Đây là bộ sách tiếng anh cho dân công nghệ thông tin chuyên về bảo mật,lập trình.Thích hợp cho những ai đam mê về công nghệ thông tin,tìm hiểu về bảo mật và lập trình.
• Table of Contents • Index Wi-Foo By Andrew A. Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky Publisher : Addison Wesley Pub Date : June 28, 2004 ISBN : 0-321-20217-1 Pages : 592 The definitive guide to penetrating and defending wireless networks. Straight from the field, this is the definitive guide to hacking wireless networks. Authored by world-renowned wireless security auditors, this hands-on, practical guide covers everything you need to attack or protect any wireless network. The authors introduce the 'battlefield,' exposing today's 'wide open' 802.11 wireless networks and their attackers. One step at a time, you'll master the attacker's entire arsenal of hardware and software tools: crucial knowledge for crackers and auditors alike. Next, you'll learn systematic countermeasures for building hardened wireless 'citadels''including cryptography-based techniques, authentication, wireless VPNs, intrusion detection, and more. Coverage includes: Step-by-step walkthroughs and explanations of typical attacks Building wireless hacking/auditing toolkit: detailed recommendations, ranging from discovery tools to chipsets and antennas Wardriving: network mapping and site surveying Potential weaknesses in current and emerging standards, including 802.11i, PPTP, and IPSec Implementing strong, multilayered defenses Wireless IDS: why attackers aren't as untraceable as they think Wireless hacking and the law: what's legal, what isn't If you're a hacker or security auditor, this book will get you in. If you're a netadmin, sysadmin, consultant, or home user, it will keep everyone else out. • Table of Contents • Index Wi-Foo By Andrew A. Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky Publisher : Addison Wesley Pub Date : June 28, 2004 ISBN : 0-321-20217-1 Pages : 592 Copyright Acknowledgments About the Authors Introduction Why Does Wi-Foo Exist and for Whom Did We Write It? What About the Funky Name? How This Book Is Organized Chapter 1. Real World Wireless Security Why Do We Concentrate on 802.11 Security? Getting a Grip on Reality: Wide Open 802.11 Networks Around Us The Future of 802.11 Security: Is It as Bright as It Seems? Summary Chapter 2. Under Siege Why Are "They" After Your Wireless Network? Wireless Crackers: Who Are They? Corporations, Small Companies, and Home Users: Targets Acquired Target Yourself: Penetration Testing as Your First Line of Defense Summary Chapter 3. Putting the Gear Together: 802.11 Hardware PDAs Versus Laptops PCMCIA and CF Wireless Cards Antennas RF Amplifiers RF Cables and Connectors Summary Chapter 4. Making the Engine Run: 802.11 Drivers and Utilities Operating System, Open Source, and Closed Source The Engine: Chipsets, Drivers, and Commands Getting Used to Efficient Wireless Interface Configuration Summary Chapter 5. Learning to WarDrive: Network Mapping and Site Surveying Active Scanning in Wireless Network Discovery Monitor Mode Network Discovery and Traffic Analysis Tools Tools That Use the iwlist scan Command RF Signal Strength Monitoring Tools Summary Chapter 6. Assembling the Arsenal: Tools of the Trade Encryption Cracking Tools Wireless Frame-Generating Tools Wireless Encrypted Traffic Injection Tools: Wepwedgie Access Point Management Utilities Summary Chapter 7. Planning the Attack The "Rig" Network Footprinting Site Survey Considerations and Planning Proper Attack Timing and Battery Power Preservation Stealth Issues in Wireless Penetration Testing An Attack Sequence Walk-Through Summary Chapter 8. Breaking Through The Easiest Way to Get in A Short Fence to Climb: Bypassing Closed ESSIDs, MAC, and Protocols Filtering Picking a Trivial Lock: Various Means of Cracking WEP Picking the Trivial Lock in a Less Trivial Way: Injecting Traffic to Accelerate WEP Cracking Field Observations in WEP Cracking Cracking TKIP: The New Menace The Frame of Deception: Wireless Man-in-the-Middle Attacks and Rogue Access Points Deployment Breaking the Secure Safe The Last Resort: Wireless DoS Attacks Summary Chapter 9. Looting and Pillaging: The Enemy Inside Step 1: Analyze the Network Traffic Step 2: Associate to WLAN and Detect Sniffers Step 3: Identify the Hosts Present and Perform Passive Operating System Fingerprinting Step 4: Scan and Exploit Vulnerable Hosts on WLAN Step 5: Take the Attack to the Wired Side Step 6: Check Wireless-to-Wired Gateway Egress Filtering Rules Summary Chapter 10. Building the Citadel: An Introduction to Wireless LAN Defense Wireless Security Policy: The Cornerstone Layer 1 Wireless Security Basics The Usefulness of WEP, Closed ESSIDs, MAC Filtering, and SSH Port Forwarding Secure Wireless Network Positioning and VLANs Deploying a Linux-Based, Custom-Built Hardened Wireless Gateway Proprietary Improvements to WEP and WEP Usage 802.11i Wireless Security Standard and WPA: The New Hope Summary Chapter 11. Introduction to Applied Cryptography: Symmetric Ciphers Introduction to Applied Cryptography and Steganography Modern-Day Cipher Structure and Operation Modes Bit by Bit: Streaming Ciphers and Wireless Security The Quest for AES Between DES and AES: Common Ciphers of the Transition Period Selecting a Symmetric Cipher for Your Networking or Programming Needs Summary Chapter 12. Cryptographic Data Integrity Protection, Key Exchange, and User Authentication Mechanisms Cryptographic Hash Functions Dissecting an Example Standard One-Way Hash Function Hash Functions, Their Performance, and HMACs Asymmetric Cryptography: A Different Animal Summary Chapter 13. The Fortress Gates: User Authentication in Wireless Security RADIUS Installation of FreeRADIUS User Accounting RADIUS Vulnerabilities RADIUS-Related Tools 802.1x: The Gates to Your Wireless Fortress LDAP NoCat: An Alternative Method of Wireless User Authentication Summary Chapter 14. Guarding the Airwaves: Deploying Higher-Layer Wireless VPNs Why You Might Want to Deploy a VPN VPN Topologies Review: The Wireless Perspective Common VPN and Tunneling Protocols Alternative VPN Implementations The Main Player in the Field: IPSec Protocols, Operations, and Modes Overview Deploying Affordable IPSec VPNs with FreeS/WAN Summary Chapter 15. Counterintelligence: Wireless IDS Systems Categorizing Suspicious Events on WLANs Examples and Analysis of Common Wireless Attack Signatures Radars Up! Deploying a Wireless IDS Solution for Your WLAN Summary Afterword Appendix A. DecibelWatts Conversion Table Appendix B. 802.11 Wireless Equipment Appendix C. Antenna Irradiation Patterns Omni-Directionals: Semi-Directionals: Highly-directionals Appendix D. Wireless Utilities Manpages Section 1. Iwconfig Section 2. Iwpriv Section 3. Iwlist Section 4. Wicontrol Section 5. Ancontrol Appendix E. Signal Loss for Obstacle Types Appendix F. Warchalking Signs Original Signs Proposed New Signs Appendix G. Wireless Penetration Testing Template Arhont Ltd Wireless Network Security and Stability Audit Checklist Template Section 1. Reasons for an audit Section 2. Preliminary investigations Section 3. Wireless site survey Section 4. Network security features present Section 5. Network problems / anomalies detected Section 6. Wireless penetration testing procedure Section 7. Final recommendations Appendix H. Default SSIDs for Several Common 802.11 Products Glossary Index Copyright Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and Addison-Wesley was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. The publisher offers discounts on this book when ordered in quantity for bulk purchases and special sales. For more information, please contact: U.S. Corporate and Government Sales (800) 382-3419 corpsales@pearsontechgroup.com For sales outside of the U.S., please contact: International Sales (317) 581-3793 international@pearsontechgroup.com Visit Addison-Wesley on the Web: www.awprofessional.com Copyright © 2004 by Pearson Education, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher. Printed in the United States of America. Published simultaneously in Canada. For information on obtaining permission for use of material from this work, please submit a written request to: Pearson Education, Inc. Rights and Contracts Department 75 Arlington Street, Suite 300 Boston, MA 02116 Fax: (617) 848-7047 Text printed on recycled paper 1 2 3 4 5 6 7 8 9 10 0807060504 First printing, June 2004 Library of Congress Cataloging-in-Publication Data Acknowledgments The authors would like to express their gratitude to All packets in the air Our family, friends, and each other The Open Source Community, GNU, and all the wireless hackers for providing tools and information All the other people who were involved with the project and made it possible About the Authors The authors have been active participants in the IT security community for many years and are security testers for leading wireless equipment vendors. Andrew A. Vladimirov leads the wireless consultancy division at Arhont Ltd, one of the UK's leading security consultants. He was one of the UK's first IT professionals to obtain the coveted CWNA wireless certification. Konstantin V. Gavrilenko co-founded Arhont Ltd. He has more than 12 years of IT and security experience, and his expertise includes wireless security, firewalls, cryptography, VPNs, and IDS. Andrei A. Mikhailovsky has more than a decade of networking and security experience and has contributed extensively to Arhont's security research papers. [...]... harden the wireless network If you decide (or are required) to tackle wireless security problems yourself, we hope that the defense section of the book will be your lifeline If the network and company happen to be yours, it might even save you a lot of cash (hint: open source) If you are a security consultant working within the wireless security field or expanding your skills from the wired to the wireless. .. such recommendation: the chipset, radio frequency transceiver characteristics, antenna properties, availability of the driver source code, and so on The discussion of standard wireless configuration utilities such as Linux Wireless Tools is set to get the most out of these tools security-wise and flows into the description of wireless penetration testing-specific software Just like the hardware discussion... you might find a lack of structure in the on-line information and lack of practical recommendations (down to the command line and configuration files) in the currently available literature; this book will fill the vacuum The most prestigious and essential certification in the wireless security area at the time of writing is the Certified Wireless Security Professional (CWSP; see the "Certifications"... Obviously, 802.11 -Foo would be a more technically correct name for the book (not every 802.11 device is wireless fidelity-certified) but, admit it, Wi- Foo sounds better :) To comment on the "hacking" part of the title, in the Western world there are two sides constantly arguing about the meaning of this term Whereas the popular media and the public opinion it fosters identify "hacking" with breaking systems... deep the rabbit hole goes." You will, hopefully, understand what is possible to do securitywise with the wireless network and what isn't; what is considered to be legal and what crosses the line In the second, defense-oriented section of the book, you will see that, despite all the limitations of wireless security, an attacker can be successfully traced and caught At the same time, we hope that you will... safeguard, no matter how great the safeguard is Thus, the primary aim of the Defense part of the book is giving readers the choice Of course, we dwell on the impressive work done by the "i" task force at mitigating the threats to which all pre-802.11i wireless LANs are exposed Nevertheless, we spend a sufficient amount of time describing defending wireless networks at the higher protocol layers Such... circumvent with a bit of patience, it is not surprising that security remains the major concern restricting the spread and use of wireless technology around the world At the same time, there are efficient wireless security solutions available, including powerful and affordable free and Open Source-based wireless safeguards that we describe in the second part of this book Unfortunately, very few wireless. .. of wireless networks in the modern world, with 802.11 networks taking the medium circle Figure 1.1 An overview of modern wireless networks As shown, we tend to use the term 802.11 wireless network rather than 802.11 LAN This particular technology dissolves the margin between local and wide area connectivity: 802.11b point-to-point links can reach beyond 50 miles in distance, efficiently becoming wireless. .. perform wireless penetration testing on an almost daily basis and we hope that our experience will give you a good jump start on practical wireless security assessment and further network hardening If you are a curious individual who just got a PCMCIA card and a copy of the Netstumbler, we hope that this book will teach you about real wireless security and show, in the words of one of the main heroes of The. .. don't have the time or capability to stop a sophisticated wireless cracker even with the knowledge gained from this book, you need to apply to the specialized wireless security firms to investigate and remove the threat Unfortunately, because 802.11 security is a hot topic, there are plenty of self-professed "wireless security consultants" with Windows XP Home Edition laptops and a copy of Netstumbler . using Wi- Foo as a reference. This part begins with a rather nontechnical discussion outlining the wireless security situation in the real world, types of wireless. TKIP: The New Menace The Frame of Deception: Wireless Man-in -the- Middle Attacks and Rogue Access Points Deployment Breaking the Secure Safe The