetStumbler probes. If you're not
into Linux or don't want to spend hours if not days setting up your
wireless card drives in Linux, you can run Kismet directly from the
BackTrack Live CD.
- Aircrack
is for WEP and WPA pre-shared key cracking.
- FakeAP on the BackTrack Live CD mimics a legitimate
access point and sets up an evil twin attack to see how your users
carelessly connect to any old access point.
Commercial Tools- AiroPeek
wireless network analyzer to quickly and easily capture packets,
look for top talkers, discover rogue systems, and more
- AirMagnet
Laptop Analyzer, among many other things, has a nifty signal
strength meter for determining how close or far away a wireless
device is when you're walking around trying to locate it.
- Network
Chemistry RFprotect Mobile is a full-featured and simple-to-use
option to capture packets, locate legitimate and rogue devices,
monitor signal strength and more.
- CommView
WiFi is for low-cost packet capturing, packet generation and
more.
Don't overlook the fact that wireless security testing doesn't
just involve access points, laptops and the 802.11 protocol.
Wireless is merely an entry point into your network -- not
necessarily a standalone entity to test. Once you're able to obtain
wireless network connectivity via MAC address spoofing, WEP/WPA
cracking or whatever, you still have a ways to go poking around
your Windows environment and testing Web applications, databases
and so on. For a list of recommended tools, check out the
Top 15 security tools for testing Windows.
That said, know that you're not going to find all wireless
security vulnerabilities with tools alone. Knowledge of how
wireless networks work combined with general networking, OS and
security experience are all equally important.
Wireless network security
testing
Home:
Introduction
Step 1: Build your arsenal of
tools
Step 2:
Search for weaknesses
Step 3: Dig in deep to demonstrate the
threat