Free Hacking Wireless Networks for Dummies by Peter T. Kevin.; Davis Beaver Page A

determine the completeness and veracity of your work. Your peers can review your method, your findings, your analysis, and your conclusions, and offer constructive criticism or suggestions for improvement.
    If you find that your report is unjustly criticized, following the Ten Commandments of Ethical Hacking, should easily allow you to defend it.
    One last thing: When you find 50 things, report on 50 things. You need not include all 50 findings in the summary but you must include them in the detailed narrative. Withholding such information conveys an impression of laziness, incompetence, or an attempted manipulation of test results.
    Don’t do it.
    07_597302_ch02.qxd 8/4/05 7:26 PM Page 26
    26 Part I: Building the Foundation for Testing Wireless Networks Understanding Standards
    Okay, we’ve told you that you need to develop a testing process — here’s where we give you guidance on how to do so. We wouldn’t keep you hanging by a wire (this is, after all, a wireless book). The following standards (which we get friendly with in the upcoming sections) provide guidance on performing your test:
    ߜ ISO 17799
    ߜ COBIT
    ߜ SSE-CMM
    ߜ ISSAF
    ߜ OSSTMM
    You may find that the methodology you choose is preordained. For instance, when your organization uses COBIT, you should look to it for guidance. You don’t need to use all of these methodologies. Pick one and use it. A good place to start is with the OSSTMM.
    Using ISO 17799
    The ISO/IEC 17799 is an internationally adopted “code of practice for information security management” from the International Organization for Standardization (ISO). The international standard is based on British Standard BS-799.
    You can find information about the standard at www.iso.org.
    ISO/IEC 17799 is a framework or guideline for your ethical hack — not a true methodology — but you can use it to help you plan. The document does not specifically deal with wireless, but it does address network-access control.
    The document is a litany of best practices at a higher level than we would want for a framework for ethical hacking.
    One requirement in the document is to control access to both internal and external networked services. To cover this objective, you need to try to connect to the wireless access point and try to access any resource on the wired network.
    The document also requires that you ensure there are appropriate authentication mechanisms for users. You can test this by attempting to connect to a wireless access point (AP). When there is Open System authentication (see Chapter 16) you need not do any more work. Obviously no authentication is not appropriate authentication. APs with shared-key authentication may require you to use the tools shown in Chapter 15 to crack the key. If the AP is using WPA security, then you will need to use another tool, such as WPAcrack.
    07_597302_ch02.qxd 8/4/05 7:26 PM Page 27

Chapter 2: The Wireless Hacking Process
27
    Should the AP implement Extensible Authentication Protocol (EAP), you may need a tool such as asleap (see Chapter 16).
    Bottom line: These guidelines don’t give you a step-by-step recipe for testing, but they can help you clarify the objectives for your test.
    Using COBIT
    COBIT is an IT governance framework. Like ISO 17799, this framework will not provide you with a testing methodology, but it will provide you with the objectives for your test.
    You can find information about COBIT at www.itgi.org/.
    Using SSE-CMM
    Ever heard of the CERT? (Give you a hint: It’s not a breath mint or a candy.) It’s the Computer Emergency Response Team that’s part of the Software Engineering Institute (SEI) at Carnegie Mellon University in Pittsburgh, Pennsylvania. Well, the SEI is known for something else: It developed a number of capability maturity models (CMM) — essentially specs that can give you a handle on whether a particular system capability is up to snuff. The SEI included a CMM just for security — the Systems Security Engineering