Hacking Exposed Wireless: Wireless Security Secrets & Solutions

Hacking Exposed Wireless is built on the same template as the other excellent books in the Hacking Exposed series. I find the book very informative, and I'll keep it close, when I'll perform WiFi testing on the corporate network. The Attack and Countermeasure sections in the chapters of the Hacking Exposed series, are one of the things I really like about books. They give you a good overview about the risks involved - and how to test and mitigate these risks. The book consists of 11 chapters grouped in 3 sections: I) Overview, II) Hacking 802.11 Wireless Technologies and III) Hacking additional Wireless Technologies. 1. Section I - Overview. * Chapter 1 gives you the fundamentals to Wireless technology and describes the common security problems. * Chapter 2 is quite techie with some use of math for explaining how to calculate effect, antennas etc. 2. Section II - Hacking 802.11 Wireless Technologies. This section explains from the basics of Wireless security to the more advanced and well protected implementations of Wireless security. * Chapter 3 is a quite comprehensive guide to the history of the 802.11 protocol, and with that information, you are well equipped to go on to the following chapters. The description of the protocol is vital to understand how the vulnerabilities work. * Chapter 4 is the description of how to discover and map wireless networks. * Scanning and enumeration is the next step, and in Chapter 5 all the vital features are covered. * Attacking `WEP secured WiFi networks' is covered in chapter 6, and I must say, I found this information useful. Having already done some pentesting on WEP secured Access Points (AP), I found the explanations and examples very interesting, and I'm going to try out some of the techniques explained here, next time I have an AP to test. * WPA and WPA2 are normally considered to be pretty safe, if you choose the right password. But still the techniques described of how to deal with wireless enterprise setups, surprised me, and they should be taken in consideration, when documenting the risks in the corporate wireless network. * Deploying security as described in chapter 8 covers the finer art of securing your wireless network. 3. Section III - Hacking additional Wireless Technologies * A few acquaintances of mine have bragging about how weak the security is on hotels - and how they got free internet during their stay. Chapter 9 covers many of the weaknesses of public AP's like the ones in hotels, airports etc. * The Bluetooth attack on a Mac from chapter 10 was quite new to me. I haven't done much in relation to Bluetooth. I have been aware of the fact, there is a risk involved with opening a Bluetooth connection in the public, but not that it could be exploited like that. It was a kind of eye-opener for me. * The advanced attacks in chapter 11 are some of the issues I'll pay some attention next time I am to test a network. Especially the attacks that can be launched from Metasploit 3.0 so

Maybe it's just me, but it seems like the Hacking Exposed series was in an extended hiatus. It has emerged with a vengeance. Hacking Exposed - Wireless is just one of a series of new Hacking Exposed books and there are more to come throughout the coming months. While it has been a while since there were new Hacking Exposed books, it seems like it has been even longer since we have had a new book on wireless network security. A topic as rapidly changing and evolving as wireless network technology and security needs updates and new contributions frequently to keep readers informed. Cache and Liu do a respectable job of bringing the latest and greatest wireless attacks and security measures to the reader. The first chunk of the book- the first 3 chapters- are dedicated to providing a sort of overview of wireless technology and the history or evolution of network communication via RF, but then the book gets down to business. The authors discuss how to enumerate and identify targets, and how to attack wireless networks, including ways to attack networks 'protected' with WPA encryption. Further into the book, they also provide coverage of wireless security in public hotspots, and a chapter on Bluetooth security. Hacking Exposed - Wireless covers how attackers use various tools such as Kismet or Airopeek to identify vulnerable wireless networks, and how the Metasploit 3.0 Framework can be used to exploit and attack wireless networks. It also discusses packet injection and DoS (denial-of-service attacks). Overall, I think the book covers the information well. It provides a good amount of detail about the flaws and weaknesses of wireless networking that can be exploited, and also instructs the reader on security countermeasures to defend against such attacks. Being the most current available also makes this book a must read.

When I read and reviewed Wi-Foo: The Secrets of Wireless Hacking three years ago, I was really impressed. Wi-Foo is obviously showing its age now, but a second edition is in the works. I was excited to see Hacking Exposed: Wireless (HE:W), green cover and all, because I hoped it would be just as good as Wi-Foo but covering newer topics. Overall I think the next Wi-Foo will be better than HE:W, but HE:W is currently the most up-to-date book on wireless security available. Most readers can avoid the first 60 pages or so of HE:W. It seems the different authors wrote the first two chapters, and I doubt most of us need radio, cryptography, and other history lessons. This is supposed to be a Hacking Exposed book, which should mean introducing technologies with a security spin and hands-on exercises from the first page onward. If you want to really understand wireless, read 802.11 Wireless Networks: The Definitive Guide, 2nd Ed by Matthew S Gast, which was my 2006 book of the year. HE:W begins to be interesting on p 61 with a discussion of "802.11 Packet Types." From this point forward the authors share many unique insights which are either obscure or not well covered elsewhere. I appreciated reading items like the fact that all access points on a channel should honor frames with CTS bits set -- even if the APs belong to different enterprises. Chapter 6 offered great insights on wireless zero configuration in Windows. The authors also demonstrate a powerful ability to explain the workings of various complex security technologies and their weaknesses, e.g., PEAP certificate failure attacks in chapter 7. Chapter 10 offered a story similar to that found in Syngress' Stealing the Network series, where an obsessed hacker exploits Bluetooth on a woman's Mac laptop. I recommend reading HE:W if you want a modern treatment of wireless security issues. The authors cover many aspects of up-to-date features and weaknesses of wireless technologies, although the focus is mostly 802.11. While I liked the story in chapter 10, I would have also enjoyed reading more traditional HE coverage of Bluetooth outside the story format. Overall I think Wi-Foo II (arriving in November) will be the book to beat. If you can't wait that long, I recommend reading HE:W.