BackTrack 5 Wireless Penetration Testing Beginner's Guide Paperback – Sep 9 2011
|New from||Used from|
Frequently Bought Together
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your e-mail address or mobile phone number.
About the Author
Vivek Ramachandran is a world renowned security researcher and evangelist. He is the discoverer of the wireless "Caffe Latte Attack" and has delivered presentations in world renowned Information Security conferences such as Defcon and Toorcon in the US. His discoveries and talks have been widely quoted by the International media including - BBC Online, Network World, The Register, Mac World, Computer Online and others. In 2006, Microsoft declared Vivek as one of the winners of the Microsoft Security Shootout Contest held in India among an estimated 65,000 participants. In 2005, he was awarded a team achievement award by Cisco Systems for his work in the 802.1x and Port Security modules. He is well known in the hacking and security community as the founder of SecurityTube.net , a free video based computer security education portal which gets an estimated 100,000 monthly visitors. Vivek is also an accomplished trainer and travels around the world conducting workshops and training sessions for corporates and students. He holds a degree in B.Tech from IIT Guwahati and acts as an advisor to the computer science department's Security Lab.
Inside This Book(Learn More)
What Other Items Do Customers Buy After Viewing This Item?
Top Customer Reviews
So really the main aboveground audience is probably sysadmins. The book describes how to use freely available network programs like Wireshark to probe a wireless net. More potently, it gives examples of using Man In The Middle techniques to insert yourself as the invisible intermediary in a conversation between a user surfing the Internet and a targeted web server. Once you see this, you can be likely impressed by why MITM is often thought to be a gold standard of attack vectors.
Another strong aspect of the book is how it demonstrates that it is all too easy for an experienced attacker with the right hardware and software tools to detect and intrude on an insecure WEP or WPA network. Turns out that a WPA network is usually stronger than a mere WEP-using network. But don't get complacent. For both types, the lesson of the book is that the simplest countermeasure is to beef up your users' passwords and, of course, your sysadmin password. The speed of modern computers means that brute force dictionary attacks often suffice to find weak passwords.
Most Helpful Customer Reviews on Amazon.com (beta)
This is not a book that explains a lot of theory and then expects you to figure out how to apply it. It's a finely-tuned set of clear, intentional tutorials that explains how to use the tools, how to get results, and then explains what happened and why. It covers some of the basics (like ifconfig, iwconfig, ping, and a little bit about packet specifications), and then moves on to the heavy-lifters like airmon, aireplay, airodump, wireshark, and others.
While all of these tools have tutorials and manuals online, the way they work together is seldomly explained, and even more rarely are they explained with the clarity and focus of this book. The situations the book covers are realistic wireless network setups that you'll find at businesses, cafes, and homes. There are screenshots on nearly everypage, so it doesn't just explain what to do - it actually shows you.
If you're completely new to pen-testing, this book is where you should start. You should try to learn at least a little bit of Linux before delving into this (but you should be learning that anyway) but this book doesn't assume that you are a pro. It guides you through all of the basic essentials, such as setting up a pen-testing lab environment (configuring your access point, making sure your wireless card is open enough to be configured, and so on), and even how to install Backtrack Linux itself. You will need a good lab environment to use this book effectively, so make sure you have access to a router, two laptops with wireless cards (one to use and one to be the victim), and a usb wireless card to perform packet injection (the book recommends the Alfa AWUS036H).
All in all, whether you're learning this stuff because you're angry at the world and want to mess up wireless networks or because you're a sys admin and need to protect your network from intruders, this is easily the best book on the subject I have found. Too many books on this topic assume that the reader is a "security professional" and uses jargon and lingo without explaining anything. This book sits down with you, gives you the information you need, and you get the results that you wanted. Considering that courses from Backtrack's website start at around $750, this book feels like a hack in itself.
This book is highly technical & written completely from practical perspective. To get the best out of this book you need to parallely follow it up with your own setup as shown in first chapter. And at the end of it, there will be one more Wi-Fi ninja in the air.
Here is the complete chapter by chapter review,
First chapter starts with the famous line from `Abraham Lincoln' pressing on the importance of setting up the play ground,
"If I had eight hours to chop down a tree, I'd spend six hours sharpening my axe."
It lists both hardware/software requirements with 2 Wi-Fi enabled laptops, one injectible Wi-Fi card (Alfa AWUS036H) & a access point. Some more listing of alternative injectible Wi-Fi cards would have been better though. It is often difficult to get the right one especially for those who are outside USA/UK. In my initial days of wardriving, I remember waiting for entire year to get my first injectible USB dongle. And without the right card, you are on the back foot as you can't perform most of the attacks.
Remaining portion of first chapter shows how to install BackTrack, Setting up access point and wireless cards in detail with screenshots. Next one explains in brief about wireless frames and shows how to capture the Wi-Fi packets in the air and inject your own packets using Alfa card.
It goes more interesting with chapter 3 showing how to bypass various wireless security restrictions such as hidden SSIDs, defeating MAC filters, bypassing WEP authentication etc. Next it shows how to really crack those 128 bit WEP keys using aircrack-ng tool. Finally it describes how we can use these cracked WEP/WPA passphrase to decrypt wireless data packets and directly connect to WEP/WPA network.
Chapter 5 explains various Denial of Service (DoS) attacks including De-Authentication, Dis-Association, CTS-RTS attack & spectrum jamming. It also shows how one can perform `Evil Twin' attack against legitimate Access point and how to setup rogue access point to gain backdoor entry into the network.
Often the weakest point lies at the client side, so the chapter 6 goes to describe all those attacks one can perform on wireless clients including Honeypot and Mis-Association attacks, Caffe Latte attack, De-Authenticaton and Dis-Association attacks, Hirte attack, AP-less WPA-Personal cracking etc. Next one shows how to perform wireless based Man-in-the-Middle (MITM) attacks and then use it for sniffing and hijacking of user sessions.
Chapter 8 focuses on WPA-enterprise based attacks such as exploiting the weakness in PEAP, EAP-TLS protocols. It ends with recommendation on secure wireless configuration using `WPA2-PSK with a strong passphrase' for smaller/medium size organizations and `WPA2-Enterprise with EAP-TLS' for larger organizations.
Final chapter touches very briefly on pen testing methodologies and then goes more into wireless pen testing using the attacks explained in previous chapters. It starts with step by step of discovery of wireless devices, finding unauthorized clients, rogue access points and then cracking the wireless encryption using the attacks demonstrated in previous chapters.
Highlights of the Book
* Very well written and enjoyable to read
* Practical and includes latest stuff from wireless field
* Every attack technique is very well shown with complete technical details and illustrative screenshots.
* Includes action items for reader to explore more and gain more expertise
* Pop Quiz at the end of each chapter ensures that you were not dozing off
After reading this book completely, one thing is sure that you would like to change its title from "Beginners guide" to "Not just Beginners guide". Even though its his first book, I am amazed with his style of writing and `connecting with reader' mentality making it easier to grasp and enjoyable to read on.
And here comes the final verdict,
"Written by wireless expert, this book goes beyond the words and highly recommended to anyone willing to master Wi-Fi Kung Fu."
As another reviewer pointed out, the pages regularly consist of 50-90% screenshots of commands being run and the resulting output. In general I think this is a good idea, as it lets the reader know exactly what the command should look like when it is typed in and what they should expect to see for output. This is taken to ridiculous extremes, such as when the author instructs to change the wireless protection on the AP, there are repeated screenshots of his setup. Maybe the first one had purpose, but showing it every time is just padding.
And for as little content I feel was covered in the book, there sure was a lot of padding, and I mean beyond the "make sure packets are being collected by running Wireshark" with an accompanying picture of a Wireshark capture (repeatedly). De-authentication attacks are used twice prior to being introduced as a means of a DoS attack, and yet instead of covering something new (such as the Dis-Association attack which is left to the reader to figure out on their own) the author decides to plow through and describe how to send de-authentication packets for a third time. Using aircrack to implement the Caffe-Latte and Hirte attacks are both covered separately, despite the fact that they differ by a single command line argument. It genuinely baffles me why the author chose to recover extremely similar attacks and in some cases the exact same material, while leaving others as assignments for the reader.
I am also a bit confused about the level of experience the reader is expected to have before entering. While the book clearly says it is for beginners and the vast majority of its material is presented at a good hand-holding pace for beginners (not an insult at all), there are other times when knowledge is assumed that I am not sure it is safe to be assumed. When I bought a book on Wireshark, it assumed the reader had knowledge of packet structure, yet still gave a very thorough chapter to covering the vital aspects in case the reader was not familiar. This book for beginners assumes a knowledge of how WLAN frames are organized, and gives a cursory 2 pages to explaining it for the uninitiated. In a section on creating network bridges, the ability to use WLAN's on both sides of the bridge is mentioned and left for the reader to implement themselves. However, I have found it to be very different from the method required by ethernet that is covered in the book, and a helpful weblink would have been great if the author did not see fit to actually cover the steps himself.
And there is my criticism with the book. It hammers home and repeats concepts which are mostly summed up as "type exactly what is on the page" and skips over the cryptographic and networking theory, as well as techniques that are constantly mentioned but never actually covered beyond leaving them as an exercise for the reader. I am not opposed to doing external research, but when I feel that I could have just done the research (mostly via aircrack-ng.org) and gained the same practical knowledge of how to implement the attacks as well as a more firm understanding of the theory behind them, I cannot say I am happy to have spent $50 on this book.
Again, not all of this falls on the author or the book, as some of it was that my expectations were not in line with what was presented. A lot of topics are covered, a handful of tools (notably aircrack and Wireshark) are given varying degrees of coverage. There are helpful links to get to other material, and the pacing is great for a beginner. But for $50 I expect a lot more content, and a lot less repetition and unnecessary pictures.
This book is published by Packt Publishing. I was sent an ebook version of the book. I must say that I really appreciate Packt's way of sending a nice non-DRM version of the book for my evaluation. What's to stop me from reselling the book or handing it down to my students (aside from CISSP mofo code of ethics)? At the bottom of every page there is a statement saying this book was created for my sole usage. As a professor, I really like this solution. So many other publishers refuse to send e-books because they are overly concerned about DRM, and don't realize that I can just as easily scan or copy a paper book to hand out if I'm ethically challenged.
So what's in this book anyway? Vivek starts the book with a chapter telling you how to set up an appropriate lab to do all of the things discussed in the book. His directions are straightforward. Vivek recommends an Alpha wireless adapter. I did all the labs in the book with a Hawking HWU8DD high-gain wireless-G dish adapter that I had available and everything seemed to work well. I'm sure that there are other adapters out there that would also work well for anyone using this book.
In the second chapter, Vivek provides a comprehensive overview of why wifi is inherently insecure. From here he goes on to discuss ways of bypassing authentication. In the fourth chapter, Vivek discusses encryption. The conversation goes well beyond what is wrong with WEP and includes ways to speed up WPA/WPA2 cracking as well.
In chapter 5, Vivek talks about attacking the infrastructure. Topics covered include default accounts and DoS attacks. From here the focus is shifted to attacking the client. Naturally, some attention is given to the Caffe Latte attack against WEP that Vivek discovered some years ago. For the record, I think this is one of the cooler attacks given the ability to attack a network that is potentially miles and miles away.
Chapters 7 & 8 deal with more advanced attacks such as man-in-the-middle and attacks against WPA-Enterprise. While not too many people (at least in the USA) seem to be using WPA-Enterprise, it certainly doesn't hurt to know how to attack it should the need arise.
The final chapter discusses wireless pen testing methodology. Concluding thoughts and answers to pop quizzes are found in the appendices.
What do I like about this book? This book is very approachable. Vivek doesn't assume you are starting this book as a wifi or even networking expert. Anyone with half a clue about how networking and wifi work could successfully learn from this book. The book emphasizes doing over theory. Activities to actually try and see for yourself are everywhere in the book. Instead of droning on and on about the theory of this and that and having some exercises at the the end of the chapters, Vivek says do this and see what happens, now do that, then he discusses what has just been seen. I like his teaching style.
I'm sure someone out there will say "Why should I drop $50 on this book, when it essentially parallels the freely available megaprimer on SecurityTube?" My response to this is: first of all, shame on you. Stop being such a cheapskate. Vivek has obviously put a lot of work into developing an excellent tutorial and the man deserves a little compensation. Secondly, even if you have a problem giving up a few dollars for the book over just watching the video, some times you just want to have a book. It is a lot easier to check or refresh your knowledge on something using the book than it is to try and figure out which of the 40+ videos a topic was discussed in. Because the book essentially parallels the video, I would recommend you read the book and watch the videos, especially if you are going through the book on your own.
Now for the bad news. What didn't I like about this book. I thought about it for a while and nothing really comes to mind. I think this is an excellent book for anyone wanting to learn more about wireless security. When you consider that there are 12+ hours of video available to supplement the book (not that I feel this is necessary) $50 is a good deal for this book.