BKHKWNFD.RVW 20070930 "Hacking Wireless Networks for Dummies", Kevin Beaver/Peter T. Davis, 2005, 0-7645-9730-2, U$24.99/C$31.99/UK#15.99 %A Kevin Beaver kbeaver@principlelogic.com %A Peter T. Davis %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2005 %G 0-7645-9730-2 %I John Wiley & Sons, Inc. %O U$24.99/C$31.99/UK#15.99 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0764597302/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0764597302/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0764597302/robsladesin03-20 %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation) %P 362 p. %T "Hacking Wireless Networks for Dummies" In the introduction, the authors state that the purpose of the book is to teach the reader, presumably a network administrator, how to test for vulnerabilities in wireless local area networks (WLANs, otherwise known as Wi-Fi), in order that the loopholes may be patched. In other words, another "hack to protect" text. Part one is a foundation for the testing of WLANs, with chapter one being an introduction to the penetration of wireless networks. (This seems to boil down to the fact that you are at risk if you allow unmanaged additions to your network.) Although it is entitled "The Wireless Hacking Process," chapter two actually just lists ten commandments for ethical hacking, and a few general security frameworks documents. Some tools for network discovery are noted in chapter three. Some hardware and software items are described (sometimes in terms of installation) in chapter four. The authors aren't clear about why VMware and Linux are included. Part two turns to some common Wi-Fi assessment programs. Chapter five discusses the human factors leading to insecurity, and recommends users be made aware of certain principles. "Containing the Airwaves," in chapter six, examines signal strength and antenna design, but also enumerates a range of access card settings (under Linux). Utilities for determining the availability for various network services are catalogued in chapter seven. Instruments for determining settings and passwords are mentioned in chapter eight. Chapter nine describes NetStumbler. Advanced intrusion activities are in part three. Kismet and MiniStumbler are outlined in chapter ten. Chapter eleven notes ways to find out about unauthorized nodes associated with your network. Some basic types of network attacks, and advice on the resources necessary to perform them, are in chapter twelve. Somewhat more specialized, chapter thirteen lists various denial of service (DoS) attacks. Chapter fourteen reviews a number of programs for cracking keys for the original WEP (Wired Equivalent Privacy) implementation. As something of a standout in the book, there are also useful suggestions for increasing confidentiality by using alternative encryption protocols. Chapter fifteen has a fairly brief overview of diverse means of authentication. Part four is the mandatory ("... for Dummies") part of tens, with a listing of ten necessary tools, ten mistakes in testing wireless security, and ten tips for following up on assessments. While numerous vulnerabilities and poor practices are noted, advice on countermeasures and controls gets less space. In many cases the suggested safeguard is limited to "do some more research on your own." The material is possibly interesting, but not directly helpful to the network security administrator without further work and study. copyright Robert M. Slade, 2007 BKHKWNFD.RVW 20070930