Anyone interested in gaining a deeper knowledge of wireless security and exploiting vulnerabilities will need a good set of base tools with which to work. Fortunately, there are an abundance of free tools available on the internet. This list is not meant to be comprehensive in nature but rather to provide some general guidance on recommended tools to build your toolkit.

Finding Wireless Networks

Locating a wireless network is the first step in trying to exploit it. There are two tools that are commonly used in this regard:Network Stumbler a.k.a NetStumbler – This Windows based tool easily finds wireless signals being broadcast within range – A must have. It also has ability to determine Signal/Noise info that can be used for site surveys. I actually know of one highly known public wireless hotspot provider that uses this utility for their site surveys.

Kismet – One of the key functional elements missing from NetStumbler is the ability to display Wireless Networks that are not broadcasting their SSID. As a potential wireless security expert, you should realize that access Points are routinely broadcasting this info; it just isn’t being read/deciphered. Kismet will detect and display SSIDs that are not being broadcast which is very critical in finding wireless networks.

Attaching to the Found Wireless Network

Once you’ve found a wireless network, the next step is to try to connect to it. If the network isn’t using any type of authentication or encryption security, you can simply connect to the SSID. If the SSID isn’t being broadcast, you can create a profile with the name of the SSID that is not being broadcast. Of course you found the non-broadcast SSID with Kismet, right? If the wireless network is using authentication and/or encryption, you may need one of the following tools.Airsnort – This is a very easy to use tool that can be used to sniff and crack WEP keys. While many people bash the use of WEP, it is certainly better than using nothing at all. Something you’ll find in using this tool is that it takes a lot of sniffed packets to crack the WEP key. There are additional tools and strategies that can be used to force the generation of traffic on the wireless network to shorten the amount of time needed to crack the key, but this feature is not included in Airsnort.

CowPatty – This tool is used as a brute force tool for cracking WPA-PSK, considered the "New WEP" for home Wireless Security. This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key.

ASLeap – If a network is using LEAP, this tool can be used to gather the authentication data that is being passed across the network, and these sniffed credentials can be cracked. LEAP doesn’t protect the authentication like other "real" EAP types, which is the main reason why LEAP can be broken.

Sniffing Wireless Data

Whether you are directly connected to a wireless network or not, if there is wireless network in range, there is data flying through the air at any given moment. You will need a tool to be able to see this data.Wireshark (formerly Ethereal) – While there has been much debate on the proper way to pronounce this utility, there is no question that it is an extremely valuable tool. Ethereal can scan wireless and Ethernet data and comes with some robust filtering capabilities. It can also be used to sniff-out 802.11 management beacons and probes and subsequently could be used as a tool to sniff-out non-broadcast SSIDs.

The aforementioned utilities, or similar ones, will be necessities in your own wireless security toolkit. The easiest way to become familiar with these tools is to simply use them in a controlled lab environment. And cost is no excuse as all of these tools are available freely on the Internet.

Protecting Against These Tools

Just as it’s important to know how to utilize the aforementioned tools, it is important to know best practices on how to secure your Wireless Network Against these tools.

NetStumbler

– Do not broadcast your SSID. Ensure your WLAN is protected by using advanced Authentication and Encryption.

Kismet

– There’s really nothing you can do to stop Kismet from finding your WLAN, so ensure your WLAN is protected by using advanced Authentication and Encryption

Airsnort

– Use a 128-bit, not a 40-bit WEP encryption key. This would take longer to crack. If your equipment supports it, use WPA or WPA2 instead of WEP (may require firmware or software update).

Cowpatty

– Use a long and complex WPA Pre-Shared Key. This type of key would have less of a chance of residing in a dictionary file that would be used to try and guess your key and/or would take longer. If in a corporate scenario, don’t use WPA with Pre-Shared Key, use a good EAP type to protect the authentication and limit the amount of incorrect guesses that would take place before the account is locked-out. If using certificate-like functionality, it could also validate the remote system trying to gain access to the WLAN and not allow a rogue system access.

ASLeap – Use long and complex credentials, or better yet, switch to EAP-FAST or a different EAP type.

Ethereal

– Use encryption, so that anything sniffed would be difficult or nearly impossible to break. WPA2, which uses AES, is essentially unrealistic to break by a normal hacker. Even WEP will encrypt the data. When in a Public Wireless Hotspot (which generally do not offer encryption), use application layer encryption, like Simplite to encrypt your IM sessions, or use SSL. For corporate users, use IPSec VPN with split-tunneling disabled. This will force all traffic leaving the machine through an encrypted tunnel that would be encrypted with DES, 3DES or AES.

 

As I searched for useful hack tools I became especially excited about Aircrack. Aircrack is a package of great wireless auditing tools. It includes:

Airodump: 802.11 packet capture program
Aireplay: 802.11 packet injection program
Aircrack: static WEP and WPA-PSK key cracker
Airdecap: decrypts WEP/WPA capture files

The amount of time it takes to hack an encrypted wireless network is dependent on the amount of traffic. Less traffic means the hack will take more time and vise versa. That's why the Aireplay tool is so exciting. It is basically a traffic generator, which enables the hacker to up the networks traffic level, thus speeding up the hack.

The other tools that caught my interest are Aircrack and Airdecap because they work for both WEP and WPA encryption, which in my experience thus far hacking tools are typically limited to WEP.

All IT/Tech geeks know that WEP can be cracked with relative ease, but what is not as well know is how quick/easy it is to crack WPA-PSK encrypted network. Since the tool exists we've decided to expand our scope to cracking a WPA-PSK encrypted network rather then a WEP encrypted network.

Now all of my comments on Aircrack thus far are only based on research. Hopefully we will be able to play with these tools tonight and find out how well they work. I will be sure to give a review of the package once we've finished our work.

If anyone has experience with this package I welcome your comments/lessons learned.

 

Operation SATCOMM

Picked up two Netgear WG511T PCMCIA cards, got the Auditor’s Security Collection as of around June 2006 (I had tried doing this on my own around then, before realizing that my DWL-630 PCMCIA card is on the non-functioning hardware list) and went to work. The first thing I found was that a lot of the documentation on how to do this tends to be specific to software versions, hardware, etc. For example, to perform the deauthentication attack, the guide from Tom’s Hardware uses the void11 tool, which is specific to Prism cards, but the Netgear has a Atheros chipset. Other sites, such as this wiki seemed to use versions of the software tools that had different options from the ones that came from that particular version of the Auditor’s disk, even though it was a useful discussion of the principles involved. There’s also an entertaining video of a fast WEP crack, but they either skip over some steps or were very lucky in an ARP packet capture.

These are notes on what to do, with the hardware on hand, and that particular version of the Security Collection’s tools. As usual, cracking other people’s WEP without permission is illegal; these are notes in a lab/challenge setting.

1. The first thing is to run kismet to survey the area. The items to record on the kismet scan are the target WLAN’s AP’s BSSID/MAC, the channel, and the MAC of an associated client. "h" will give kismet’s help screen, but the relevant keys to push once the target WLAN is selected is "i" for detailed information on the WLAN and "shift-C" for the associated clients.

2. The Atheros cards have to be put in monitor mode:

# iwconfig ath0 mode monitor channel CHANNEL

where CHANNEL is the channel of the target WLAN.

3. You now sniff for IVs:

# airodump ath0 FILENAME MAC_OF_AP

where FILENAME is the destination of the dump, and MAC_OF_AP is the MAC of the access point.

Note that running kismet first will do something with the config of the card. I couldn’t get the airodump command to run without first running kismet, and running the above iwpriv and iwconfig commands.

There may be more than one WLAN displayed. The column to pay attention to is the one counting the IVs that have been captured. You want this number to be at least 100,000 if you’re targetting a 64-bit key, and at least 200,000 for a 128-bit key. This will be incrementing relatively slowly, depending on how busy the WLAN is.

4. Force the generation of IVs. You will attempt to capture ARP packets, as these are associated with IV packets. When you get an ARP packet, you will replay it, which forces extra traffic at the access point, thereby making Step 3 much faster.

# aireplay -n 68 -m 68 -b MAC_OF_AP -d ff:ff:ff:ff:ff:ff ath0

The "-n" and "-m" options specify the packet min and max size, both set at 68 for ARP packets. "-b" is the source, and "-d" is the (null) destination for the ARP request.

This will tick by, with aireplay reporting on how many packets it’s seen. If it sees a packet fitting the specified criteria, it’ll ask you if you want to use this for replay. I got lucky, and an ARP request came by relatively soon. Using that ARP packet allowed me to spin up the IV counter in airodump, so that I had about 200,000 packets in 5 minutes or so.

Of course, it may take a while before an ARP packet comes by. You can force extra ARP traffic by using a second machine to launch a deauthentication attack against an associated client:

# airforge MAC_OF_AP MAC_OF_DEST FILENAME
# aireplay -m 26 -u 0 -v 12 -w 0 -x 10 -r FILENAME ath0

So, the airforge command creates a deauth packet from MAC_OF_AP to the MAC_OF_DEST (the MAC of associated client you saw on the kismet survey) and saves it as FILENAME. The aireplay command then just sends the packet from FILENAME out on the wireless. Note the "-x" option is set to send out 10 packets/second, which is good enough to cause a lot of packet loss on a standard ping to the client machine.

The first machine should see the ARP traffic in its aireplay, and you should be good to go from there.

5. Once enough IVs have accumulated, it’s time to run the cryptanalysis program:

# aircrack -m MAC_OF_AP FILENAME

where FILENAME is the filename of the airodump file. You can run this while airodump is still working and writing to the file. On a 128-bit key with around 250K - 300K IVs, I got a crack in a couple tens of seconds. The key will be in hex form. You can go verify this against the access point’s configuration, seeing as how you’re doing this in a lab and have full control over all the hardware.

Knowledge Is Power...

...Don't Have It Used Against You!

http://OpSec.spaces.live.com

Wireless Security

 

Wireless networks are very common, both for organizations and individuals. Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking has many security issues. Crackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into wired networks.

Security risks

The risks to users of wireless technology have increased as the service has become more popular. There were relatively few dangers when wireless technology was first introduced. Crackers had not yet had time to latch on to the new technology and wireless was not commonly found in the work place. However, there are a great number of security risks associated with the current wireless protocols and

encryption methods, and in the carelessness and ignorance that exists at the user and corporate IT level. Cracking methods have become much more sophisticated and innovative with wireless. Cracking has also become much easier and more accessible with easy-to-use Windows-based and Linux-based tools being made available on the web at no charge.  

Wireless being used to crack into non-wireless networks

Some organizations that have no wireless access points installed do not feel that they need to address wireless security concerns. In-Stat MDR and META Group have estimated that 95% of all corporate laptop computers that were planned to be purchased in 2005 were equipped with wireless. Issues can arise in a supposedly non-wireless organization when a wireless laptop is plugged into the corporate network. A cracker could sit out in the parking lot and break in through the wireless card on a laptop and gain access to the wired network.  

Types of unauthorized access to company networks

  

Accidental association

Unauthorized access to company wireless and wired networks can come from a number of different methods and intents. One of these methods is referred to as "accidental association". When a user turns on a computer and it latches on to a wireless access point from a neighboring company’s overlapping network, the user may not even know that this has occurred. However, it is a security breach in that proprietary company information is exposed and now there could exist a link from one company to the other. This is especially true if the laptop is also hooked to a wired network.  

Malicious association

"Malicious associations" are when wireless devices can be actively made by crackers to connect to a company network through their cracking laptop instead of a company access point (AP). These types of laptops are known as "soft APs" and are created when a cracker runs some

software that makes his/her wireless network card look like a legitimate access point. Once the cracker has gained access, he/she can steal passwords, launch attacks on the wired network, or plant trojans. Since wireless networks operate at the Layer-2 level, Layer-3 protections such as network authentication and virtual private networks (VPNs) offer no barrier. Wireless 802.1x authentications do help with protection but are still vulnerable to cracking. The idea behind this type of attack may not be to break into a VPN or other security measures. Most likely the cracker is just trying to take over the client at the Layer-2 level.  

Ad-hoc networks

Ad-hoc networks can pose a security threat. Ad-hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point in between them. While these types of networks usually have little protection, encryption methods can be used to provide security.  

Non-traditional networks

Non-traditional networks such as personal network

Bluetooth devices are not safe from cracking and should be regarded as a security risk. Even barcode readers, handheld PDAs, and wireless printers and copiers should be secured. These non-traditional networks can be easily overlooked by IT personnel who have narrowly focused on laptops and access points.  

Identity theft (MAC spoofing)

Identity theft (or

MAC spoofing) occurs when a cracker is able to listen in on network traffic and identify the MAC address of a computer with network privileges. Most wireless systems allow some kind of MAC filtering to only allow authorized computers with specific MAC IDs to gain access and utilize the network. However, a number of programs exist that have network "sniffing" capabilities. Combine these programs with other software that allow a computer to pretend it has any MAC address that the cracker desires, and the cracker can easily get around that hurdle.  

Man-in-the-middle attacks

A

man-in-the-middle attacker entices computers to log into a computer which is set up as a soft AP (Access Point). Once this is done, the hacker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent hacking computer to the real network. The hacker can then sniff the traffic. One type of man-in-the-middle attack relies on security faults in challenge and handshake protocols to execute a "de-authentication attack". This attack forces AP-connected computers to drop their connections and reconnect with the cracker’s soft AP. Man-in-the-middle attacks are enhanced by software such as LANjack and AirJack, which automate multiple steps of the process. What once required some skill can now be done by script kiddies. Hotspots are particularly vulnerable to any attack since there is little to no security on these networks.  

Denial of service

A

Denial-of-Service attack (DoS) occurs when an attacker continually bombards a targeted AP (Access Point) or network with bogus requests, premature successful connection messages, failure messages, and/or other commands. These cause legitimate users to not be able to get on the network and may even cause the network to crash. These attacks rely on the abuse of protocols such as the Extensible Authentication Protocol (EAP).  

Network injection

In a network injection attack, a cracker can make use of access points that are exposed to non-filtered network traffic, specifically broadcast network traffic such as "

Spanning Tree" (802.1D), OSPF, RIP, and HSRP. The cracker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even reprogramming of all intelligent networking devices.  

Caffe Latte attack

The Caffe Latte attack debunks the age old myth that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network, with at least one functional Access Point up and running. Using the Caffe Latte attack trick, it is possible to retrieve the WEP key from an isolated Client using a new technique called "AP-less WEP Cracking". The attack uses various behavioral characteristics of the Windows Wireless stack along with already known flaws in WEP. The attacker exploits the shared key authentication flaw and the message modification flaw in 802.11 WEP, to send a flood of encrypted ARP requests to the isolated Client. The Client replies to these requests with a barrage of encrypted ARP responses. The attacker uses these ARP responses and plug them into the PTW cryptographic attack and recover the WEP key in less than 6 minutes.  

Counteracting risks

Risks from crackers are sure to remain with us for any foreseeable future. The challenge for IT personnel will be to keep one step ahead of crackers. Members of the IT field need to keep learning about the types of attacks and what counter measures are available.  

Methods of counteracting security risks

There are many technologies available to counteract wireless network intrusion, but currently no method is absolutely secure. The best strategy may be to combine a number of security measures.

There are three steps to take towards securing a wireless network:

All wireless LAN devices need to be secured

All users of the wireless network need to be educated in wireless network security

All wireless networks need to be actively monitored for weaknesses and breaches  

MAC ID filtering

Most wireless access points contain some type of

MAC ID filtering that allows the administrator to only permit access to computers that have wireless functionalities that contain certain MAC IDs. This can be helpful; however, it must be remembered that MAC IDs over a network can be faked. Cracking utilities such as SMAC are widely available, and some computer hardware also gives the option in the BIOS to select any desired MAC ID for its built in network capability..  

Static IP Addressing

Disabling at least the

IP Address assignment function of the network's DHCP server, with the IP addresses of the various network devices then set by hand, will also make it more difficult for a casual or unsophisticated intruder to log onto the network. This is especially effective if the subnet size is also reduced from a standard default setting to what is absolutely necessary and if permitted but unused IP addresses are blocked by the access point's firewall. In this case, where no unused IP addresses are available, a new user can log on without detection using TCP/IP only if he or she stages a successful Man in the Middle Attack using appropriate software. 

WEP encryption

Main article: Wired Equivalent Privacy

WEP stands for Wired Equivalency Privacy. This encryption standard was the original encryption standard for wireless. As its name implies, this standard was intended to make wireless networks as secure as wired networks. Unfortunately, this never happened as flaws were quickly discovered and exploited. There are several Open Source utilities like aircrack-ng, weplab, WEPCrack or airsnort that can be used by crackers to break in by examining packets and looking for patterns in the encryption. WEP comes in different key sizes. The common key lengths are currently 128- and 256-bit. The longer the better as it will increase the difficulty for crackers. However, this type of encryption has seen its day come and go. In 2005 a group from the FBI held a demonstration where they used publicly available tools to break a WEP encrypted network in three minutes. WEP protection is better than nothing, though generally not as secure as the more sophisticated WPA-PSK encryption. A big problem is that if a cracker can receive packets on a network, it is only a matter of time until the WEP encryption is cracked.

It should be noted that WEP has some serious issues. First, it does not deal with the issue of key management at all. Either the keys have to be manually given to end users, or they have to be distributed in some other authentication method. Since WEP is a shared key system, the AP uses the same key as all the clients and the clients also share the same key with each other. A hacker would only have to compromise the key from a single user, and he would then know the key for all users.

In addition to key management, a recently published paper describes ways in which WEP can actually be broken ("Weaknesses in the Key Scheduling Algorithm of RC4" by Fluhrer, Mantin and Shamir). This is due to a weakness in RC4 as it is implemented in WEP. If enough traffic can be intercepted, then it can be broken by brute force in a matter of an hour or two. If that weren’t bad enough, the time it takes to crack WEP only grows linearly with key length, so a 104-bit key doesn’t provide any significant protection over a 40-bit key when faced against a determined hacker. There are several freely available programs that allow for the cracking of WEP. WEP is indeed a broken solution, but it should be used as it is better than nothing. In addition, higher layer encryption (SSL, etc) should be used when possible.  

WPA

Main article:

Wi-Fi Protected Access

Wi-Fi Protected Access (

WPA) is an early version of the 802.11i security standard that was developed by the Wi-Fi Alliance to replace WEP. The TKIP encryption algorithm was developed for WPA to provide improvements to WEP that could be fielded as firmware upgrades to existing 802.11 devices. The WPA profile also provides optional support for the AES-CCMP algorithm that is the preferred algorithm in 802.11i and WPA2.

WPA Enterprise provides

RADIUS based authentication using 802.1x. WPA Personal uses a pre-shared Shared Key (PSK) to establish the security using an 8 to 63 character passphrase. The PSK may also be entered as a 64 character hexadecimal string. Weak PSK passphrases can be broken using off-line dictionary attacks by capturing the messages in the four-way exchange when the client reconnects after being deauthenticated. Wireless suites such as aircrack-ng can crack a weak passphrase in less than a minute. WPA Personal is secure when used with ‘good’ passphrases or a full 64-character hexadecimal key.  

WPA2

Main article:

IEEE 802.11i

WPA2 is a WiFi Alliance branded version of the final 802.11i standard. The primary enhancement over WPA is the inclusion of the AES-CCMP algorithm as a mandatory feature. Both WPA and WPA2 support EAP authentication methods using RADIUS servers and preshared key (PSK) based security.  

802.1X

Main article:

IEEE 802.1X

This is an

IEEE standard for access of wireless and wired LANs. It provides for authentication and authorization of LAN nodes. This standard defines the Extensible Authentication Protocol (EAP) which uses a central authentication server. Unfortunately, during 2002 a Maryland professor discovered some shortcomings.  

LEAP

Main article:

Lightweight Extensible Authentication Protocol

This stands for the

Lightweight Extensible Authentication Protocol. This protocol is based on 802.1X and helps minimize the original security flaws by using WEP and a sophisticated key management system. This also uses MAC address authentication. LEAP is not safe from crackers. THC-LeapCracker can be used to break Cisco’s version of LEAP and be used against computers connected to an access point in the form of a dictionary attack.  

PEAP

Main article:

Protected Extensible Authentication Protocol

This stands for

Protected Extensible Authentication Protocol. This protocol allows for a secure transport of data, passwords, and encryption keys without the need of a certificate server. This was developed by Cisco, Microsoft, and RSA Security. 

TKIP

Main article:

TKIP

This stands for

Temporal Key Integrity Protocol and the acronym is pronounced as tee-kip. This is part of the IEEE 802.11i standard. TKIP implements per-packet key mixing with a re-keying system and also provides a message integrity check. These avoid the problems of WEP.  

RADIUS

Main article:

RADIUS

This stands for

Remote Authentication Dial In User Service. This is an AAA (authentication, authorization and accounting) protocol used for remote network access. This service provides an excellent weapon against crackers. RADIUS was originally proprietary but was later published under ISOC documents RFC 2138 and RFC 2139. The idea is to have an inside server act as a gatekeeper through the use of verifying identities through a username and password that is already pre-determined by the user. A RADIUS server can also be configured to enforce user policies and restrictions as well as recording accounting information such as time connected for billing purposes.  

WAPI

Main article:

WAPI

This stands for WLAN Authentication and Privacy Infrastructure. This is a wireless security standard defined by the

Chinese government.  

Keyless Authentication

Is there a solution that requires neither passwords nor

digital certificates to authenticate a terminal on the wireless LAN?  

Smart cards, USB tokens, and software tokens

This is a very high form of security. When combined with some server software, the hardware or software card or token will use its internal identity code combined with a user entered

PIN to create a powerful algorithm that will very frequently generate a new encryption code. The server will be time synced to the card or token. This is a very secure way to conduct wireless transmissions. Companies in this area make USB tokens, software tokens, and smart cards. They even make hardware versions that double as an employee picture badge. Currently the safest security measures are the smart cards / USB tokens. However, these are expensive. The next safest methods are WPA2 or WPA with a RADIUS server. Any one of the three will provide a good base foundation for security. The third item on the list is to educate both employees and contractors on security risks and personal preventive measures. It is also IT's task to keep the company workers' knowledge base up-to-date on any new dangers that they should be cautious about. If the employees are educated, there will be a much lower chance that anyone will accidentally cause a breach in security by not locking down their laptop or bring in a wide open home access point to extend their mobile range. Employees need to be made aware that company laptop security extends to outside of their site walls as well. This includes places such as coffee houses where workers can be at their most vulnerable. The last item on the list deals with 24/7 active defense measures to ensure that the company network is secure and compliant. This can take the form of regularly looking at access point, server, and firewall logs to try and detect any unusual activity. For instance, if any large files went through an access point in the early hours of the morning, a serious investigation into the incident would be called for. There are a number of software and hardware devices that can be used to supplement the usual logs and usual other safety measures. 

Mobile Devices and Wireless IPS

With increasing number of mobile devices with 802.1x interfaces, security of such mobile devices becomes a concern. While open standards such as Kismet [external link] is targeted towards securing laptops, access points solutions should extend towards covering mobile devices also. Host based solutions for mobile handsets and

PDA's with 802.1x interface.

Security within mobile devices fall under two categories:

Protecting against ad-hoc networks

Connecting to rogue access points

Mutual authentication schemes such as WPA2 as described above

It should be noted that

wireless IPS alone does not guarantee complete security on a device. Its part of a bigger solution.  

See also

Electromagnetic shielding

Stealth wallpaper

SpyGuard

TEMPEST

Kismet  

External Articles

A guide to Wireless Security

Caffe Latte Vulnerability presentation made at TOORCON9 in San Diego on October 21, 2007  

References

http://www.wvewireless.org wireless vulnerabilities Website

http://www.kismetwireless.net/ Kismet Open Standards for IPS/Sniffers

http://www.wifialliance.org/ wifi alliance for wpa2 standards

Wireless Security Tools From

http://security-freak.net/videos.html#securitytools

"Securing the Mobile Enterprise for Dummies" A book by Network Chemistry, Inc. © 2006 Network Chemistry, Inc. From http://www.networkchemistry.com

"Best Practices for Rogue Wireless LAN Detection" A white paper by AirDefense, Inc. © 2003 AirDefense, Inc. From http://www.airdefense.net

"Wireless LAN Security: What Hackers Know That You Don’t" A white paper by AirDefense, Inc. © 2002-2005 AirDefense, Inc. From http://www.airdefense.net

"Layered Approach to Wireless Network Security and Management" A white paper by AirDefense, Inc. © 2002-2005 AirDefense, Inc. From http://www.airdefense.net

"Navis iOperations Software — NavisRadiusTM-BP AAA Policy Management Solution" Software Marketing brochure #RCN08/01 © 2001 Lucent Technologies Inc.

"RSA SecurID Authenticators — The gold standard in two-factor user authentication." Brochure #SID DS 0205 © 2004-2005 RSA Security Inc. All rights reserved.

"RSA SecurID® 6100 USB Token — Extending the power of Java® platform smart cards for increased ease-of-use" Brochure #SIDUSB DS 0303 © 2003 RSA Security Inc. All rights reserved.

"Wireless Security — Four Steps you need to Take" http://www.linksys.com/edu/page10.asp

Linksys’s "Educate Me/Wireless Security—Wi-Fi Protected Access™ (WPA) Security" at http://www.linksys.com/edu/wpa.asp

"Security Aspects of Wireless Networking" a college report by John K. Sturm, Lahela Corriagn, and Kevin H. Carley

"Cafe Latte attack steals credentials from Wi-Fi clients" an article By John Leyden http://www.theregister.co.uk/2007/10/18/cafe_latte_wi-fi_attack/

Knowledge Is Power...

...Don't Have It Used Against You!

http://OpSec.spaces.live.com

 

Retrieved from "http://en.wikipedia.org/wiki/Wireless_security"