Wi-Foo: The Secrets of Wireless Hacking
by Andrei A. Mikhailovsky, Andrew Vladimirov, Konstantin V. Gavrilenko
|
List Price: Our Price: $12.48 You Save: $37.51 (75%) Availability: Usually ships in 1-2 business days Buy Used: from $5.68 (click here) Category: Book See more book details and other editions |
|---|
Book Reviews of Wi-Foo: The Secrets of Wireless Hacking
Book Review: Title: "Wi-Foo: The Secrets of Wireless Hacking"
Summary: 4 Stars
The scope of "Wi-Foo" is impressive; it sets out to address a very
broad range of specific topics within the field of wireless networking.
To my delight (and considerable surprise) it does an effective job of
giving relevant and useful information for each of the topics it covers.
I'd say that this book has quite suddenly become my #1 pick from a shelf
full of related wireless books.
As the title may suggest to some, this book focuses on security
issues pertaining to wireless networking. It gives equal time
to breaking the defenses of wireless networks, as well as defending
them. After all, a critical step in protecting your network's assets is
knowing how The Baddies intend to defeat your intrusion counter-measures.
Much has been said in other books about the ease of bypassing existing
wireless security, but this book is one of the few that gives an adequate
assessment of how to detect these types of attacks. Complimenting
its survey of common wireless attack tools, this book details the
detection of popular attack-tools by implementing wireless intrusion
detection sensors. Script-kiddish tools and attacks aside, other important
aspects of detection are addressed; a sensible approach to categorizing
suspicious events on WLANs is covered in the intrusion detection section.
Overall, a comprehensive plan for evaluating, testing, and defending
your WLAN is presented in this book. People who work in the network
security field will find themselves nodding their head to much of the
material presented in these sections. Newcomers to the field will learn
a well-rounded approach to accomplishing their security objectives.
Aside from its primary goal of educating readers about security, the
book provides a useful overview of prerequisite subjects. For example,
the different varieties of client card chip-sets are covered in detail,
with a special emphasis given to using them with Linux and *BSD
(this meshes nicely with the section on DIY wireless IDS sensors.)
This progresses nicely into examples of using your wireless equipment
to perform war-driving surveys. These examples are used as a means to
explain the way the protocols work. The book eventually progresses into
higher-level subjects like using LDAP and FreeRADIUS to authenticate
users. An introduction to cryptography is even covered, followed by a
round-up of VPN implementations. The scope of this book is very broad,
indeed, but manages to cover the material in such a way that newcomers
won't be overwhelmed.
This title does a great job of presenting a comprehensive tutorial,
while also acting as a useful reference for those already familiar with
the subject. The appendices are admirable, providing useful information
like antenna irradiation patterns, penetration testing templates, and
even default SSIDs for common 802.11 devices.
While some of this information may become outdated by the fast-moving
wireless field, the common sense principles given will ensure the
usefulness of this book for some time to come.
Book Review: This is why I didn't cover wireless in my security book!
Summary: 5 Stars
'Wi-Foo' is the wireless book the security community needs. The book mixes theory, tools, and techniques in a manner helpful to those on the offensive or defensive side of the wireless equation. After reading 'Wi-Foo,' I'm glad I didn't try to cover similar topics in my 'Tao of Network Security Monitoring' -- these authors have written the definitive wireless 'hacking' text.
Several aspects of 'Wi-Foo' make the book a winner. First, with the exception of crypto topics in chapters 11 and 12, they tend to defer to previously published works rather than rehash old topics. For example, rather than exhaustively explain 802.11i, they refer readers to 'Real 802.11 Security,' an excellent defense-oriented wireless book. 'Wi-Foo' also assumes readers are familiar with TCP/IP and system administration, leaving out potentially redundant material.
Second, the authors demonstrate the degree to which they are plugged in to the wireless hacking community. They discuss developments from security conventions like Def Con, and explain tools and techniques not yet released (at time of writing) from the 'underground.' The number of tools explained by 'Wi-Foo' well exceeds that found in other wireless books, and the authors clearly explain why they prefer certain tools and discard others. This 'use what works' mentality is pervasive and effective, and I was very glad to see BSD tools featured along with the usual Linux suspects. I was particularly impressed by ch 9, where readers learn what to do next after compromising a wireless network. Other books stop at 'cracking WEP,' for example. Ch 4 and 7 also give the best advice I've seen on different aspects of wireless hardware, on a chipset-comparison level.
Finally, the authors complement their advice on wireless vulnerability assessment and penetration testing with sound defensive strategies. Ch 13 explains how to combine FreeRADIUS, open1x, and OpenLDAP to make an open source wireless authentication system. NoCat is discussed as an alternative. I was very happy to see an entire chapter on wireless IDS, especially the layer-based requirements listing. This serves as a good guide when checking the capabilities of commercial wireless IDS products.
The only drawback I see to 'Wi-Foo' is the inclusion of two chapters on crypto (ch 11 and 12). I would have preferred the authors to refer readers elsewhere, perhaps to a book like 'Cryptography Decrypted' or a heavier tome by Schneier or the like. I also noticed slightly rough English in some places, but these did not bother me like other books I've reviewed.
Overall, 'Wi-Foo' is the best book available for wireless assessment teams, explaining tools in an exceptional manner and smashing myths behind which security administrators hide. (Think your wireless network doesn't produce enough packets for WEP to be cracked? Read ch 8.) I'm adding 'Wi-Foo' to my 'Weapons and Tactics' Listmania List, and I recommend readers add this surprise hit to their bookshelves.
Book Review: A must-have/must-read for the wireless security professional
Summary: 5 Stars
I recently finished the book Wi-Foo - The Secrets Of Wireless Hacking by Andrew A. Vladimirov, Konstantin V. Gavrilenko, and Andrei A. Mikhailovsky (Addison-Wesley). This is an excellent book for people charged with running and securing a wireless network.
The chapter breakdown: Real World Wireless Security; Under Siege; Putting the Gear Together: 802.11 Hardware; Making the Engine Run: 802.11 Drivers and Utilities; Learning to WarDrive: Network Mapping and Site Surveying; Assembling the Arsenal: Tools of the Trade; Planning the Attack; Breaking Through; Looting and Pillaging: The Enemy Inside; Building the Citadel: An Introduction to Wireless LAN Defense; Introduction to Applied Cryptography: Symmetric Ciphers; Cryptographic Data Integrity Protection, Key Exchange, and User Authentication Mechanisms; The Fortress Gates: User Authentication in Wireless Security; Guarding the Airwaves; Deploying Higher-Layer Wireless VPNs; Counterintelligence: Wireless IDS Systems; Decibel-Watts Conversion Table; 802.11 Wireless Equipment; Antenna Irradiation Patterns; Wireless Utilities Manpages; Signal Loss for Obstacle Types; Warchalking Signs; Wireless Penetration Testing Template; Default SSIDs for Several Common 802.11 Products
As you can see from the chapter selection above, there's not a lot left that isn't covered in some way in this book. The coverage of wireless security is taken from both sides. The first part of the book looks at how to mount a survelliance effort and a concentrated attack on a wireless network. This could, as with all books like this, be used by the hacker community to crack your system. On the other hand, they already know this stuff. You as an IT professional can use this to view your system as an outsider to understand where the weaknesses might be. The second part of the book then shifts over to what it takes to secure your system and fend off all but the most diligent and agressive attempts to hack your system. Using both parts together, you have no reason for having glaring holes in your environment.
To be sure, this is not a fluff book. There is an abundance of technical detail on software configuration of both systems and hacking tools that you will need in order to be totally locked down. The chapters on cryptography go into great detail on how crypto systems work and how the formulas are derived. I'm still not sure if its too much detail for a book on wireless networks, but it will definitely keep the uber-geeks fully engaged in the material.
Definitely a must-have/must-read for the wireless security/wireless administrator professional...
Book Review: Great, but aims way too high on expertise scale
Summary: 4 Stars
Do you think there are too many wireless security books already? Let me tell you, you haven't read a wireless security book until you read `Wi-Foo'.
This book offers minimum coverage of the basics of wireless security and dives deep into advanced subjects (sometimes pushing my knowledge of wireless security to the wall). It lacks the typically redundant coverage of hardware and basic wireless technology. Also it doesn't get fixated on the tools (as some other volumes) and offers methodology and other sounds advise in addition to the tools. It also offers cryptography basics such as symmetric ciphers and key exchange protocols. It also covers many useful subjects around wireless security as the use of VPNs, central authentication fundamentals and design of the wireless intrusion detection systems. Appendices include signal single conversion tables and lists of wireless equipment other equipment as well as antenna radiation patterns.
Authors' writing style is pleasant and has some truly "British humor", which always makes the book more fun to read. The book slightly favors the attacking side over the defensive side, but still provides a lot of useful advice for those defending wireless networks. Another fun section is the one that covers what occurs after the attackers break for wireless security and get to the protected network.
The downside is that the authors often assume that just about every reader has the same level of expertise. I kind of know a thing or two about security, but a lot of stuff went over my head due to lack of background material. Thus, I suspect that only those knowledgeable in wireless security will benefit from the entire book, others will likely have places where the authors lost them.
If you deal with wireless security (attack or defense) - get it with no questions asked.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Security Strategist with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004) and a contributor to "Known Your Enemy II (AWL, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
Book Review: *The* Source for Wireless Security Information
Summary: 5 Stars
I was recently given the book Wi-Foo, The Secrets of Wireless Hacking as a present for my birthday, and I have been reading it extensively for the past few days. I have been involved with wireless security for a few years now, giving security talks to members of my community and helping out friends and family stay secure while enjoying the wonderful advantages of wireless computing. Over the past couple of years, I have slowly built up a small reference library of books related to wireless technologies and security. I even got involved in a small antenna building hobby which enabled me to better understand some of the ways RF works.
Upon reading the first few chapters of this book, I realized that this tome was different. The information contained within its pages wasn't a re-hashed compendium of information that could potentially be gathered across the internet and spoon-fed to the reader. In this case, the author brings us along as the many vulnerabilities of wireless computing are brought forward, how those vulnerabilities are exploited by nefarious individuals, and the ever-expanding variety of tools availble to assist in exploiting these vulnerabilities are described.
Don't get the wrong idea here; this isn't the run-of-the-mill Howto put together from various information sources freely available on the internet. The authors take painstaking efforts to explain how the various wireless encryption/security options, such as WEP, WPA, LEAP, TKIP, PSK, etc, work, and how they can be defeated. The tools are not only defined, but described in relation to how they leverage and exploit the vulnerabilities and why they work.
The information within is fresh and very comprehensive. While extensive in its depth, I still believe that this is an ideal book for anyone, from beginner to expert, who has a desire to better understand wireless computing technologies, its advantages and disadvantages, and how to protect oneself from evil-doers, out to take advantage of the stealth that wireless provides.