Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Hacking Wireless Networks for Dummies", Kevin Beaver/

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Hacking Wireless Networks for Dummies", Kevin Beaver/Peter T. Davis
Date: Thu, 03 Jan 2008 14:07:06 -0800 
BKHKWNFD.RVW   20070930

"Hacking Wireless Networks for Dummies", Kevin Beaver/Peter T. Davis,
2005, 0-7645-9730-2, U$24.99/C$31.99/UK#15.99
%A   Kevin Beaver kbeaver@principlelogic.com
%A   Peter T. Davis
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2005
%G   0-7645-9730-2
%I   John Wiley & Sons, Inc.
%O   U$24.99/C$31.99/UK#15.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0764597302/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0764597302/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0764597302/robsladesin03-20
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   362 p.
%T   "Hacking Wireless Networks for Dummies"

In the introduction, the authors state that the purpose of the book is
to teach the reader, presumably a network administrator, how to test
for vulnerabilities in wireless local area networks (WLANs, otherwise
known as Wi-Fi), in order that the loopholes may be patched.  In other
words, another "hack to protect" text.

Part one is a foundation for the testing of WLANs, with chapter one
being an introduction to the penetration of wireless networks.  (This
seems to boil down to the fact that you are at risk if you allow
unmanaged additions to your network.)  Although it is entitled "The
Wireless Hacking Process," chapter two actually just lists ten
commandments for ethical hacking, and a few general security
frameworks documents.  Some tools for network discovery are noted in
chapter three.  Some hardware and software items are described
(sometimes in terms of installation) in chapter four.  The authors
aren't clear about why VMware and Linux are included.

Part two turns to some common Wi-Fi assessment programs.  Chapter five
discusses the human factors leading to insecurity, and recommends
users be made aware of certain principles.  "Containing the Airwaves,"
in chapter six, examines signal strength and antenna design, but also
enumerates a range of access card settings (under Linux).  Utilities
for determining the availability for various network services are
catalogued in chapter seven.  Instruments for determining settings and
passwords are mentioned in chapter eight.  Chapter nine describes
NetStumbler.

Advanced intrusion activities are in part three.  Kismet and
MiniStumbler are outlined in chapter ten.  Chapter eleven notes ways
to find out about unauthorized nodes associated with your network. 
Some basic types of network attacks, and advice on the resources
necessary to perform them, are in chapter twelve.  Somewhat more
specialized, chapter thirteen lists various denial of service (DoS)
attacks.  Chapter fourteen reviews a number of programs for cracking
keys for the original WEP (Wired Equivalent Privacy) implementation. 
As something of a standout in the book, there are also useful
suggestions for increasing confidentiality by using alternative
encryption protocols.  Chapter fifteen has a fairly brief overview of
diverse means of authentication.

Part four is the mandatory ("... for Dummies") part of tens, with a
listing of ten necessary tools, ten mistakes in testing wireless
security, and ten tips for following up on assessments.

While numerous vulnerabilities and poor practices are noted, advice on
countermeasures and controls gets less space.  In many cases the
suggested safeguard is limited to "do some more research on your own." 
The material is possibly interesting, but not directly helpful to the
network security administrator without further work and study.

copyright Robert M. Slade, 2007   BKHKWNFD.RVW   20070930


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
Woe to those who enact evil statutes, and to those who
continually record unjust decisions, so as to deprive the needy
of justice, and rob the poor of My people of their rights... Now
what will you do in the day of punishment, and in the devastation
which will come from afar?                          - Isaiah 10: 1-3
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Hacking Wireless Networks for Dummies", Kevin Beaver/Peter T. Davis, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Date:  [CISSP-D] REVIEW: "Virtual Honeypots", Niels Provos/Thorsten Holz, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Thread:  [CISSP-D] REVIEW: "Virtual Honeypots", Niels Provos/Thorsten Holz, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]