Laptop Computer
For starters, you’ve got to a have a good test system — preferably a portable laptop computer. Although it is possible to perform wireless-security testing using a handheld device such as a Pocket PC, the tools available on such devices are limited compared to those on a laptop system.
Due to the multiple operating system requirements of the popular wireless testing tools, we recommend using either a system that can dual boot Windows (preferably 2000 or XP) and Linux (any recent distribution will do) or a Windows-based system running a virtual machine program (such as VMware) on which you can install multiple operating systems. The hardware requirements for systems running a single operating system are pretty minimal given today’s standards. A system with a Pentium III or equivalent processor, 256MB RAM, and at least a 30–40GB hard drive should be more than enough. If you’ll be running VMware or another virtual machine program, you’ll want to at least double this amount of RAM and hard drive space.
Wireless Network Card
In addition to the laptop, you’ve got to have a good wireless network-interface card (NIC). Look for a PC Card NIC that’s not only compatible with the various wireless tools, but one that also has a connector for an external antenna so you can pick up more signals. The Orinoco Gold card (and its re-badged equivalents) serves both purposes very well. Many wireless NICs built in to today’s laptops are good general purpose cards, but your test results may be limited due to the shorter radio range capability of the internal antennas.
Antennas and Connecting Cables
A high-gain unidirectional or omnidirectional antenna — or cantenna — will do wonders for you when you’re scanning your airwaves for wireless systems. When you’re shopping for antennas, look for one with a pigtail connection that matches the type of connector you have on your wireless NIC. Also be aware that the length of these pigtail cables should be kept as short as possible. Because they’re made with a very thin microwave coax, these cables have fairly high signal losses at microwave frequencies and with the connectors placed on either end of the pigtail cable. To avoid high cable losses, you should not use a pigtail cable longer than 5 feet.
GPS Receiver
If you’ll be war-walking/driving/flying — or if your wireless systems span across a large building or campus environment — then it’s time to think globally: A global positioning satellite (GPS) receiver will come in handy. With a GPS receiver, you’ll be able to integrate your wireless testing software and pinpoint the locations of wireless systems within a few meters.
Stumbling Software
To get your wireless testing rolling, wireless stumbling software is essential; you can use it to map out things like SSIDs, signal strength, and systems using WEP encryption. Software you can use for this includes Network Stumbler for Windows or your wireless NIC management software. For really basic stumbling, you can even use the management software built in to Windows XP.
Wireless Network Analyzer
To probe deep into the airwaves, a network analyzer is essential. Programs such as Kismet, AiroPeek, and ethereal can help you monitor multiple wireless channels, view protocols in use, look for wireless system anomalies — and even capture wireless data right out of thin air.
Port Scanner
A port scanner such as nmap or SuperScan is a great tool for scanning the wireless systems you stumble across to find out more about what’s running and what’s potentially vulnerable.
Vulnerability Assessment Tool
A vulnerability-assessment tool such as Nessus, LANguard Network Security Scanner, or QualysGuard is great for probing your wireless systems further to find out which vulnerabilities actually exist. This information can then be used to poke around further and see what the bad guys can see and even potentially exploit.
It’s not only a great reference tool, but the Google search engine can also be used for searching Network Stumbler .NS1 files, digging in to the Web-server software built in to your APs, finding new wireless-security testing tools, researching vulnerabilities, and more. The Google taskbar (downloadable for Internet Explorer, built in to FireFox) makes your searching even easier.
An 802.11 Reference Guide
While performing ongoing ethical hacks against your wireless systems, you’ll undoubtedly need a good reference guide on the IEEE 802.11 standards at some time or another. The 802.11 wireless protocol is very complex and will evolve over time. You’ll likely need to look up information on channel frequency ranges, what a certain type of packet is used for, or perhaps a default 802.11 setting or two. The Cheat Sheet, the wireless resources found in Appendix A in this book, as well as Peter’s book Wireless
0 comments:
Post a Comment