Penetration Testing as Your First Line of Defense

by Hazrul Aaron.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on network security  

You are here: Categories » Electronics and communication » Network security

It is hard to overemphasize the importance of penetration testing in the overall information security structure and the value of viewing your network through the cracker's eyes prior to further hardening procedures. There are a variety of issues specific to penetration testing on wireless networks.

First of all, the penetration tester should be very familiar with RF theory and specific RF security problems (i.e., signal leak and detectability, legal regulations pertaining to the transmitter power output, and characteristics of the RF hardware involved). Layer 1 security is rarely an issue on wired networks, but it should always be investigated first on wireless nets. The initial stage of penetration testing and security auditing on 802.11 LANs should be a proper wireless site survey: finding where the signal from the audited network can be received, how clear the signal is (by looking at the signal-to-noise ratio (SNR)), and how fast the link is in different parts of the network coverage zone. It must also discover neighboring wireless networks and identify other possible sources of interference.

The site survey serves four major security-related aims:

  1. Finding out where the attackers can physically position themselves.

  2. Detecting rogue access points and neighbor networks (a possible source of opportunistic or even accidental attacks).

  3. Baselining the interference sources to detect abnormal levels of interference in the future, such as the interference intentionally created by a jamming device.

  4. Distinguishing network design and configuration problems from security-related issues

This last point is of particular significance because air is a less reliable medium than copper and fiber and a security-keen administrator can easily confuse network misconfigurations with security violations, in particular, DoS attacks. For example, a host on wireless network might be unable to discover another wireless host that roamed into a "blind spot" and keeps sending SYN packets. Sensitive IDS alarms go off indicating a SYN flood! At the same time the disappeared host stops sending logs to the syslog server. The security system administrator goes to Defcon 1, but five minutes later everything returns to normal (the roaming user has left the "blind spot"). Another example is an "abnormal" amount of packet fragments coming from the WLAN side. Of course it could be a fragmented nmap or hping2 scan by an intruder or an overly curious user, but most likely it has something to do with a much larger default maximum transmission unit (MTU) size on a 802.11 LAN (2312 bits on 802.11 vs. approximately 1500 bits on 802.3/Ethernet taking 802.1q/ISL into account). Whereas for a wireless networker these issues are obvious, for a system administrator not familiar with 802.11 operations they can be a pain in the neck, security and otherwise.

After surveying the network, the next stage of penetration testing is dumping the traffic for analysis and associating with the audited LAN. However, being able to associate to the WLAN is not the end of a penetration test on a wireless network, as many security consultants would have you believe. In fact, it is just a beginning. If penetration testing is looking at the network through the cracker's eyes, then please do so! Crackers do not attack wireless networks to associate and be happy: They collect and crack passwords, attempt to gain root or administrator privileges on all vulnerable hosts in a range, find a gateway to the Internet, and connect to external hosts; finally they hide their tracks. Unless the penetration test demonstrated how possible everything just listed is, it has not reached its goal. Of course new versions of the tools inevitably come out frequently and completely new security software utilities are getting released. At the same time, the process from submitting the book proposition to seeing the work on the shelves is very lengthy. Nevertheless, we aim to provide the latest versions of everything you need to audit 802.11 LAN security and, at least, what we have described in this article should give you a good direction on where to look for the new releases and tools and what they are supposed to do. Besides, the accompanying Web site will be continuously maintained and posted with all recent developments in wireless security and new software releases. Visit it regularly and you won't be disappointed!

Share
Leave a comment or ask a question
Total comments: 0

Network security Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Wireless Security Policy - The first thing to start from when deploying and securing a corporate wireless network is a design of a proper wireless security policy. The best source of information on writing a detailed a (more...)
The Usefulness of WEP Closed ESSIDs MAC Filtering and SSH Port Forwarding - This brings us to the topic of enabling WEP, closed ESSIDs, and MAC filtering as protective measures. Such defenses are "bypassable", you know how to do it. However, there are still sound reaso (more...)
Layer 1 Wireless Security Basics - Let's build on the more technical aspects of the discussed policy considerations. We'll start from physical layer security. The physical layer security of wireless networks encompasses avoiding (more...)
Network Vulnerability Analysis - Vulnerability analysis, sometimes called vulnerability scanning, is the act of determining which security holes and vulnerabilities may be applicable to the target network. In order to do this, (more...)
Wireless attacks at Corporations Small Companies and Home Users - There is a general misconception that only large enterprises are at risk from cracking, wireless cracking included. This is a myth, but it is very prevalent. Large corporations are where the mo (more...)
Practical Use of Asymmetric Cryptography: Key distribution Authentication and Digital signatures - The basic idea of using asymmetric cryptography is distributing public keys while keeping the private keys private and using a person's public key to encrypt data sent to this particular indivi (more...)
Deploying a Linux Based Custom Built Hardened Wireless Gateway - We have to ensure the security of the gateway that separates our AP or bridge or wireless-connected VLAN from the wired side. Such gateways are nothing more (or less) than a flexible stat (more...)
Network Isolation - Isolation of networks affects the flow of network data, which services run on particular systems, and where they are located. It does not affect any of the internal or external network data f (more...)
Ethernet specification - The progenitor of all of today's networks was the Ethernet system originally developed in the 1970s at the Xerox Corporation's Palo Alto Research Center for linking its Alto workstations to lase (more...)
Network Topologies - The topology of a network is the lay of the cables across the land. Most networks involve cables, lots of them, with at least one leading to every PC. Like the proverbial can of worms, they can (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.