I always say you've got to have the right tools to do a good job of looking for and exploiting security holes. This is especially true for wireless networks where tools (and the proper hardware configuration to run them on) are harder to come by than run-of-the-mill Windows security tools. Acquiring the right tools is the first and most important step in testing your wireless security.
For starters, you need good wireless cards -- not one but two, maybe three. The reason is that different tools require -- or at least work better with -- specific wireless chipsets. I've had good luck with the old Orinoco Gold card as well as the Netgear WAG511v2. Refer to your tool documentation for the best fit. Another good thing to look for is a card that has an external antenna connector for hooking up a
As far as wireless security testing software goes, I recommend the following:
quickly identifies basic wireless devices that will respond to an "anybody out there?" request.
- Kismet roots out wireless devices
that have their SSIDs hidden or otherwise won't respond to basic NetStumbler probes. If you're not
into Linux or don't want to spend hours if not days setting up your wireless card drives in Linux,
you can run Kismet directly from the BackTrack
- Aircrack is for WEP and WPA pre-shared key
- FakeAP on the BackTrack Live CD mimics a legitimate access point and sets up an evil twin attack to see how your users carelessly connect to any old access point.
- AiroPeek wireless network
analyzer to quickly and easily capture packets, look for top talkers, discover rogue systems, and
- AirMagnet Laptop Analyzer, among
many other things, has a nifty signal strength meter for determining how close or far away a
wireless device is when you're walking around trying to locate it.
- Network Chemistry RFprotect Mobile
is a full-featured and simple-to-use option to capture packets, locate legitimate and rogue
devices, monitor signal strength and more.
- CommView WiFi is for low-cost packet capturing, packet generation and more.
Don't overlook the fact that wireless security testing doesn't just involve access points, laptops and the 802.11 protocol. Wireless is merely an entry point into your network -- not necessarily a standalone entity to test. Once you're able to obtain wireless network connectivity via MAC address spoofing, WEP/WPA cracking or whatever, you still have a ways to go poking around your Windows environment and testing Web applications, databases and so on. For a list of recommended tools, check out the Top 15 security tools for testing Windows.
That said, know that you're not going to find all wireless security vulnerabilities with tools alone. Knowledge of how wireless networks work combined with general networking, OS and security experience are all equally important.
Wireless network security testing
Step 1: Build your arsenal of tools
Step 2: Search for weaknesses
Step 3: Dig in deep to demonstrate the threat
ABOUT THE AUTHOR: Kevin Beaver is an independent information security consultant and
expert witness with Atlanta-based Principle Logic,
LLC. He has more than 18 years of experience in IT and specializes in performing information
security assessments revolving around compliance and IT governance. Kevin has authored/co-authored
six books including Hacking
For Dummies, Hacking
Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by
Wiley), as well as The Practical Guide to
HIPAA Privacy and Security Compliance (Auerbach). He can be reached at firstname.lastname@example.org..
Copyright 2006 TechTarget
This was first published in September 2006