Wireless network security a beginner's guide
Security Smarts for the Self-Guided IT Professional Protect wireless networks against all real-world hacks by learning how hackers operate. Wireless Network Security: A Beginner's Guide discusses the many attack vectors that target wireless networks and clients--and explains how to identify and...
| Autor Corporativo: | |
|---|---|
| Otros Autores: | |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
New York :
McGraw-Hill
[2012]
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629407106719 |
Tabla de Contenidos:
- Intro
- Wireless Network Security A Beginner's Guide
- About the Author
- About the Technical Editor
- Contents
- Acknowledgments
- Introduction
- About the Series
- Lingo
- IMHO
- Budget Note
- In Actual Practice
- Your Plan
- Into Action
- Part I: Wireless Foundations
- Chapter 1: Introduction to the Wireless Security Mindset
- We'll Cover
- What You Will Learn
- Security 101: The 11 Security Principles
- Principle 1: Security vs. Convenience
- Principle 2: It Is Impossible to Eliminate All Risks
- Principle 3: Rules of Risk Calculation and Mitigating Controls
- Principle 4: Not All Risks Must Be Mitigated
- Principle 5: Security Is Not Just Keeping the Bad Guys Out
- Principle 6: ROI Doesn't Work for Security
- Principle 7: Defense In Depth
- Principle 8: Least Privilege
- Principle 9: CIA Triad
- Principle 10: Prevention, Detection, Deterrents
- Principle 11: Prevention Fails
- Definition of Hacker
- Wireless Networking Basics
- 802.11a/b/g/n
- Access Points
- Autonomous vs. Controller Based
- SSID, BSSID, MAC Address
- Beacons and Broadcasts
- Associating and Authenticating
- Encryption
- We've Covered
- The 11 security principles
- Wireless networking basic concepts
- Chapter 2: Wireless Tools and Gadgets
- We'll Cover
- A Lab of Your Own
- Client Devices
- Phones
- Printers
- Access Points
- DD-WRT
- WRT54G
- Apple Airport Express
- Mini Access Points
- Mobile Hotspots
- Smartphones
- Enterprise-Grade Access Points
- Antennas
- Types of Antennas
- Gadgets
- GPS
- Smartphones and PDAs
- Pocket Wireless Scanners
- Spectrum Analyzer
- Operating System of Choice
- We've Covered
- Creating a lab environment
- Client devices
- Access points
- Antennas
- Wireless gadgets
- Choosing a wireless operating system
- Part II: Know Thy Enemy.
- Chapter 3: Theory of Attacks on Wireless Networks
- We'll Cover
- Setting the Stage
- Wireless Reconnaissance
- SSID Decloaking
- Passive Packet Captures
- Store and Crack at Your Convenience
- Man-in-the-Middle Attacks
- ARP Spoofing
- Rogue DHCP
- ICMP Redirects
- MITM-OK, Now What?
- Authentication
- WEP Authentication
- Encryption
- Stream Ciphers vs. Block Ciphers
- How WEP Works
- History of Breaking WEP
- Attacking WEP Encrypted Networks
- How WPA Works
- WPA-PSK
- WPA-Enterprise
- WPA2 Encryption Algorithms
- Attacking WPA Protected Networks
- Cracking the WPA Pre-Shared Key
- WPA Deauthentication Spoofing
- Wi-Fi Protected Setup (WPS) Brute Forcing
- WPA Denial of Service
- Attacks on TKIP
- So What Should I Use?
- We've Covered
- How WEP works
- How WPA works
- Attacking WEP encrypted networks
- Attacking WPA encrypted networks
- Common network attack techniques
- Chapter 4: Attacking Wireless Networks
- We'll Cover
- Wireless Reconnaissance
- The iwlist Command
- Kismet
- Kismac
- Wardrive
- Netstumbler
- Actively Attacking Wireless Networks
- Cracking WEP Encryption
- Cracking a WPA Passphrase
- We've Covered
- Wireless network reconnaissance
- Passive packet captures
- Cracking WEP encryption
- Cracking the WPA-PSK handshake
- Spoofing deauthentication packets
- Chapter 5: Attacking Wireless Clients
- We'll Cover
- Wireless World
- Wireless Client Vulnerabilities
- Are the Client's Existing Communications Secure?
- Are There Default Configurations That We Can Exploit?
- Can We Make the Client Talk to Us?
- Factors That Exacerbate Wireless Client Vulnerabilities
- Wireless Clients Are Everywhere
- Wireless Clients Are Constantly Broadcasting Their Existence
- Wireless Clients Are Not Monitored as Closely as Infrastructure Devices.
- Physical Security Is Often Completely Neglected
- Wireless Reconnaissance
- Kismet
- Airodump
- Sniffing Insecure Communications
- Capturing Packets
- Can We Force the Client to Talk to Us?
- Creating a Linux Access Point
- Forcing the Client to Talk to Us
- Default Operations
- Man-in-the-Middle Attacks
- DNS Spoofing
- Fake Webauth
- SSL MITM
- SSL Stripping
- Fake AV Updates
- We've Covered
- Exotic wireless devices
- Wireless client vulnerabilities
- Wireless reconnaissance
- Sniffing insecure communications
- Can we force the client to talk to us?
- Default operations
- Man-in-the-middle attacks
- Part III: Real-World Wireless Security Defenses
- Chapter 6: Theory of Defense for Securing Wireless Networks
- We'll Cover
- Setting the Stage
- Context
- Reality
- The Attacker Has the Advantage
- Phases of Wireless Deployment
- New Deployments
- Existing Wireless Networks
- Dealing with Downtime
- New Wireless Network in Parallel
- Touch Every Wireless Client
- Wireless Refresh
- Secure Design Principles for Wireless Networks
- Defense In Depth
- Least Privilege
- Network Segmentation
- Wireless Assessments
- Secure the Infrastructure
- Rogue AP Detection
- Physical Security
- Change the Default Configurations
- Due Diligence
- Confidentiality Integrity Availability (CIA)
- Encryption
- Authentication
- Useless Defenses
- Faraday Cage
- MAC Filtering
- SSID Cloaking
- WEP
- WEP Cloaking
- Good Wireless Defenses
- Firewalls
- Routers
- Switches
- Intrusion Detection Systems and Intrusion Prevention Systems
- When to Use IDS vs. IPS
- Where on the Network Will the IDS System Be Placed?
- How Will the IDS Receive Network Traffic to Inspect?
- Who Will Manage the IDS?
- What to Look for When Monitoring an IDS
- Wireless Intrusion Detection and Intrusion Prevention Systems
- Honeypots.
- Web Authentication Gateways
- We've Covered
- Setting the stage
- Phases of wireless deployment
- Secure design principles for wireless networks
- Useless defenses
- Good wireless defenses
- Chapter 7: Understanding the WPA2-Enterprise with Certificates Architecture
- We'll Cover
- Introduction to WPA2-Enterprise with Digital Certificates
- Public Key Infrastructure and Digital Certificates
- Public Key Cryptography: Asymmetric Encryption Algorithms
- Attacking Public Key Crypto-Secured Messages
- Digital Certificates
- Certificate Authority Server Structure
- Handling Compromised Certificates
- Supporting Services
- Microsoft Certificate Services
- Auto-Enrollment and Certificate Templates
- Remote Authentication Dial-In User Service
- 802.1x: Port-Based Access Control
- RADIUS and 802.1x
- WPA Enterprise Architecture
- We've Covered
- PKI and digital certificates
- WPA-Enterprise example
- Chapter 8: Deploying a WPA-Enterprise Network with Certificates
- We'll Cover
- Install and Configure the Certification Authority
- Install Active Directory Certificate Services
- Configure the Certificate Template and Auto-Enrollment
- Create the Wireless Organizational Unit and the WirelessUsers Group
- Create the Wireless Group Policy Object
- Apply the Group Policy Object to the Wireless Organizational Unit
- Create and Issue the Certificate Templates
- Log onto the Workstation and Obtain the User Certificate
- Allow Pre-logon Authentication
- Configure the RADIUS Server
- Configure the Wireless Access Point
- Authenticate to the Wireless Network
- We've Covered
- Configure the Certification Authority
- Configure the RADIUS server
- Configure the wireless access point
- Chapter 9: Deploying Secure Wireless Networks
- We'll Cover
- WPA2-Enterprise Wireless Networks
- Configure the Network Policy Server (RADIUS).
- Configure the Wireless Access Point
- Configure the Wireless Client
- Troubleshooting PEAP Authentication
- Troubleshooting RADIUS Authentication
- Bad RADIUS Authenticator
- Client Access Denied
- When All Else Fails
- Securing Your Wireless Network
- Segmenting Wireless Networks
- Restricting Users
- Restricting Time
- Restricting Network Subnets and TCP Ports
- Internal DMZ
- Multiple Wireless Networks (SSIDs)
- Remote Wireless Networks
- We've Covered
- Configuring a WPA2-Enterprise network with PEAP authentication
- Configure the Microsoft Windows 2008 Network Policy Server
- Strategies for segmenting wireless networks
- Chapter 10: Handling Wireless Guest Access
- We'll Cover
- Guest Networks and Internet Access
- Authenticating Guest Users and Managing Guest Credentials
- Using Captive Web Portals
- Guest Users Only
- Encrypting Traffic
- Using Auto-Expiring Credentials
- Allowing Secure Access to Internal Resources
- Authenticating Consultants
- Segmenting Guest Wireless Networks from Internal Networks
- DMZ with Jump Stations
- Virtual Private Networking
- VPN Options for Wireless Networks
- We've Covered
- Authenticating guest users and managing guest credentials
- Using captive web portals
- Segmenting guest wireless networks from internal networks
- Allowing secure access to internal resources
- Chapter 11: Handling Rogue Access Points and the Future of Wireless Security
- We'll Cover
- Handling Rogue Access Points
- Preventing Rogue Wireless Networks
- 802.1x Port-Based Access Control
- Network Access Control
- Port Security
- Manually Detecting Rogue Wireless Networks
- Tracing Malicious Rogue Access Points
- Handling Rogue Access Points
- Automated Detection of Rogue Wireless Networks
- Other Wireless Technologies
- Next-Gen Solutions
- Lightweight Wireless Solutions.
- Cloud-Based Wireless Solutions.
