Wireless Hacking and Security

Learn basic wireless terminology: wireless clients, access points, and infrastructure versus ad hoc modes; understand SSID naming, and the roles of authentication, encryption, and 11 standards.

Explore how wireless networks are set up, including ad hoc, infrastructure, and bridge networks, and how data link and physical layers, 802.11 standards, authentication, and encryption enable connectivity.

Explore wireless hardware fundamentals, from built-in network interface cards and add-on options to access points and enterprise versus SOHO devices, and how these components connect clients to networks.

Explore wireless transmission methods such as direct sequence spread spectrum, frequency hopping spread spectrum, and OFDM, with Bluetooth and 802.11 examples, noting wall penetration, interference resistance, range, and data rate.

Explore the evolution of early 802.11 standards, from the 2.4 ghz legacy 1997 system to the 5 ghz 802.11a, comparing data rates, signaling methods (dss, ofdm), range, and adoption factors.

Explain 802.11g basics - 2.4 GHz, OFDM, up to 54 Mbps, ~15 m range, and interference - then compare to 802.11n's 200–600 Mbps, ~50 m range, dual-band operation, and b/g interoperability.

Examine additional wireless standards, including quality of service for high-bandwidth apps, roaming and interoperability, the 5 gigahertz band in Europe, Bluetooth, and 802.1X-based authentication with wireless transport security.

Compare wired and wireless topologies, noting wired relies on physical connections while wireless uses infrastructure or ad hoc modes via an access point, highlighting star and mesh designs.

Compare wireless and wired networks, noting wired physical containment and wireless mobility, and discuss security implications of easier entry and dynamic device connections across transmission media.

Explore wireless security issues, including limited physical containment and exposure through airwaves, and emphasize transmission security, encryption, and access controls to protect confidentiality, integrity, and availability.

Explore how encryption and authentication secure wireless networks by protecting data confidentiality and integrity, review the limits of WEP, and preview WPA/WPA2 improvements.

Learn how authentication verifies user identity and credentials in wireless networks, distinguishing true verification from basic password-based access, and how authorization follows authentication using WEP, WPA enterprise, EAP, and 802.1x.

SSID broadcasting reveals the network name from the access point for convenience, but offers limited security; hiding it is security through obscurity and marginally useful against attackers using net stumbler.

Learn how MAC address filtering uses hardware MAC addresses to allow or block devices on wireless networks, with default deny and default allow modes, and why spoofing reduces effectiveness.

WEP encrypts wireless traffic at layer 2 to match wired confidentiality, but offers limited access control and no true authentication; it uses 64- or 128-bit keys with a 24-bit IV.

Discover how WPA replaces WEP weaknesses with TKIP dynamic keys to thwart static keys and RC4 flaws, and how WPA personal and enterprise use 802.1X with EAP.

Explore how wpa2 extends wpa to replace wep, using ccmp with aes and tkip, and applies dynamic key generation with a four-way handshake.

Explore 802.1x, a network access control for wireless and wired networks. See how the supplicant, authenticator, and authentication server work, using EAP and radius for certificate and smart card authentication.

Explain how extensible authentication protocol (EAP) supports certificate-based, smart card, and multi-factor methods in 802.1X wireless and wired networks, with mutual authentication between client and server.

Explore the wireless application protocol (wap) and its evolution from wep one to wep two, highlighting wml, tls, and how gateways translate wireless protocols to tcap ip for web access.

Explore authentication methods across wireless protocols, including open system authentication, shared key with WEP, pre-shared key for WPA/WPA2, and enterprise EAP with mutual authentication.

Explore general wireless client security, including connecting and securing various clients, using WPA/WPA2 and 802.1X, managing certificates, patching devices, and auditing logs to protect the network.

Explore legacy wireless clients—older Windows, Mac, and Linux systems—that run on WEP or open security, and learn mitigations like SSL/SSH, encryption, and restricted use when upgrades aren’t feasible.

Demonstrates how to secure wireless connections on Windows 7 and 8, configure encryption levels from WPA to WEP, review security settings and authentication options, and manage profiles.

Configure a secure wireless connection on Linux clients using BackTrack five and network manager, then verify with ifconfig and ip commands, exploring options like static IP, DNS, and encryption.

Protect devices through strict physical control, clear user responsibilities, labeling, and inventory; enforce encryption, remote wipe, VPN, and limit sensitive data on mobile and stationary devices.

Explore how security policies govern wireless networks, detailing acceptable use, mobile device BYOD, encryption and authentication requirements, and the procedures, standards, and enforcement that ensure compliance.

Learn to harden wireless access points, secure the device and operating system, update firmware, use strong passwords, secure traffic, and configure defaults via a wired connection.

Learn to secure a wireless access point by changing default credentials, hostname, and IP address. Configure the DHCP server, adjust time zones, and strengthen administration settings to prevent unauthorized access.

Secure the wireless access point by configuring WEP, WPA, WPA2, and WPA2 enterprise, and enable protected setup (WPS) with PIN or push-button for easy secure onboarding.

Configure the wireless access point firewall and access restrictions to filter anonymous requests, multicast, and NAT redirection, and manage vpn pass-through, port forwarding, and dmz.

Configure client access with mac address filtering and dhcp scope reservations to control who connects, while changing the access point ip and dhcp scope for added security.

Secure wireless access points by enforcing locked access to the equipment room, central placement to minimize signal leakage, and controlled power with a site survey to balance availability and security.

Explore how smartphones connect to 3G/4G and wifi networks, revealing mobile security vulnerabilities. Identify threats like phishing, vanishing, blue snarfing and blue jacking, rogue apps, spoofing, and jamming.

Learn how tablets use wifi, bluetooth, and cellular networks, and how app vulnerabilities and ad hoc connections threaten wireless security; apply encryption and WPA or WPA2 protections.

Explore WiMAX, a wireless metropolitan area network delivering last-mile broadband access as an alternative to cable and DSL, highlighting security, authentication, and network components like base, subscriber, and relay stations.

Explore ZigBee wireless mesh for industrial control and home automation, where a coordinator manages up to 65,536 low-power devices using AES encryption and shared keys, with notable vulnerabilities.

Discover RFID technology, its passive and active systems, limited range for inventory control and contactless payments, and security risks like data theft, spoofing, and privacy concerns.

Bluetooth as a short-range wireless standard, its 2.4 ghz frequency hopping, evolution from 1.2 to 4.0, and security considerations like secure simple pairing for devices in ad hoc networks.

Explore Bluetooth weaknesses across versions, including eavesdropping, interception, and man-in-the-middle attacks. Identify issues with old pairing keys, short pins, repeated key streams, unlimited authentication requests, and lack of end-to-end security.

Bluetooth security features depend on version, with physical proximity reducing remote attacks; security modes 1–4 determine when encryption and authentication occur, and secure pairing uses elliptic curve cryptography with Diffie-Hellman.

Discover Bluetooth attacks like blue snarfing, blue jacking, blue bugging, car whisperer, and blue casing, along with denial of service, eavesdropping, and fuzzing techniques.

Learn about Bluetooth attack tools in backtrack for wireless security assessments, including blue diving, blue maho, and red fang; understand pairing, discoverable mode, eavesdropping, and brute-force discovery.

Secure Bluetooth by configuring devices to low power, using random long PIN codes, avoiding static pins, enabling encrypted links with mutual authentication, and pairing only in secure, non-discoverable conditions.

Distinguish penetration testing from hacking and vulnerability assessments, emphasizing ethics, formal methodologies, and documented reporting with owner consent. Apply wireless testing basics like network scanning, traffic capture, and weakness exploitation.

Discover wardriving and war chalking as techniques for locating unsecured wireless access points, marking them with symbols, and assessing security for both malicious actors and penetration testers.

Explore wireless penetration testing within a general methodology, covering preparation, reconnaissance, vulnerability testing, and penetration to access wireless networks and reach wired resources, including obtaining WPA keys.

Outline goals of wireless penetration testing, including assessing true risk, providing full-disclosure risk assessments with mitigations, and maintaining professional conduct while detecting networks and analyzing traffic.

Authorize with written approvals from an upper-level manager, define scope, liability, and a detailed test plan. Coordinate teams, prepare equipment, and plan for contingencies to manage downtime and customer expectations.

Carry out the test plan from start to finish, document tools and actions with timestamps, and maintain open communication with system personnel to ensure progress and proper results.

practice professional conduct by doing no harm, respecting the test scope, and discreetly reporting findings; collaborate with managers and staff to strengthen security and secure future engagements.

Explore the landscape of security and testing tools for wireless penetration testing, from commercial and open-source options to hardware, including back track five, that help you access the network.

Choose hardware with ample memory, a fast CPU, and ample storage to support intensive wireless security testing and traffic capture. Rely on USB wireless cards with an Atheros or Realtek chipset that support monitor mode and packet injection for flexible testing across laptops, desktops, and VMs.

Explore penetration testing platforms across Windows, Linux, and Mac, focusing on wardriving, wireless network scanning, WEP and WPA cracking, and choosing the right hardware and software for monitor and injection.

Explore BackTrack five release three, a linux-based penetration testing distribution, and tour its wireless toolset including aircrack, kismet, killerbee, and honeypot for wireless networks.

Explore kismet, a versatile wireless penetration testing tool that scans for wireless access points and clients, and outputs capture files readable by wireshark, and manages sources and plugins.

Explore the aircrack-ng suite to capture wireless traffic, perform packet injection, and crack WEP and WPA using monitor mode and related tools.

Explore Gerrit's gui for aircrack-ng within backtrack to scan, sniff, crack WEP, and create a rogue access point, with monitor mode and MAC spoofing.

Master Wireshark, the open-source network protocol analyzer, to capture and analyze 802.11 wireless traffic in monitor mode for sniffing and traffic capture in wireless penetration testing, alongside air dump.

Examine net stumbler, a legacy Windows tool for wardriving that scans for wireless networks, shows signal strength, channel, encryption status, and GPS-enabled location data.

Explore modern windows wireless tools, comparing free heat mapper and insider with commercial scanners for monitoring, packet capture, and mapping access points.

Review older Windows and Linux wireless tools like stumbler, backtrack 5, air snort, and omni peek, including fake ap concepts and legacy scanning to understand security through obscurity.