***** Hacking Wireless Networks for Dummies. By Kevin Beaver and Peter T. Davis; published by John Wiley & Sons, www.wiley.com (Web); 362 pages; $24.99.
Do you have wireless devices on your network? Are you sure? Are you even sure that you know what they are and how they are configured? The proliferation of wireless technologies and the exploitation of their vulnerabilities and poor configuration make these important questions. In Hacking Wireless Networks for Dummies, security professionals find those answers.
“Ethical hacking” is the focus here. The term refers to the use of tools and techniques of hackers to examine the security status of systems being protected. To qualify as ethical hacking, the authors say, the activity requires explicit written permission to perform a carefully planned set of tests on a network, combined with a follow-up report on what was found and the recommendation and implementation of solutions. Not having this formal permission could lead to legal headaches, as could identifying vulnerabilities and not fixing them.
The book targets security professionals who are already familiar with computers and need to know how to test wireless network security themselves or how to knowledgeably hire someone to do it for them. Many common wireless exploits are discussed, with an eye toward testing for and repairing the associated vulnerabilities. Weaknesses in the most common forms of wireless security receive ample treatment. These include the failings of common encryption schemes.
The authors also offer sound advice on selecting hardware and software to build a wireless-network hacking toolkit. Another interesting section details how to use Google as part of a security assessment by finding public-domain information about a network.
A conversational style makes the difficult concepts go down easily. The authors avoid gratuitous technical jargon and explain jargon when they do use it. The only flaw in the book, and it is substantial, is the layout. Specifically, the book scrimps on space for depictions of screen captures. Often these screen captures can only be read with the aid of a magnifying glass. Readers might thus be inclined to skip these important visuals. Overall, however, this is a good book for security professionals who want to gain a foundation in wireless security.
Reviewer: Brent Campbell, CAS (Certified Anti-terrorism Specialist), is security operations manager and information system security manager of Computer Science Corporation’s Federal Sector, in Falls Church, Virginia. He serves on the ASIS International Information Technology Security Council.