As one of the "hip" IT topics, wireless networking is getting a lot of exposure from the book publishing companies. We've reviewed quite a lot of books dealing with security implications of wireless technology. Today I'm taking a look at a book that covers a topic that is often considered the most interesting aspect in this field - wardriving.
About the author and the contributors
Chris Hurley aka Roamer is a Principal Information Security Engineer working in Washington, DC area. He is the found of WorldWide WarDrive, an effort by infosec professionals and hobbyists to generate awareness of insecurities associated with wireless networks.
Frank Thorton aka Thorn runs his own technology consulting firm, Blackthorn Systems which specializes in wireless networks. Michael Puchol is the founder of Sonar Security, a small enterprise that has become the leading source of wireless knowledge in Spain. Marius Milner is a software engineer working for a startup in Silicon Valley. He is the author of award-winning Netstumbler. Russ Rogers is a CEO and CTO of Security Horizons Inc; a Colorado based professional security services and training provider. Besides being a contributor to this publication, he was also its technical editor.
Inside the book
You probably own WarGames on DVD/VHS/LaserDisc right? If not, do buy the DVD from your local movie shop - it is a great movie with a quality DVD transfer and rather enjoying audio commentary by the movie's director and screen writer. The movie was made quite famous as it dealt with the possibility of a skilled young hacker, using his home computer to accidentally influence on the possible beginning of a nuclear war. The hack Matthew Broderick's character presented was mass dialing of phone numbers, trying to find open modems to connect to. In hacker terms this was called WarDialing. Just to make things straight, the movie didn't invent this term, it just made it closer to the mass public. Fast forward to Pete Shipley's 2001 DEF CON presentation of an 18 month wireless network survey, we are introduced with the term WarDriving.
WarDriving is an extremely popular sport nowadays, as almost everyone with some minimum computer skills can engage in a wardrive. The basic pre-requisites for wardriving are a laptop or a handheld, appropriate WLAN card and a freely downloadable piece of software. To receive better results, an external antenna and a GPS unit are appreciated. Some of you are probably connecting the term wardriving with hacking wireless networks, but the reality is a bit different - wardriving is a way of solely finding the wireless networks, not penetrating them. While wardriving can be seen as a reconnaissance for later hacking activities, it is not illegal in any way. Let's dwell into the book's content...
"Wardriving: Drive, Detect, Defend" can be imaginary divided into three sections: wardriving technology, attacking and securing the wireless networks. The first part is obviously the largest one as it deals with all the aspects of wardriving. It starts by introducing the readers with the basics behind the process of wardriving, with a focus on the tools of the trade. Here the readers are presented with some of the most popular wardriving hardware sets, both the laptop and handheld based ones. From the platform point of view, the authors covered both Windows and Linux, so most of the step-by-step guides are dealing with various software installations on different operating systems. Software insides section starts with coverage on the great work of Marius Milner - NetStumbler and its smaller counterpart MiniStumbler. These tools are easy to install, so the coverage is mostly concentrated on the software's usage. If you were ever snooping around wardriving web sites, you probably know that there is some great software running on Linux platform, but that it isn't so Windows-like easy to install and use it. I'm talking about tools like Kismet and AirSnort. To satisfy the needs for the general wardriving reader base that is keen into getting all the answers to their questions on one place, the author gives an extensive approach on installing Orinoco and PRISM2 cards for successful co-habitation with Kismet. You'll just need to copy-and-paste the author’s steps and you'll see that patching Orinoco drivers to be able to work in the monitor mode was never easier. Kismet is detailed with installation and usage procedures on Slackware 9.1 and Fedora Core 1.
If you are interested in organizing wardrives, the next couple of chapters will be pure gold. Here the author, as an extremely experienced wardrive organizer (references: WorldWide WarDrive and DEF CON WarDrive), provides insights on how to do wardriving in the most efficient manner. This is accompanied by a rather enjoying section on different opportunities of mapping wardrive results.
Attacking wireless networks receives a bit less exposure than I expected. Focused on the novice readers, this chapter provides information on spoofing MAC addresses and therefore defeating MAC filtering, finding cloaked access point (emphasis on the difference between active and passive sniffing), man in the middle attacks and a low level approach to usage of cracked WEP keys.
Up ahead we are presented with another novice type chapter, this time dealing with basic wireless network security. Although my first impression was that there isn't a need for a graphical how-to on setting some basic security options in various WLAN hardware, the magnitude of out-of-the box production WLAN deployments is quite high. Therefore these guides are aimed towards beginners administrating their home access points. Are these types of readers reading a book specializing on wardriving? That is another question... The last chapter of the book depicts a couple of advanced security topics such as implementing WiFi Protected Access (WPA), deploying RADIUS with Cisco LEAP, configuring RADIUS with 802.1X and creating a VPN on a Linksys WRV54G VPN Broadband Router. Besides these insightful topics, the author provides a really interesting overview of using ReefEdge Dolphin for the purpose of a secure wireless gateway. Another valuable tip from this section is related to installing WLAN cards under Linux in situations where vendors didn't develop Linux drivers.
The hardware being used for the purpose of writing the mentioned security chapters include: Linksys WAP11 802.11b AP, Linksys BEFW11SR 802.11b AP/Router, Linksys WRT54G 802.11g AP/Router and D-Link DI-624 AirPlus 2.4 GHZ Xtreme G Wireless Router.
As Chris Hurley is the master of applied wardriving, it was expected that he will deliver the "goods" with style. While the major part of the book is directly of interest to the not-so-experience reader, there are some parts dealing with advanced wireless topics. I would compliment the author and the book contributors on their work in this field and the way they made wardriving and wireless security closer to the masses.
Wardriving is extremely important for the state of wireless security, as it shows how many unprotected WLANs are out there and is therefore directly influencing wireless security awareness. The book will both teach you how to participate in wardriving projects as well as to get familiar on what kind of information outsiders can discover about your wireless networks.