Hacking Wireless Networks for Dummies

Free Hacking Wireless Networks for Dummies by Peter T. Kevin.; Davis Beaver

Book: Hacking Wireless Networks for Dummies by Peter T. Kevin.; Davis Beaver Read Free Book Online
Authors: Peter T. Kevin.; Davis Beaver
Tags: Team DDU
commandment, we don’t mean that you necessarily have to follow every single step of the scientific process, but rather that you adopt some of its principles in your work. Adopting a quasi-scientific process provides some structure and prevents undue chaos (of the sort that can result from a random-walk through your networks).
    For our purposes, the scientific process has three steps: 1. Select a goal and develop your plan.
    2. Test your networks and systems to address your goals.
    3. Persuade your organization to acknowledge your work.
    We address the first two steps in previous commandments, so let’s look at the third step here. Your work should garner greater acceptance when you adopt an empirical method. An empirical method has the following attributes: ߜ Set quantifiable goals: The essence of selecting a goal (such as capturing the flag) is that you know when you’ve reached it. You either possess the flag or you don’t. Pick a goal that you can quantify: associating with ten access points, broken encryption keys or a file from an internal server.
    Time-quantifiable goals, such as testing your systems to see how they stand up to three days of concerted attack, are also good.
    ߜ Tests are consistent and repeatable: If you scan your network twice and get different results each time, this is not consistent. You must provide an explanation for the inconsistency, or the test is invalid. If we repeat your test, will we get the same results? When a test is repeatable or replicable, you can conclude confidently that the same result will occur no matter how many times you replicate it.
    ߜ Tests are valid beyond the “now” time frame: When your results are true, your organization will receive your tests with more enthusiasm if you’ve addressed a persistent or permanent problem, rather than a tem-porary or transitory problem.
    Thou shalt not covet thy neighbor’s tools
    No matter how many tools you may have, you will discover new ones. Wireless hacking tools are rife on the Internet — and more are coming out all the time.
    The temptation to grab them all is fierce. Take, for instance, “wardriving” tools.
    07_597302_ch02.qxd 8/4/05 7:26 PM Page 25

Chapter 2: The Wireless Hacking Process
25
    Early on, your choices of software to use for this “fascinating hobby” were limited. You could download and use Network Stumbler, commonly called NetStumbler, on a Windows platform, or you could use Kismet on Linux. But these days, you have many more choices: Aerosol, Airosniff, Airscanner, APsniff, BSD-Airtools, dstumbler, Gwireless, iStumbler, KisMAC, MacStumbler, MiniStumbler, Mognet, PocketWarrior, pocketWiNc, THC-RUT, THC-Scan, THC-WarDrive, Radiate, WarLinux, Wellenreiter WiStumbler, and Wlandump, to name a few. And those are just the free ones. You also could purchase AirMagnet, Airopeek, Air Sniffer, AP Scanner, NetChaser, Sniff-em, Sniffer Wireless . . . Well you get the idea. Should you have unlimited time and budget, you could use all these tools. But we suggest you pick one tool and stick with it. (We give you a closer look at some from this list in Chapters 9 and 10.) Thou shalt report all thy findings
    Should the duration of your test extend beyond a week, you should provide weekly progress updates. People get nervous when they know someone is attempting to break into their networks or systems — and they don’t hear from the people who’ve been authorized to do so.
    You should plan to report any high-risk vulnerabilities discovered during testing as soon as they are found. These include
    ߜ discovered breaches
    ߜ vulnerabilities with known — and high — exploitation rates ߜ vulnerabilities that are exploitable for full, unmonitored, or untraceable access
    ߜ vulnerabilities that may put immediate lives at risk
    You don’t want someone to exploit a weakness that you knew about and intended to report. This will not make you popular with anyone.
    Your report is one way for your organization to

Similar Books

Dragon

Finley Aaron

INK: Fine Lines (Book 1)

Bella Roccaforte

Show Time

Suzanne Trauth

Treasure of the Deep

Aiden James, J. R. Rain