Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Robert C. Jones, M.D. LtCol, USAF, Medical Corps Staff Anesthesiologist Andrews Air Force Base, Maryland
E-mail: rob--at--notbob.com Web site: http://www.notbob.com
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
In order to educate health care providers and other professionals, this presentation contains graphics and information obtained on the internet which may be copyrighted According to Sections 107 and 504c of United States Code title 17, this material is considered to be fair use of copyrighte d intellectual property; it is to be used for noncommercial purposes only Fair Use is the use of a copyrighted work for purposes such as criticism, comment, news reporting, teaching (including mult iple copies for classroom use), scholarship, or research. In determining whether the use made of a work in any particular case is a fair use, the factors to be considered shall include: The purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; The nature of the copyrighted work; The amount and substantiality of the portion used in relation to the copyrighted work as a whole; and The effect of the use upon the potential market for or value of the copyrighted work. The purpose and character of this presentation is for nonprofit educational purposes in support of Homeland Defense and internet security; the nature of the copyrighted work is individual graphics and quotes; the amount and substantiality of the portion used is minimal; and the effect on the potential market for or value of the copyrighted use is negligible. In fact, the hyperlink references crediting the original sources should increase the market value of said copyrighted works by increasing traffic to the websites presenting this material. This presentation was produced in the United States Air Force medical environment in the interest of academic freedom and the advancement of national defense-related concepts. The views expressed in this presentation and linked-to material are those of the author(s) of said material and do not reflect the official policy or position of the U.S. Air Force, Department of Defense, the United States government, or the AOMPS. Nor do educational links to internet websites or reference sources constitute any kind or degree of verification or validation of information presented therein. Nobody paid me squat to write this stuff, by the way Point of Contact for questions regarding copyright infringement shall be the current U.S. Department of Defense designated agent to receive notification of claimed DMCA copyright infringement (courtesy of Department of Redundancy Department [DoRD]) Financial Disclosure: I am a Microsoft shareholder, so I can parody and provide commentary upon the products and services of the Microsoft Corporation with impunity
CIA XXIV
Wheres Wireless???
CIA XXV
CIA XXIV
CIA XXV
CIA XXV
CIA XXV
CIA XXV
CIA XXV
CIA XXV
CIA XXV
CIA XXV
This talk is not a WLAN Cracking HOWTO; this is HOWNOTTO on getting 0wn3d
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXIV
The only secure computer is one that is unplugged, locked in a secure vault that only one person knows the combination to, and that person died last year.
Eckel, G and Steen, W., Intranet Working, New Riders, 1996, p. 419
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXIV
Wired Networking
Inexpensive infrastructure (CAT5 cable + NICs) Expensive deployment (drilling through walls) Reconfiguring network topology difficult Difficult (not impossible!) to intercept communication Worldwide exposure to intruders if connected to Net Fast! (10/100 Mbps Ethernet Gigabit ethernet) Negligible interference from environment
CIA XXV
Firewall
Router
CIA XXIV
Wireless Networking
Expensive infrastructure (clients+APs=cha-ching!) Inexpensive deployment (protocols supported in OSes) Reconfiguring network topology trivial (?too trivial?) Ridiculously easy to intercept communication Geographically constrained exposure to intruders* Relatively Slow (11Mbps marketingspeak = 5 Mbps) Massive environmental interference (ISM, path loss)
CIA XXV
SSID (ESSID): Service Set Identifier = name for WLAN network; sent out as plain text in every packet; broadcast by default by most access points AP: Access point: WLAN router that talks to client cards WEP: Wired Equivalent Protocol; broken and easily crackable encryption scheme; not Wired Equivalent Privacy, et al. MAC: Unique Media Access Control ID number hard-coded into every networking device; spoofable via software WPA: Upgrade to WEP security; uses TKIP to rotate encryption keys for each packet and generate different keys for each computer 802.1x (not to be confused with 802.11x): User authentication mechanism using EAP protocol; separate from encryption 802.11i/WPA2: Major upgrade to security; uses new AES crypto algorithm vs. RC4; part of RSN: Robust Security Network
CIA XXV
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved. TSN = transitional security network with RSN + TKIP instead of CCMP with AES; more on this later
Firewall
Access Point
Advantages: AP security; isolated net connection Disadvantages: AP cost, complexity; broadcast range
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXIV
Firewall
Advantages: no addtl hardware; geographically constrained Disadvantages: unmanaged P2Pnet issues; geo. constrained
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
STA 2003
Authentication
Shared
give me access
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
CIA XXV
Firewall
Access Point
CIA XXIV
Firewall
Access Point
CIA XXIV
Firewall
Access Point
Gotcha!
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXIV
Tabloid
Firewall
Access Point Terrorist
Your Competitor
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXIV
Firewall
Access Point
CIA XXIV
Increasingly powerful 802.11x clients available 200 mW PCMCIA cards advertise 6000+ ft range
http://products.wi-fiplanet.com/wifi/pc_card_16-bit/1058052117.html
Many WiFi adapters have external antenna connections; even homemade antennas work well
CIA XXV
Bob
Firewall
Access Point
Alice
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
Cats
STA 2003
oven
Cell phone
Firewall
Access Point
Bluetooth device
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
CIA XXV
Mid Sept 04 (same area wardriven in Sep 03); 30 minute drive Residential neighborhoods/business district 5 dBi omnidirectional, magnetic, car-mounted antenna
TCP/IP disabled on card purposely unable to connect/get IP address (thus legal)
126 APs located; 1 Peer located 97 APs with no security (77%) Of 30 with security, only 13 (43%) 802.11g (likely WPA compliant out of box) 62 APs with default SSID bespeaking ignorant owners (49%) one FAKE-AP (first time: counterfeit AP signals) http://www.blackalchemy.to/project/fakeap/ Worldwide Wardrive 4 (http://www.worldwidewardrive.org/): of 228,537 APs logged, only 61.6% enabled WEP (or better) security; 31.4% used default SSID (note: Lots of smart non-Merkins included)
CIA XXV
Note!
CIA XXV
Physical Security
Secure your laptop/PDA physically
Windoze XP stores WPA PW and automagically reconnects on startup
BIOS password at least in case WLAN device is stolen! Secure your access points (locked closets vs. desk)
Remember, reset button on back of AP = Poof! No Security
Wise placement of APs/directional antennas to minimize RF leak If possible, minimize AP RF power output to least useful Audit your coverage: Warwalk/drive/sit yourself!
Reference: http://techrepublic.com.com/5100-6329-5054057.html?tag=hdi
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
Wireless Policy
(Authority) will be in charge of establishing and enforcing WLAN standards; any implementation that deviates from standard must be approved by (authority) (Authority) will be the only one(s) installing/modifying/ maintaining APs; (Users) will not install APs Only (authorized user type list) can use the WLAN; all others require explicit permission from (authority) All WLAN devices must be secured according to standards set by (authority) All communications must be encrypted using (standard) All (users) must register WLAN devices with (authority)
CIA XXV
CIA XXV
OS/Firmware Updates
Windows XP Service Pack 2 (SP2) Apple Macintosh: Need firmware upgrade to AirPort Extreme 11g (b sol)
WPA requires an AirPort Extreme base station and AirPort Extreme or AirPort clients running Mac OS X v10.3 (Panther), or later. Use of Wi-Fi Protected Access (WPA) reduces the maximum number of network users. Computers with wireless cards that only support WEP cannot join an AirPort network that has WPA enabled. Client: http://www.apple.com/support/downloads/airportupdate.html AP: http://www.apple.com/support/downloads/airportextremefwupdate.html Linux: Support depends on chipset; http://hostap.epitest.fi/wpa_supplicant/ also see http://www.linux-sec.net/Wireless/WPA/#WPA for mondo links Until Sep 04, very cumbersome process to implement WPA (see notbob.com) Now, SP2 incorporates new WZC and WPA functionality (finally)
Make sure you are running latest version of your APs firmware; visit manufacturers website every few months at least
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
CIA XXV
MAC/SSID Vulnerability
CIA XXV
http://groups.google.com/groups?selm=bb8vft%24lma%241%40news01.intel.com&oe=UTF-8&output=gplain CIA XXV Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
MAC Filtering
Better than nothing; will keep out your neighbors To find your adapters MAC addresses, under Windows: start | run | cmd | ipconfig/all ; listed as physical address Best to explicitly allow only your own MACs; explicit deny is for open APs that are subject to annoying users (without the sense to spoof their MAC addys)
CIA XXV
Default SSIDs
3Com: comcomcom Cisco: 2, tsunami, WaveLAN Network Compaq: Compaq With AP manufacturer, trivial to determine default DLink: WLAN Administrator Intel: 101, 195, xlan, intel username/password! Linksys: linksys, Wireless Netgear: Wireless Zcomax: any, mello, Test
http://www.cirt.net/cgi-bin/ssids.pl http://www.iss.net/wireless/WLAN_FAQ.php
CIA XXV
SSID Rules
Change from default Dont broadcast if possible (WPA flaky sometimes) Dont make it your family/business name Dont make it interesting to h@X0rS; boring is good: ex: thisAP Make it hard to guess (e.g., not Default1)
use this if possible CIA XXV
CIA XXV
http://www.linksys.com/download/vertxt/befsr81v2_ver.txt
CIA XXV
Use Encryption
CIA XXV
Encryption Basics
XOR Logic Gate
Need to hide message (plaintext) = needle Generate random stuff (encryption key) = piece of hay Multiply random stuff (keystream) = haystack Hide message in haystack (XOR) needle+haystack (ciphertext)
http://www.mesda.com/files/infosecurity200309.pdf; http://hyperphysics.phy-astr.gsu.edu/hbase/electronic/xor.html Intro to Encryption: http://home.ecn.ab.ca/~jsavard/crypto/jscrypt.htm CIA XXV
WEPwhat is WEP?
Wired Equivalent Protocol (NOT Wireless Encryption Privacy) First defined in 1999 ANSI/IEEE Std. 802.11, section 8.2
http://standards.ieee.org/getieee802/download/802.11-1999.pdf
Reasonably strong (dependent on key length) Self-synchronizing (for best effort delivery) Efficient (low processor overhead) Exportable (pre-1999 ITAR climate [Phil Zimmerman]) Optional (so lusers dont whine to hardware manufacturers when they mess up WEP on their networks DISABLED out of the box by all OEMs as of 2004 AFAIK*)
*AFAIK= As far as I know
CIA XXV
Secret key combined with IV, run through WEP cipher PRNG (RC4)
Plaintext XORed with key sequence (irreversible without key) Ciphertext output sent over airwaves after encapsulation into IP packets
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
http://standards.ieee.org/getieee802/download/802.11-1999.pdf
CIA XXV
What is RC4?
One encryption algorithm (many others: DES, IDEA, Blowfish, AES, etc.) Efficient streaming cipher (low overhead)-- used in SSL encryption (online banking, etc.) Proprietary trade secret of RSA Inc. http://www.rsasecurity.com Presumed RC4 source code uploaded to Usenet newsgroup sci.crypt 13 Sep 1994all open source RC4 implementations based on this anonymous post (including WEP)!
From: nobody@vox.xs4all.nl (An0nYm0Us UsEr) Newsgroups: sci.crypt Subject: RC4 ? Date: 13 Sep 1994 21:30:36 GMT Organization: Global Anonymous Remail Services Ltd. Lines: 83 Message-ID: <3555ls$fsv@news.xs4all.nl> NNTP-Posting-Host: xs1.xs4all.nl X-Comment: This message did not originate from the above address. X-Comment: It was automatically remailed by an anonymous mailservice. X-Comment: Info: usura@xs4all.nl, Subject: remailer-help X-Comment: Please report inappropriate use to <admin@vox.xs4all.nl> SUBJECT: RC4 Source Code I've tested this. It is compatible with the RC4 object module that comes in the various RSA toolkits. /* rc4.h */ http://groups.google.com/groups?selm=35gtd7%24404%40ccu2.auckland.ac.nz&oe=UTF-8&output=gplain
CIA XXV
http://www.rsasecurity.com/rsalabs/technotes/wep.html
Flaws in key scheduling algorithm Large number of weak keys encryption easily cracked IV is sent in the clear with each chunk subtract 24 bits of IV from encryption key length
http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?RC4
CIA XXV
Enabling WEP
Advanced WEP
Freeware key generators create pseudorandom keys for you to enter Rotate keys frequently (weekly for business, monthly for home at minimum) Make sure highest key-length WEP is enabled (remember, 64 bit WEP key is really just 40 bits long [thanks, marketing!]) Upgrade WEP to WPA as soon as possible (look for WPA support for all new hardware)
CIA XXV
CIA XXV
TKIP fixes IV weakness, adds MIC, key mixing, rekeying Supports enterprise user authentication via EAP and 802.1X SOHO mode: Pre-Shared Key (PSK): autorotates key for you
http://www.newswireless.net/articles/021123-protect.html
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
TKIP
CIA XXV
CIA XXV
Make sure wireless connection works with WEP first Have wired connection to prevent disconnection with changes Upgrade Windows XP SP1 to SP2 (Windoze Update) Pick a good pre-shared key (PSK)! http://wifinetnews.com/archives/002452.html Upgrade client firmware to support WPA Implement WPA PSK on router (may need to upgrade firmware) Implement WPA on Windows XP using WZC (Wireless Zero Configuration)
See my separate step-by-step guide on WPA in XP: http://www.notbob.com/wlani
CIA XXV
Step 4: Step Implement Step 3: Make 2: Step Implement WPA 1: sure Upgrade PSK supplicant WPA under XP on to network supports AP SP2 router connections WPA
CIA XXV
CIA XXV
802.1X port-based authentication requires dedicated authentication server (or server process in AP) RADIUS authentication: for enterprises only IEEE 802.11i = WPA + RSN; finally ratified Jun 04 Uses CCMP (counter mode with cipher block chaining [CBC] message authentication code protocol) for enhanced privacy, data integrity, and authentication RSN: Robust Security Network 802.1X + EAP + AES (non-RC4 encryption protocol) will likely need hardware upgrade to run RSN without major hit on throughput; likely available in mature form in 2005-6
802.11i (excellent): http://www.commsdesign.com/design_library/cd/wl/OEG20021126S0003 802.11i (advanced): http://csrc.nist.gov/wireless/S10_802.11i%20Overview-jw1.pdf RSN: http://www.nwfusion.com/news/tech/2003/0526techupdate.html CIA XXV
AES
CIA XXV
Rijndael is a symmetric block cipher, designed by Belgian/Flemish cryptologists Joan Daemen (Yo-ahn Dah-mun) and Vincent Rijmen (Rye-mun ) Time to crack @ 255 keys/sec: 149 trillion years Basic advantage of AES is its efficiency and low overhead: easier to implement than its competitors for AES standard For WiFi, requires dedicated chip to process cipher in real time
Official NIST AES Specs: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf Intro to AES: http://www.nwfusion.com/details/597.html?def Very High Level AES mathematical explanation: http://islab.oregonstate.edu/koc/ece575/aes/intro.pdf
How is that pronounced ? If you're Dutch, Flemish, Indonesian, Surinamer or South-African, it's pronounced like you think it should be. Otherwise, you could pronounce it like "Reign Dahl", "Rain Doll", "Rhine Dahl". We're not picky. As long as you make it sound different from "Region Deal".
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
from: http://www.wi-fi.org/OpenSection/pdf/Wi-Fi_ProtectedAccessWebcast_2003.pdf
CIA XXV
Firewall Treat all wireless communication as insecure Put AP on unsafe side of firewall Use VPN (private tunnel) through internet to reach internal network Impractical for SOHO networks (expensive; throughput hit)
CIA XXV
Internet Storm Center http://isc.sans.org News.com http://www.news.com Wireless News Factor http://wireless.newsfactor.com WiFi Planet http://www.wi-fiplanet.com/ NetworkWorldFusion http://www.nwfusion.com/topics/security.html
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
Privacy: Sniffing your cars radio stations Red Means Stop, Ya Moron!: 802.11p DOS: Wireless Jammers for Jesus Wireless Viruses: Dont get stung by Mosquitoes RFIDS: The Next Security Threat?
CIA XXV
CIA XXV
802.11p is a new IEEE spec to implement WiFi for vehicles Emergency vehicles might use broadcast via wireless to change traffic signals in order to speed themselves along. Cars might also "communicate" with one another, as an exchange of Wi-Fi signals makes it possible to sound proximity alerts when two vehicles come too close to one another. Just imagine the potential for chaos when criminals can change traffic lights remotely, or when pranksters activate all the proximity alerts simultaneously
http://www.wi-fiplanet.com/columns/article.php/3422251
CIA XXV
Mexico: Cell phone jammers installed in churcheswould likely nuke nearby WiFi as well
http://www.cnn.com/2004/TECH/ptech/10/19/cellphonejammers.ap/
CIA XXV
http://wireless.newsfactor.com/story.xhtml?story_title=Mosquito-Trojan--Copy-Protection-Gone-Wrong&story_id=26310&category=wlssecurity
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
http://enterprise-security-today.newsfactor.com/story.xhtml?story_title=RFID--The-Next-Security-Nightmare-&story_id=26104&category=mobsec
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
Patch OS frequently to plug security holes; read media for new WLAN exploits
WPA2= 802.1X, 802.11i, RSN; VPN + RADIUS for enterprises only if no WPA; rotate keys manually Implement now; choose secure PSK Change default; dont broadcast Implement MAC filtering
Change default admin logon/pw; disable remote admin Weekly or automatically Got WPA? Prevent theft; BIOS pw; encrypt files; backup data; disaster plan
Pay attention to geographical location of AP (parking lot coverage) Disable file & print sharing if not needed; never share root Disable SSID broadcasting (default = enabled for most products) Change the SSID to something non-default and boring Upgrade firmware of AP/client to increase security (WPA) Change default admin login/password for AP; disable remote admin Configure AP to enable MAC address filtering (not perfect, yes) Enable WPA PSK now! For enterprises: RADIUS, WPA2 Only use WEP as last resort (legacy hardware; rotate keys often) Wardrive yourself to audit your security (got rogue teenager AP?)
CIA XXV
CIA XXV
1994-1999:
Information Access
CIA XXV
http://www.canada.com/technology/story.html?id=80bc4cc6-f3e3-4960-9b70-91c260e63931
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
Buffer Overflow attacks based on Windoze vulnerabilities (increasingly zero-day exploits): Sasser, CHM, etc. Phishing for passwords, bank accounts ( sophistication) M$ Outlook/OE exploits: worms, viruses, blended threats Hostile websites: spyware, malware, browser hijacking Keystroke loggers: disgruntled employees, spouses, kids IM attacks: embedded malign URLs, spim, predators
CIA XXV
Several Downsides:
People dont trust the Gummint (look at TIAO Initiative furor) Money Your Grandma wouldnt pass the testever. If stupid Merkins are kept offline, how about the rest of the world we havent liberatedyet?
CIA XXV
Click on all e-mail attachments with wild abandon Never use a firewall (equivalent: Windoze fw only) Keep thinking that OS security updates are for girlie men Go to naughty sites and install all required programs Use insecure, older versions of apps due to nostalgia Ignore computer security alerts in the news (news.com)
CIA XXV
References
CIA XXV
Online Resources
WLAN Specifications
WiFiTM Alliance (formerly WECA): http://www.wi-fi.org/ IEEE 802.11: http://standards.ieee.org/getieee802/portfolio.html IEEE 802.11i: restricted: http://standards.ieee.org/reading/ieee/std/lanman/restricted/802.11i-2004.pdf
Lots of interesting unrestricted IEEE documents: http://www.ieee802.org/11/Documents/DocumentHolder/
Bluetooth:
https://www.bluetooth.org/
CIA XXV
Wardriving Software
NetStumbler http://www.netstumbler.com/ MacStumbler http://www.macstumbler.com/ BSDAirtools http://www.dachb0den.com/projects/bsd-airtools.html AirSnort http://airsnort.shmoo.com/ Kismet http://www.kismetwireless.net/ Wellenreiter http://www.wellenreiter.net/
Lots of other tools: http://wardrive.net/wardriving/tools
CIA XXV
CIA XXIV
Online Resources
Basic 802.11 Security
WLAN Security FAQ (ISS): http://www.iss.net/wireless/WLAN_FAQ.php (old) WEP Specifications: http://standards.ieee.org/getieee802/download/802.11-1999.pdf WEP Insecurity: http://ftp.die.net/mirror/papers/802.11/wep_attack.html (no longer on:
http://www.cs.rice.edu/~astubble/wep/wep_attack.html )
WPA/WPA2: http://www.wi-fi.org/OpenSection/protected_access.asp Wardriving: http://www.wardriving.com ; www.sans.org/rr/papers/68/174.pdf Netstumbler: http://www.netstumbler.com Wireless Glossary: http://www.devx.com/wireless/Door/11333 (heh heh)
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
Online Resources
Advanced WLAN Security/Continuing Security Education
SANS: http://www.sans.org Internet Storm Center http://isc.sans.org Wireless LAN Security Site: http://www.drizzle.com/~aboba/IEEE/ News.com http://www.news.com Wireless News Factor http://wireless.newsfactor.com WiFi Planet http://www.wi-fiplanet.com/ NetworkWorldFusion http://www.nwfusion.com/topics/security.html Google it: search Google for WLAN security and/or WiFi security Cool list of WLAN Security Links: http://www.corecom.com/html/wlan.html Still More whitepapers: http://www.wlana.org/learning_center.html
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
Online Resources
AFH Topics
People are stupid: Wireless Equivalent Privacy:
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Wireless+Equivalent+Privacy%22&btnG=Google+Search
CIA XXV
CIA XXIV
Offline Resources
Books/Articles: Computer Security Essentials
Skoudis, Ed, Counterhack, Upper Saddle River, NJ: Prentice Hall PTR 2002. ISBN 0-13-033273-9 (amazing book! dozens of black hat techniques with countermeasures) Cheswick WR, Bellovin SM, Firewalls and Internet Security: Repelling the Wily Hacker, New York: Addison-Wesley Publishing Company 1994. ISBN 0-201-63357-4 (a classic) Chapman, D. Brent and Zwicky, Elizabeth D., Building Internet Firewalls, Sebastopol, CA: O'Reilly & Associates, 1995. ISBN 1-156592-124-0 (first edition includes excellent appendix on basics of ISO/OSI TCP/IP stack) Anonymous, Maximum Security, Fourth Ed., Indianapolis: SAMS Publishing Dec 2002 (excellent resource)
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV
Offline Resources
Books/Articles: WLAN Security
Duntemann J, Jeff Duntemanns Drive-by WiFi Guide, Scottsdale: Paraglyph Press, 2003. ISBN 1-932111-74-3 (very readable & entertaining; most practical 3-space reference thus far) Peikari C, Fogie S, Wireless Maximum Security, Indianapolis: Sams Publishing, 2003. ISBN 0-672-32488-1 (contains some errors [er, Wireless Equivalent Privacy? To paraphrase the song, 1/3 aint good.]) Edney J, Arbaugh WA, Real 802.11 Security: WiFi Protected Access and 802.11i, Boston (etc.): Addison-Wesley, 2004 (almost incomprehensible at times, but good reference) Vladimirov A, Gavrilenko K, Mikhailovsky A, Wi-Foo: The Secrets of Wireless Hacking, Boston (etc.), Addison-Wesley, 2004 (Good overview of WLAN security from Black Hat perspective; grammatical issues)
Copyright (C) 2005 Robert C. Jones, M.D. All Rights Reserved.
CIA XXV