Free Hacking Wireless Networks for Dummies by Peter T. Kevin.; Davis Beaver Page B

CMM
    (SSE-CMM for short). Now, the SSE-CMM won’t lay out a detailed method of ethical hacking, but it can provide a framework that will steer you right. The SSE-CMM can help you develop a scorecard for your organization that can measure security effectiveness.
    You can find out about SSE-CMM at www.sei.cmu.edu/.
    The Computer Emergency Response team also sends out security alerts and advisories. The CERT has a methodology as well — OCTAVE. OCTAVE stands for Operationally Critical Threat, Asset, and Vulnerability Evaluation. You can use OCTAVE as a methodology to build a team, identify threats, quantify vulnerabilities, and develop an action plan to deal with them.
    You can find OCTAVE at www.cert.org/octave.
    Using ISSAF
    The Open Information System Security Group (www.oissg.org) has published the Information Systems Security Assessment Framework (ISSAF).
    Developed as an initiative by information-security professionals, the ISSAF is a practical tool — a comprehensive framework you can use to assess how 07_597302_ch02.qxd 8/4/05 7:26 PM Page 28
    28 Part I: Building the Foundation for Testing Wireless Networks your security effectiveness. It’s an excellent resource to use as you devise your test. (Draft 0.1 has, in fact, 23 pages on WLAN security assessment.) The ISSAF details a process that includes the following steps: 1. Information gathering
    a. Scan
    b. Audit
    2. Analysis and research
    3. Exploit and attack
    4. Reporting and presentation
    These steps correspond to our Ten Commandments of Ethical Hacking. For each of the steps just given, the document identifies appropriate tasks and tools. For example, the scanning step lists the following tasks: ߜ Detect and identify the wireless network
    ߜ Test for channels and ESSID
    ߜ Test the beacon broadcast frame and recording of broadcast information ߜ Test for rogue access points from outside the facility ߜ IP address collection of access points and clients
    ߜ MAC address collection of access points and clients
    ߜ Detect and identify the wireless network
    The document recommends you use programs such as Kismet, nmap, and ethereal as tools for Step 1.
    You also will find information in the document on the software you can use and the equipment you will need to build or acquire to do your assessment of your organization’s wireless-security posture.
    The document we reviewed was a beta version, but it shows promise and is worth watching. You can find the ISSAF at www.oissg.org/issaf.
    Using OSSTMM
    We do recommend you take a long and hard look at the OSSTMM — the Open Source Security Testing Methodology Manual (www.osstmm.org). The Institute for Security and Open Methodologies (ISECOM), an open-source collaborative 07_597302_ch02.qxd 8/4/05 7:26 PM Page 29

Chapter 2: The Wireless Hacking Process
29
    community, developed the OSSTMM’s methods and goals much along the lines of the ISSAF: as a peer-review methodology. Now available as version 3.0, the OSSTMM has been available since January 2001 and is more mature than the ISSAF.
    You’ll find that the OSSTMM gathers the best practices, standard legal issues, and core ethical concerns of the global security-testing community — but this document also serves another purpose: consistent definition of terms.
    The document provides a glossary that helps sort out the nuances of vulnerability scanning, security scanning, penetration testing, risk assessment, security auditing, ethical hacking, and security hacking. The document also defines white-hat, gray-hat, and black-hat hackers, so that by their metaphori-cal hats ye shall know them. But even more importantly (from your viewpoint as an ethical-hacker-to-be), it provides testing methodologies for wireless security, distilled in the following bullets:
    ߜ Posture review: General review of best practices, the organization’s industry regulations, the organization’s business justifications, the organization’s security policy, and the legal issues for the