Paperback (Print)
Buy New
Buy New from BN.com
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Paperback)
  • All (23) from $1.99   
  • New (6) from $28.45   
  • Used (17) from $1.99   


The definitive guide to penetrating and defending wireless networks.

Straight from the field, this is the definitive guide to hacking wireless networks. Authored by world-renowned wireless security auditors, this hands-on, practical guide covers everything you need to attack -- or protect -- any wireless network.

The authors introduce the 'battlefield,' exposing today's 'wide open' 802.11 wireless networks and their attackers. One step at a time, you'll master the attacker's entire arsenal of hardware and software tools: crucial knowledge for crackers and auditors alike. Next, you'll learn systematic countermeasures for building hardened wireless 'citadels''including cryptography-based techniques, authentication, wireless VPNs, intrusion detection, and more.

Coverage includes:

  • Step-by-step walkthroughs and explanations of typical attacks
  • Building wireless hacking/auditing toolkit: detailed recommendations, ranging from discovery tools to chipsets and antennas
  • Wardriving: network mapping and site surveying
  • Potential weaknesses in current and emerging standards, including 802.11i, PPTP, and IPSec
  • Implementing strong, multilayered defenses
  • Wireless IDS: why attackers aren't as untraceable as they think
  • Wireless hacking and the law: what's legal, what isn't

If you're a hacker or security auditor, this book will get you in. If you're a netadmin, sysadmin, consultant, or home user, it will keep everyone else out.

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
There are plenty of wireless security books. This one’s seriously “hands-on.” It was written by the leaders of one of the world’s top wireless security auditing teams. Penetration testing is crucial to protecting yourself, and this book is the source for mastering it. But it doesn’t just show you how to attack 802.11 networks -- it shows how to detect and defeat those attacks, too.

First, you’ll assemble the arsenal needed to probe wireless network security: hardware, drivers, utilities, network mapping and site surveying tools, and so forth. The authors offer knowledgeable advice on cards, chipsets, antennas, amplifiers, cables, connectors, Linux drivers and wireless extensions, and of course software tools. When it comes to the underlying hardware, they go beyond conventional PCs and notebooks, also discussing iPAQs and Sharp Zauruses running Linux: super-handy for monitoring signal strength and discovering rogue access points.

Once you have your toolset, you’ll walk through planning your attack, gaining access -- and the awful stuff that can be done once inside. By now, netadmins will be plenty motivated to fight back. The authors teach how, in detail. You’ll learn how to make the most of cryptography (not just WEP); provide effective user authentication, deploy higher-layer wireless VPNs, even implement a wireless IDS system.

We needn’t remind you just how vulnerable many 802.11 networks still are, even now. Let’s just say, if you want to do something about it, you’ll find this book indispensable. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2003 and Upgrading & Fixing Networks for Dummies, Second Edition.

Library Journal
WarDriving-or moving around an area to map wireless access points-presents an opportunity for those interested in raising awareness of wireless connectivity and security vulnerabilities; an opening for those looking to contribute connectivity through deliberately opening access; and a security threat to those who fail to protect their networks-even though ethical WarDrivers point out that they eschew unauthorized network use. WarDriving teaches how to WarDrive, from necessary tools to useful software; each chapter ends with a summary, bullet points, and FAQ. Later chapters discuss how to attack and how to defend wireless networks, making this useful for readers wanting to protect their networks. The main focus, however, may find a narrow audience in most libraries; those seeking books on securing their network will want to supplement with more thorough guides, and those interested in WarDriving may already be conversant with the tools and ideas discussed. A supplemental purchase for larger libraries. Wi-Foo covers similar ground and discusses similar utilities, yet it goes much deeper into the nuts and bolts of both breaking into and defending wireless networks. Some more technical sections are balanced out by step-by-step explanations of security basics and patterns of attack. Extensive appendixes range from antenna irradiation patterns to war-chalking symbols to a penetration testing template. Wireless security is an ever-growing issue, which makes this thorough guide recommended for larger libraries. Copyright 2004 Reed Business Information.
From The Critics
Uses clear language and is easy to read. ... if you're network admin or security professional, this book is almost a must. It's a combo of Exploiting Software and Hacking Exposed with specialization on wireless LANs.
Read More Show Less

Product Details

  • ISBN-13: 9780321202178
  • Publisher: Addison-Wesley
  • Publication date: 4/9/2004
  • Pages: 592
  • Sales rank: 1,433,946
  • Product dimensions: 7.00 (w) x 9.00 (h) x 1.50 (d)

Meet the Author

The authors have been active participants in the IT security community for many years and are security testers for leading wireless equipment vendors.

Andrew A. Vladimirov leads the wireless consultancy division at Arhont Ltd, one of the UK¿s leading security consultants. He was one of the UK¿s first IT professionals to obtain the coveted CWNA wireless certification.

Konstantin V. Gavrilenko co-founded Arhont Ltd. He has more than 12 years of IT and security experience, and his expertise includes wireless security, fire-walls, cryptography, VPNs, and IDS.

Andrei A. Mikhailovsky has more than a decade of networking and security experience and has contributed extensively to Arhont¿s security research papers.

Read More Show Less

Table of Contents


1. Real World Wireless Security.

Why Do We Concentrate on 802.11 Security?

Getting a Grip on Reality: Wide Open 802.11 Networks Around Us.

The Future of 802.11 Security: Is It as Bright as It Seems?


2. Under Siege.

Why Are “They” After Your Wireless Network?

Wireless Crackers: Who Are They?

Corporations, Small Companies, and Home Users: Targets Acquired.

Target Yourself: Penetration Testing as Your First Line of Defense.


3. Putting the Gear Together: 802.11 Hardware.

PDAs Versus Laptops.

PCMCIA and CF Wireless Cards.

Selecting or Assessing Your Wireless Client Card Chipset.

Prism Chipset.

Cisco Aironet Chipset.

Hermes Chipset.

Symbol Chipset.

Atheros Chipset.

ADM8211 Chipset.

Other Chipsets That Are Common in Later Models of 802.11-Compatible Devices.

Selecting or Assessing Your Wireless Client Card RF Characteristics.


RF Amplifiers.

RF Cables and Connectors.


4. Making the Engine Run: 802.11 Drivers and Utilities.

Operating System, Open Source, and Closed Source.

The Engine: Chipsets, Drivers, and Commands.

Making Your Client Card Work with Linux and BSD.

Getting Used to Efficient Wireless Interface Configuration.

Linux Wireless Extensions.

Linux-wlan-ng Utilities.

Cisco Aironet Configuration.

Configuring Wireless Client Cards on BSD Systems.


5. Learning to WarDrive: Network Mapping and Site Surveying.

Active Scanning in Wireless Network Discovery.

Monitor Mode Network Discovery and Traffic Analysis Tools.


Kismet and GpsDrive Integration.







Miscellaneous Command—Line Scripts and Utilities.

BSD Tools for Wireless Network Discovery and Traffic Logging.

Tools That Use the iwlist scan Command.

RF Signal Strength Monitoring Tools.


6. Assembling the Arsenal: Tools of the Trade.

Encryption Cracking Tools.

WEP Crackers.






Tools to Retrieve WEP Keys Stored on the Client Hosts.

Traffic Injection Tools Used to Accelerate WEP Cracking.

802.1x Cracking Tools.

Asleap-imp and Leap.


Wireless Frame-Generating Tools.







Wireless Encrypted Traffic Injection Tools: Wepwedgie.

Access Point Management Utilities.


7. Planning the Attack.

The “Rig”.

Network Footprinting.

Site Survey Considerations and Planning.

Proper Attack Timing and Battery Power Preservation.

Stealth Issues in Wireless Penetration Testing.

An Attack Sequence Walk-Through.


8. Breaking Through.

The Easiest Way to Get in.

A Short Fence to Climb: Bypassing Closed ESSIDs, MAC, and Protocols Filtering.

Picking a Trivial Lock: Various Means of Cracking WEP.

WEP Brute-Forcing.

The FMS Attack.

An Improved FMS Attack.

Picking the Trivial Lock in a Less Trivial Way: Injecting Traffic to Accelerate WEP Cracking.

Field Observations in WEP Cracking.

Cracking TKIP: The New Menace.

The Frame of Deception: Wireless Man-in-the-Middle Attacks and Rogue Access Points Deployment.

DIY: Rogue Access Points and Wireless Bridges for Penetration Testing.

Hit or Miss: Physical Layer Man-in-the-Middle Attacks.

Phishing in the Air: Man-in-the-Middle Attacks Combined.

Breaking the Secure Safe.

Crashing the Doors: Authentication Systems Attacks.

Tapping the Tunnels: Attacks Against VPNs.

The Last Resort: Wireless DoS Attacks.

1. Physical Layer Attacks or Jamming.

2. Spoofed Deassociation and Deauthentication Frames Floods.

3. Spoofed Malformed Authentication Frame Attack.

4. Filling Up the Access Point Association and Authentication Buffers.

5. Frame Deletion Attack.

6. DoS Attacks Based on Specific Wireless Network Settings.

7. Attacks Against 802.11i Implementations.


9. Looting and Pillaging: The Enemy Inside.

Step 1: Analyze the Network Traffic.

802.11 Frames.

Plaintext Data Transmission and Authentication Protocols.

Network Protocols with Known Insecurities.

DHCP, Routing, and Gateway Resilience Protocols.

Syslog and NTP Traffic.

Protocols That Shouldn’t Be There.

Step 2: Associate to WLAN and Detect Sniffers.

Step 3: Identify the Hosts Present and Perform Passive Operating System Fingerprinting.

Step 4: Scan and Exploit Vulnerable Hosts on WLAN.

Step 5: Take the Attack to the Wired Side.

Step 6: Check Wireless-to-Wired Gateway Egress Filtering Rules.


10. Building the Citadel: An Introduction to Wireless LAN Defense.

Wireless Security Policy: The Cornerstone.

1. Device Acceptability, Registration, Update, and Monitoring.

2. User Education and Responsibility.

3. Physical Security.

4. Physical Layer Security.

5. Network Deployment and Positioning.

6. Security Countermeasures.

7. Network Monitoring and Incident Response.

8. Network Security and Stability Audits.

Layer 1 Wireless Security Basics.

The Usefulness of WEP, Closed ESSIDs, MAC Filtering, and SSH Port Forwarding.

Secure Wireless Network Positioning and VLANs.

Using Cisco Catalyst Switches and Aironet Access Points to Optimize Secure Wireless Network Design.

Deploying a Linux-Based, Custom-Built Hardened Wireless Gateway.

Proprietary Improvements to WEP and WEP Usage.

802.11i Wireless Security Standard and WPA: The New Hope.

Introducing the Sentinel: 802.1x.

Patching the Major Hole: TKIP and CCMP.


11. Introduction to Applied Cryptography:Symmetric Ciphers.

Introduction to Applied Cryptography and Steganography.

Modern-Day Cipher Structure and Operation Modes.

A Classical Example: Dissecting DES.

Kerckhoff’s Rule and Cipher Secrecy.

The 802.11i Primer: A Cipher to Help Another Cipher.

There Is More to a Cipher Than the Cipher: Understanding Cipher Operation Modes.

Bit by Bit: Streaming Ciphers and Wireless Security.

The Quest for AES.

AES (Rijndael).





Between DES and AES: Common Ciphers of the Transition Period.




Selecting a Symmetric Cipher for Your Networking or Programming Needs.


12. Cryptographic Data Integrity Protection, Key Exchange, and User Authentication Mechanisms.

Cryptographic Hash Functions.

Dissecting an Example Standard One-Way Hash Function.

Hash Functions, Their Performance, and HMACs.

MIC: Weaker But Faster.

Asymmetric Cryptography: A Different Animal.

The Examples of Asymmetric Ciphers: ElGamal, RSA, and Elliptic Curves.

Practical Use of Asymmetric Cryptography: Key Distribution, Authentication, and Digital Signatures.


13. The Fortress Gates: User Authentication in Wireless Security.


Basics of AAA Framework.




An Overview of the RADIUS Protocol.

RADIUS Features.

Packet Formats.

Packet Types.

Installation of FreeRADIUS.







User Accounting.

RADIUS Vulnerabilities.

Response Authenticator Attack.

Password Attribute-Based Shared Secret Attack.

User Password-Based Attack.

Request Authenticator-Based Attacks.

Replay of Server Responses.

Shared Secret Issues.

RADIUS-Related Tools.

802.1x: The Gates to Your Wireless Fortress.

Basics of EAP-TLS.

Packet Format.

Creating Certificates.

FreeRADIUS Integration.





Windows 2000 and Windows XP.

An Example of Access Point Configuration: Orinoco AP-2000.



What Is a Directory Service?

What Is LDAP?

How Does LDAP Work?

Installation of OpenLDAP.

Satisfying Dependencies.

Configuration of OpenLDAP.

Testing LDAP.

Populating the LDAP Database.

Centralizing Authentication with LDAP.

Mobile Users and LDAP.

LDAP-Related Tools.

Directory Administrator.



LDAP Tool.

NoCat: An Alternative Method of Wireless User Authentication.

Installation and Configuration of NoCat Gateway.

Installation and Configuration of Authentication Server.


14. Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs.

Why You Might Want to Deploy a VPN.

VPN Topologies Review: The Wireless Perspective.






Common VPN and Tunneling Protocols.





Alternative VPN Implementations.




The Main Player in the Field: IPSec Protocols, Operations, and Modes Overview.

Security Associations.



IP Compression.

IPSec Key Exchange and Management Protocol.


Phase 1 Modes of Operation.

Phase 2 Mode of Operation.

Perfect Forward Secrecy.

Dead Peer Discovery.

IPSec Road Warrior.

Opportunistic Encryption.

Deploying Affordable IPSec VPNs with FreeS/WAN.

FreeS/WAN Compilation.

FreeS/WAN Configuration.

Key Generation.

X.509 Certificate Generation.

Ipsec.conf Organization.

Network-to-Network VPN Topology Setting.

Host-to-Network VPN Topology Setting.

Windows 2000 Client Setup.

Windows 2000 IPSec Client Configuration.


15. Counterintelligence: Wireless IDS Systems.

Categorizing Suspicious Events on WLANs.

1. RF/Physical Layer Events.

2. Management/Control Frames Events.

3. 802.1x/EAP Frames Events.

4. WEP-Related Events.

5. General Connectivity/Traffic Flow Events.

6. Miscellaneous Events.

Examples and Analysis of Common Wireless Attack Signatures.

Radars Up! Deploying a Wireless IDS Solution for Your WLAN.

Commercial Wireless IDS Systems.

Open Source Wireless IDS Settings and Configuration.

A Few Recommendations for DIY Wireless IDS Sensor Construction.



Appendix A. Decibel—Watts Conversion Table.

Appendix B. 802.11 Wireless Equipment.

Appendix C. Antenna Irradiation Patterns.




Appendix D. Wireless Utilities Manpages.

1. Iwconfig.

2. Iwpriv.

3. Iwlist.

4. Wicontrol.

5. Ancontrol.

Appendix E. Signal Loss for Obstacle Types .

Appendix F. Warchalking Signs.

Original Signs.

Proposed New Signs.

Appendix G. Wireless Penetration Testing Template.

Arhont Ltd Wireless Network Security and Stability Audit Checklist Template.

1 Reasons for an audit.

2 Preliminary investigations.

3 Wireless site survey.

4 Network security features present.

5 Network problems / anomalies detected.

6 Wireless penetration testing procedure .

7 Final recommendations.

Appendix H. Default SSIDs for Several Common 802.11 Products.




Read More Show Less



"Our first obligation is to keep the Foo Counters turning."


Why Does Wi-Foo Exist and for Whom Did We Write It?

There are multiple white papers and books available on wireless security (only two years ago you would have hardly found any). Many of them, including this book, are centered around 802.11 standards. Most explain the built-in security features of 802.11 protocols, explain future 802.11 security standards development and requirements, list (and sometimes describe in detail) known security weaknesses of 802.11 networks, and describe the countermeasures that a wireless network manager or system administrator can take to reduce the risks presented by these flaws. However, all books (except this one) do not describe how "hackers" can successfully attack wireless networks and how system administrators can detect and defeat these attacks, step by step, as the actual attack takes place.

We believe that the market needs above all else a hands-on, down-to-earth source on penetration testing of wireless networks. Such a source should come from the field and be based on the practical experience of penetrating a great number of client and testing wireless networks, an experience that many in the underground and few in the information security community possess. As a core of the Arhont wireless security auditing team, we perform wireless penetration testing on an almost daily basis and we hope that our experience will give you a good jump start on practical wireless security assessment and further network hardening.

If you are a curious individual who just got a PCMCIA card and a copy of the Netstumbler, we hope that this book will teach you about real wireless security and show, in the words of one of the main heroes of The Matrix, "how deep the rabbit hole goes." You will, hopefully, understand what is possible to do security-wise with the wireless network and what isn't; what is considered to be legal and what crosses the line. In the second, defense-oriented section of the book, you will see that, despite all the limitations of wireless security, an attacker can be successfully traced and caught. At the same time, we hope that you will see that defending wireless networks can be as thrilling and fascinating as finding and attacking them, and you could easily end up as a local wireless community security guru or even choose a professional path in this area. If you do participate in a wireless community project, you can raise awareness of wireless security issues in the community and help educate and inform others and show them that "open and free" does not mean "exploited and abused." If you run your own home wireless LAN, we take it for granted that it will be far more difficult to break into after you finish reading this book.

If you are a system administrator or network manager, proper penetration testing of your wireless network is not just the only way to see how vulnerable your network is to both external and internal attackers, but also the only way to demonstrate to your management the need for additional security safeguards, training, and consultants. Leaving the security of your wireless network unattended is asking for trouble, and designing a network with security in mind from the very beginning saves you time, effort, and perhaps your job. Unless the threats are properly understood by top management, you won't be able to implement the security measures you would like to see on your WLAN, or make the best use of the expertise of external auditors and consultants invited to test, troubleshoot, and harden the wireless network. If you decide (or are required) to tackle wireless security problems yourself, we hope that the defense section of the book will be your lifeline. If the network and company happen to be yours, it might even save you a lot of cash (hint: open source).

If you are a security consultant working within the wireless security field or expanding your skills from the wired to the wireless world, you might find a lack of structure in the on-line information and lack of practical recommendations (down to the command line and configuration files) in the currently available literature; this book will fill the vacuum.

The most prestigious and essential certification in the wireless security area at the time of writing is the Certified Wireless Security Professional (CWSP; see the "Certifications" section at http://www.cwne.com). People who have this certification have shown that they have a sufficient understanding of wireless security problems and some hands-on skills in securing real-life wireless networks. Because the CWSP certification is vendor-independent, by definition the CWSP preparation guide cannot go into specific software installation, configuration, troubleshooting, and use in depth. Thus, this book is a very useful aid in CWSP exam preparation, helping the reader comprehend the studied issues on a "how-to" level. In fact, the structure of this book (planned half a year before the release of the official CWSP study guide) is similar to the guide structure: The description of attack methods is followed by chapters devoted to the defensive countermeasures. After that, as you will see, the similarities between the books end.

Finally, if you are a cracker keen on breaking into a few networks to demonstrate that "sad outside world" your "31337 2k1LLz," our guess is what you are going to read here can be useful for your "h4x0r1ng" explorations, in the same manner that sources like Securityfocus or Packetstorm are. Neither these sites nor this book are designed for your kin, though (the three categories of people we had in mind when writing it are listed earlier). We believe in a free flow of information and sensitive open disclosure (as, e.g., outlined by a second version of the infamous RFPolicy; see http://www.wiretrip.net/rfp/policy.html). What you do with this information is your responsibility and the problems you might get into while using it the illicit way are yours, and not ours. The literature on martial arts is not banned because street thugs might use the described techniques against their victims, and the same applies to the informational "martial arts" (consider this one of the subreasons for the name of this book). In fact, how often are you attacked by the possessors of (rightfully earned) black belts on streets or in bars without being an offender yourself? Real masters of the arts do not start fights and true experts in information security do not go around defacing Web sites or trying to get "a fatter free pipe for more w4r3z." If you are truly keen on wireless security, you will end up as a wireless security application developer, security system administrator, or consultant. Although it is not an example from the wireless side of the world, take a close look at Kevin Mitnick, or read his recent "The Art of Deception" work. If you remain on the "m3 0wnZ j00" level, you will end up living without the Internet behind bars in some remote prison cell, and no manuals, books, or tools will save you. It's the mindset that puts "getting root by any means to impress my mates and satisfy my ego" before knowledge and understanding that is flawed.

What About the Funky Name?

All that we describe here we did first for fun and only then for profit. It is an art, in a sense, of informational warfare over the microwave medium that involves continuing effort and passion, on both the attacking and defending sides. Currently the attacking side appears to be more persistent and thus, efficient: new attack tools and methodologies appear on a monthly, if not weekly basis. At the same time, the majority of wireless networks we have observed and evaluated were frankly "foo bar'ed." For a non-geek, that term means, roughly, "messed up beyond human comprehension." There are far more colorful definitions of this great and useful term and the curious reader is referred to Google for the deep linguistic investigations of all things foo and bar. Don't forget to stop by http://www.ietf.org/rfc/rfc3092.txt on your journey for truth.

The "foo bar" state applies to both real-world wireless security (you would be surprised by the number of completely open wireless networks around, without even minimal available security features enabled) and some other issues. Such issues primarily include radio frequency side misconfigurations--access points transmitting on the same and overlapping channels, incorrectly positioned antennas, incorrectly chosen transmission power level, and so on. Obviously, 802.11-Foo would be a more technically correct name for the book (not every 802.11 device is wireless fidelity-certified) but, admit it, Wi-Foo sounds better :).

To comment on the "hacking" part of the title, in the Western world there are two sides constantly arguing about the meaning of this term. Whereas the popular media and the public opinion it fosters identify "hacking" with breaking systems and network security for fun, knowledge, or nefarious aims, old-time programmers and system administrators tend to think that "hacking" is tweaking and tinkering with software and hardware (and not only) to solve various technical problems employing lateral thinking. A good illustration of the second approach to the term is Richard Stallman's "On Hacking" article you can enjoy at http://www.stallman.org/articles/on-hacking.html. In our case it is the second applied to the first with nefarious aims taken away and defense methodologies added. No network is the same and this statement applies to wireless networks far more than their wired counterparts. Have you ever seen a wired network affected by a heavy rain, blossoming trees, or 3D position of the network hosts? Can the security of an Ethernet LAN segment be dependent on the chipsets of network client cards? Although this book tries to be as practical as possible, no solution or technique presented is an absolute, universal truth, and you will find that a lot of tweaking (read: hacking) for the particular network you are working on (both attack and defense-wise) is required. Good luck, and let the packets be with you.

How This Book Is Organized

Practically every wired or wireless network security book available starts with an outline of the seven Open Systems Interconnection (OSI) layers, probably followed by explaining "the CISSP triad" (confidentiality, integrity, and availability), basic security principles, and an introduction to the technology described. These books also include an introductory chapter on cryptography normally populated by characters called Bob, Alice, Melanie, and of course, Eve, who tends to be an evil private key snatcher.

This book is different: We assume that the reader has basic knowledge of the OSI and TCP/IP layers, understands the difference between infrastructure / managed and independent / ad-hoc wireless networks as well as can distinguish between common IEEE 802 standards. Describing the basics of networking or detailed operations of wireless networks will constitute two separate books on their own, and such well-written books are easily found (for 802.11 essentials we strongly recommend the Official CWNA Study Guide and O'Reilly's 802.11 Wireless Networks: The Definitive Guide).

However, you'll find a lot of data on 802.11 network standards and operations here when outlining it is appropriate, often in form of the inserted "foundations" boxes.

Also, there is a cryptography part that isn't directly related to everything wireless, but is absolutely vital for the proper virtual private network (VPN) deployment, wireless users authentication, and other security practices outlined in the following chapters. We skimmed through a lot of cryptographic literature and have been unable to find anything written specifically for system and network administrators and managers to cover practical networking conditions taking into account the access media, bandwidth available, deployed hosts' CPU architecture, and so forth. Chapters 11 and 12 will be such a source and we hope it will help you even if you have never encountered practical cryptography issues at all or aren't an experienced cryptographer, cryptanalytic, or cryptologist.

We have divided the book into two large parts: Attack and Defense. Although the Attack half is self-sufficient if your only aim is wireless security auditing, the Defense part is heavily dependent on understanding who the attackers might be, why they would crack your network, and, most important, how it can be done. Thus, we recommend reading the Attack part first unless you are using Wi-Foo as a reference.

This part begins with a rather nontechnical discussion outlining the wireless security situation in the real world, types of wireless attackers, and their motivations, objectives, and target preferences. It is followed by structured recommendations on selecting and setting up hardware and software needed to perform efficient wireless security testing. We try to stay impartial, do not limit ourselves to a particular group of vendors, and provide many tips on getting the best from the hardware and utilities you might already have. After all, not every reader is capable of devoting his or her resources to building an ultimate wireless hacking machine, and every piece of wireless hardware has its strong and weak sides. When we do advise the use of some particular hardware item, there are sound technical reasons behind any such recommendation: the chipset, radio frequency transceiver characteristics, antenna properties, availability of the driver source code, and so on. The discussion of standard wireless configuration utilities such as Linux Wireless Tools is set to get the most out of these tools security-wise and flows into the description of wireless penetration testing-specific software. Just like the hardware discussion before, this description is structured, splitting all available tools into groups with well-defined functions rather than listing them in alphabetic or random order. These groups include wireless network discovery tools, protocol analyzers, encryption cracking tools, custom 802.11 frame construction kits, and various access point management utilities useful for access point security testing.

Whereas many "network security testing" books are limited to describing what kind of vulnerabilities there are and which tools are available to exploit them, we carry the discussion further, outlining the intelligent planning for a proper audit (or attack) and walking the reader step by step through the different attack scenarios, depending on the protection level of the target network. We outline advanced attack cases, including exploiting possible weaknesses in the yet unreleased 802.11i standard, accelerating WEP cracking, launching sneaky layer 2 man-in-the-middle and denial of service attacks, and even trying to defeat various higher layer security protocols such as PPTP, SSL and IPSec. Finally, the worst case scenario, a cracker being able to do anything he or she wants with a penetrated wireless network, is analyzed, demonstrating how the individual wireless hosts can be broken into, the wired side of the network assaulted, connections hijacked, traffic redirected, and the firewall separating wireless and wired sides bypassed. The Attack chapters demonstrate the real threat of a wireless network being abused by crackers and underline the statement repeated throughout the book many times: Wireless security auditing goes far beyond discovering the network and cracking WEP.

In a similar manner, wireless network hardening goes beyond WEP, MAC address filtering, and even the current 802.11i developments. The later statement would be considered blasphemy by many, but we are entitled to our opinion. As the Attack part demonstrates, the 802.11i standard is not without its flaws and there would be cases in which it cannot be fully implemented for various administrative and financial reasons. Besides, we believe that any network security should be a multilayered process without complete dependence on a single safeguard, no matter how great the safeguard is. Thus, the primary aim of the Defense part of the book is giving readers the choice. Of course, we dwell on the impressive work done by the "i" task force at mitigating the threats to which all pre-802.11i wireless LANs are exposed. Nevertheless, we spend a sufficient amount of time describing defending wireless networks at the higher protocol layers. Such defense methodologies include mutually authenticated IPSec implementations, authentication methods alternative to 802.1x, proper network design, positioning and secure gateway deployment, protocol filtering, SSL/TLS use, and ssh port forwarding. The final chapter in the book is devoted to the last (or first?) line of defense on wireless networks, namely wireless-specific intrusion detection. It demonstrates that wireless attackers are not as untraceable as they might think and gives tips on the development and deployment of affordable do-it-yourself wireless IDS systems and sensors. It also lists some well-known high-end commercial wireless IDS appliances.

Even though we have barely scratched the surface of the wireless security world, we hope that this book will be useful for you as both a wireless attack and defense guide and a reference. We hope to receive great feedback from our audience, mainly in the form of fewer insecure wireless networks in our Kismet output and new exciting wireless security tools, protocols, and methodologies showing up to make the contents of this book obsolete.

Read More Show Less

Customer Reviews

Average Rating 4.5
( 2 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted August 5, 2004

    What a great book!!

    I normally do not review books unless something unique catches my interest. This book is above unique. / What comes to mind first after reading the first couple of chapters is: / What a great book!! / I just picked it up last night and I'm already in love with it. I got this book because of the lack of information online about wireless security. Yeah, I found some stuff online but its scattered in different places or does not give a very descriptive answer to the questions I am looking for. This book answered all my questions so far and I am only at the beginning chapters!!! I cant imagine the amount of knowledge I will gain with all the chapters still left to read. / This book is a great mix between understanding how wireless security works and the tools and steps involved in penetrating/protecting your wireless network as well as explaining detailed information without going over my head. The time and effort put into this book is amazing and I strongly suggest picking it up. Wireless devices in the world are here to stay and if you want to get ahead of the game and learn the ins-and-outs of wireless security, this is not only the first step but the best step in the right direction. / I needed some type of 'Wireless Security Bible' and I found that in this book. Another great feature I like about this book are the pages. Ill explain... other computer related books have weak, thin pages. I use a highlighter while I read. Most of the time the highlighter will bleed through the page to the other side. Wi-Foo has well made pages that are much better then the normal flimsy pages of other books. I can highlight words to my hearts desire and it doesn't bleed over to the backside page. / The seriousness of wireless security is no joke and anyone who does not have the knowledge provided in this book will find themselves in no laughing matter. The author strongly explains the seriousness of these issues along with a good since of humor tied to it. Which makes it fun to read. / What a great book!! / I find most of my information online sense its widely available and free. But with wireless security I found the information online to be dry or incomplete or just to highly-technical for me to follow. Searching for hours and hours just to find answers to some of the questions I had was overwhelming. The people who put this book together are well known security experts and have many years of experience. I first heard about them at a Defcon security conference and have continuously seen there names popping up all over the place. So knowing this information is coming from people with extensive expertise and experience in this field makes it much more reliable to me then some of the information I found on the internet. Plus its all in one spot. I don't have to spend hours upon hours searching the internet to find information I am looking for. / There are so many other things that I love about this book so far and I cant wait to get home and read more of it. I found myself spending more then 7 hours straight last night reading this book and still did not want to put it down. (it was 5:00am and I had to go to bed) / What a great book!! / I just want to say Thank You to the authors and everyone else involved in making this book. / Best Book in Wireless Security... period / Mick Detroit Michigan check out: http://www.michiganwireless.org/

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted July 11, 2004

    Protecting a wireless net

    In the post dot com era, one rare shining spot has been the explosive growth of 802.11 WiFi. Almost overnight, a grassroots movement has engendered widespread adoption. But almost as quickly has come the realisation that the very wireless nature of your network can expose you to far easier evesdropping than a traditional wired network, where an intruder might have to first gain physical access. This book goes into the details of how to detect and possibly enter a wireless net, and also how to prevent this. The text makes clear that these are two sides of the same coin. To do either well, you must also learn the complementary ability. All the key buzzwords are explained. Like warwalking, warcycling and wardriving. The authors even suggest their own variant - warclimbing. This is where you ascend a tall building, and use the altitude to help search widely for nets. Various open source tools are suggested for your work. Especially sniffers! To offer more protection, the book takes you into the latest encryption standards, like AES (aka. Rijndael), and how to deploy it. They don't discuss the underlying maths, so don't worry if your discrete maths background is a little rusty!

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)