Home > Wireless network security testing: Step 2: Searching for Weaknesses
Step-by-Step Guide:
EMAIL THIS LICENSING & REPRINTS

Wireless network security testing: Step 2: Searching for Weaknesses

08 Sep 2006

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

When I assess wireless network security in Windows environments, I frequently come across the following security vulnerabilities. They're actually not hard to find -- especially with a little time and the knowledge of what to look for.

Access point weaknesses

  • Physically insecure installation location

  • Stock omni-directional antenna that sends signals in every direction -- often where they don't need to go

  • Signal power level too high allowing radio signals to leak outside of your building

  • MAC address controls that are easily circumvented

  • WEP, WPA, or WPA2 not being used or not being used properly

  • Management interfaces that are publicly-accessible -- often with weak or no administrator password protection

Wireless client weaknesses

  • Windows systems not protected by a personal firewall that are sharing drives, providing various types of remote connectivity and missing critical software patches

  • Dual-homed systems that are connected to both the wired and wireless networks at the same time

  • Wireless clients with ad-hoc mode enabled

  • Printers installed on the wired network with wireless connectivity left enabled

Also, check out this free downloadable chapter of the book I co-authored, Hacking Wireless Networks For Dummies, for information on network discovery via war driving.


Wireless network security testing

 Home: Introduction
 Step 1: Build your arsenal of tools
 Step 2: Search for weaknesses
 Step 3: Dig in deep to demonstrate the threat

ABOUT THE AUTHOR: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com..
 Copyright 2006 TechTarget

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Network Management features current networking news and in-depth network white papers.
Enterprise IT Solutions explained by experts, make your business decisions with research.
HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersNetworking Product Trials
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2000 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts