REVIEW: "Hacking Wireless Networks for Dummies", Kevin Beaver/Peter T. Davis
- BKHKWNFD.RVW 20070930
"Hacking Wireless Networks for Dummies", Kevin Beaver/Peter T. Davis,
2005, 0-7645-9730-2, U$24.99/C$31.99/UK#15.99
%A Kevin Beaver kbeaver@...
%A Peter T. Davis
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$24.99/C$31.99/UK#15.99 416-236-4433 fax: 416-236-4448
%O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 362 p.
%T "Hacking Wireless Networks for Dummies"
In the introduction, the authors state that the purpose of the book is
to teach the reader, presumably a network administrator, how to test
for vulnerabilities in wireless local area networks (WLANs, otherwise
known as Wi-Fi), in order that the loopholes may be patched. In other
words, another "hack to protect" text.
Part one is a foundation for the testing of WLANs, with chapter one
being an introduction to the penetration of wireless networks. (This
seems to boil down to the fact that you are at risk if you allow
unmanaged additions to your network.) Although it is entitled "The
Wireless Hacking Process," chapter two actually just lists ten
commandments for ethical hacking, and a few general security
frameworks documents. Some tools for network discovery are noted in
chapter three. Some hardware and software items are described
(sometimes in terms of installation) in chapter four. The authors
aren't clear about why VMware and Linux are included.
Part two turns to some common Wi-Fi assessment programs. Chapter five
discusses the human factors leading to insecurity, and recommends
users be made aware of certain principles. "Containing the Airwaves,"
in chapter six, examines signal strength and antenna design, but also
enumerates a range of access card settings (under Linux). Utilities
for determining the availability for various network services are
catalogued in chapter seven. Instruments for determining settings and
passwords are mentioned in chapter eight. Chapter nine describes
Advanced intrusion activities are in part three. Kismet and
MiniStumbler are outlined in chapter ten. Chapter eleven notes ways
to find out about unauthorized nodes associated with your network.
Some basic types of network attacks, and advice on the resources
necessary to perform them, are in chapter twelve. Somewhat more
specialized, chapter thirteen lists various denial of service (DoS)
attacks. Chapter fourteen reviews a number of programs for cracking
keys for the original WEP (Wired Equivalent Privacy) implementation.
As something of a standout in the book, there are also useful
suggestions for increasing confidentiality by using alternative
encryption protocols. Chapter fifteen has a fairly brief overview of
diverse means of authentication.
Part four is the mandatory ("... for Dummies") part of tens, with a
listing of ten necessary tools, ten mistakes in testing wireless
security, and ten tips for following up on assessments.
While numerous vulnerabilities and poor practices are noted, advice on
countermeasures and controls gets less space. In many cases the
suggested safeguard is limited to "do some more research on your own."
The material is possibly interesting, but not directly helpful to the
network security administrator without further work and study.
copyright Robert M. Slade, 2007 BKHKWNFD.RVW 20070930
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Woe to those who enact evil statutes, and to those who
continually record unjust decisions, so as to deprive the needy
of justice, and rob the poor of My people of their rights... Now
what will you do in the day of punishment, and in the devastation
which will come from afar? - Isaiah 10: 1-3