Wi-Foo: The Secrets of Wireless Hacking

I was recently given the book Wi-Foo, The Secrets of Wireless Hacking as a present for my birthday, and I have been reading it extensively for the past few days. I have been involved with wireless security for a few years now, giving security talks to members of my community and helping out friends and family stay secure while enjoying the wonderful advantages of wireless computing. Over the past couple of years, I have slowly built up a small reference library of books related to wireless technologies and security. I even got involved in a small antenna building hobby which enabled me to better understand some of the ways RF works. Upon reading the first few chapters of this book, I realized that this tome was different. The information contained within its pages wasn't a re-hashed compendium of information that could potentially be gathered across the internet and spoon-fed to the reader. In this case, the author brings us along as the many vulnerabilities of wireless computing are brought forward, how those vulnerabilities are exploited by nefarious individuals, and the ever-expanding variety of tools availble to assist in exploiting these vulnerabilities are described. Don't get the wrong idea here; this isn't the run-of-the-mill Howto put together from various information sources freely available on the internet. The authors take painstaking efforts to explain how the various wireless encryption/security options, such as WEP, WPA, LEAP, TKIP, PSK, etc, work, and how they can be defeated. The tools are not only defined, but described in relation to how they leverage and exploit the vulnerabilities and why they work. The information within is fresh and very comprehensive. While extensive in its depth, I still believe that this is an ideal book for anyone, from beginner to expert, who has a desire to better understand wireless computing technologies, its advantages and disadvantages, and how to protect oneself from evil-doers, out to take advantage of the stealth that wireless provides.

Be scared when i tell you that as large as this book is, not one page is wasted. With the help of this book, i went from knowing very little about wireless security( and wireless networks in general), to knowing a lot. To top it off, i know i missed a great deal of information, and could probably read the book a second or third time... maybe then i would have gathered all of the material in it. As a plus, if you are unclear about something in the book, the forum is a great place. I recieved some answers to my own problems on the forum. As well as some good tips as to which wireless cards i will pick up in the future. Honestly, i've been through a lot of computer books, but none kept my attention better, or inspired me more than this one.

This is at least the fifth wireless book that I have read and it is the best. There is a bit of arrogance, a tendancy to put down other security experts, but if you can look past that you have a great book. It assumes a willingness to read technical material and sometimes, to be honest, I got lost in the cryptographic explanations. I rate it five stars because this is a book about how to do things and I was able to follow along, it is just one step down from a true cookbook. And I learned a lot and thank the authors for that, if you are responsible for wireless assessment, this is hands down the best book I have seen on the subject by some real "been there, done that" folks.

'Wi-Foo' is the wireless book the security community needs. The book mixes theory, tools, and techniques in a manner helpful to those on the offensive or defensive side of the wireless equation. After reading 'Wi-Foo,' I'm glad I didn't try to cover similar topics in my 'Tao of Network Security Monitoring' -- these authors have written the definitive wireless 'hacking' text. Several aspects of 'Wi-Foo' make the book a winner. First, with the exception of crypto topics in chapters 11 and 12, they tend to defer to previously published works rather than rehash old topics. For example, rather than exhaustively explain 802.11i, they refer readers to 'Real 802.11 Security,' an excellent defense-oriented wireless book. 'Wi-Foo' also assumes readers are familiar with TCP/IP and system administration, leaving out potentially redundant material. Second, the authors demonstrate the degree to which they are plugged in to the wireless hacking community. They discuss developments from security conventions like Def Con, and explain tools and techniques not yet released (at time of writing) from the 'underground.' The number of tools explained by 'Wi-Foo' well exceeds that found in other wireless books, and the authors clearly explain why they prefer certain tools and discard others. This 'use what works' mentality is pervasive and effective, and I was very glad to see BSD tools featured along with the usual Linux suspects. I was particularly impressed by ch 9, where readers learn what to do next after compromising a wireless network. Other books stop at 'cracking WEP,' for example. Ch 4 and 7 also give the best advice I've seen on different aspects of wireless hardware, on a chipset-comparison level. Finally, the authors complement their advice on wireless vulnerability assessment and penetration testing with sound defensive strategies. Ch 13 explains how to combine FreeRADIUS, open1x, and OpenLDAP to make an open source wireless authentication system. NoCat is discussed as an alternative. I was very happy to see an entire chapter on wireless IDS, especially the layer-based requirements listing. This serves as a good guide when checking the capabilities of commercial wireless IDS products. The only drawback I see to 'Wi-Foo' is the inclusion of two chapters on crypto (ch 11 and 12). I would have preferred the authors to refer readers elsewhere, perhaps to a book like 'Cryptography Decrypted' or a heavier tome by Schneier or the like. I also noticed slightly rough English in some places, but these did not bother me like other books I've reviewed. Overall, 'Wi-Foo' is the best book available for wireless assessment teams, explaining tools in an exceptional manner and smashing myths behind which security administrators hide. (Think your wireless network doesn't produce enough packets for WEP to be cracked? Read ch 8.) I'm adding 'Wi-Foo' to my 'Weapons and Tactics' Listmania List, and I recommend readers add this surprise hit to their bookshelves.