Students should bring their own laptop with WIFI and network capability. During the course, network sniffing and wireless discovery tools will be installed.
Students who do not wish to install tools or do not have a suitable laptop available will be able to follow the process on the trainer's demonstration system.
Students should be familiar with installing software and device drivers on Windows® or Linux®, and have a basic working knowledge, at application/port level of TCP/IP and networking in general.
Black Hat Europe 2008 Briefings and Training
Moevenpick Hotel Amsterdam City Centre, the Netherlands • 25-26 March
Invisible Network, Invisible Risk
Adam Laurie
Overview
The explosion of wireless networking has given rise to a parallel explosion of increased risk, due to the ease with which out-of-box deployments can be compromised, and the lack of expertise required to get them up and running in the first place. Recent studies have shown that despite being well known, the problem of open and insecure network deployments is on the increase, and even highly publicized 'war-driving' efforts have done little to curb their growth.
This course will cover the best practice procedures for deploying wireless networks securely, as well as the tools available for both auditing and penetration testing. During the course, students will learn the history of the problems associated with wireless networking, the measures and counter measures taken along the way, and some of the more interesting phenomena surrounding the technology such as war-driving and 'free' community network projects, such as Consume in the UK and BAWUG in the USA.
We will also look at some of the less well known, but increasingly prevalent technologies such as Bluetooth, infra-red, RF and RFID, which carry with them some suprising, unexpected and interesting risks.
Known exploits & vulnerabilities: Bluejacking, Bluesnarfing, Bluebugging, Bluekissing, Bluebumping
Range considerations
Infra-red:
Tools
Known exploits
Future exploits?
RF/RFID:
Tools
Known exploits
Future exploits?
Learning Objectives
Familiarity with wireless network standards
Familiarity with wireless network vulnerabilities
Learn to deploy wireless networks securely
Learn to audit wireless networks for security
Learn to use insecure networks securely
Familiarity with Bluetooth components
Awareness of risks associated with Bluetooth
Awareness of other potentially risky technologies
By the time you have completed this course, you will be confident that you can deploy a wireless network and/or check that your network is secure. You will also learn how to use completely insecure and untrusted networks without compromising your own security.
What to Expect
This course is a mixture of lecture and hands-on. Students will have the opportunity to see wireless auditing and hacking tools in use, as well as installing and trying them out for themselves, and there will be plenty of question and answer sessions throughout.
As well as the course notes and slides, students will leave with a CD containing all the tools and drivers used during the course.
Who Should Attend
Network Managers
System Administrators
Road Warriors
Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
Trainer:
Adam Laurie
is Chief Security Officer and Technical Director of The Bunker Secure Hosting Ltd., and has been involved in the computer industry since the Eighties. In the late Nineties, he and his brother, Ben Laurie, published the secure web server package 'Apache-SSL', which went on to become the leading secure web server software worldwide, and set the de-facto standard. This, in turn, led to a focus on computer security, and the founding of 'The Bunker', a hosting facility dedicated to highly-secure hosting. Adam has been responsible, since it's inception, for the recruitment and training of all of the security and sysadmin staff at The Bunker, and continues to provide the framework for ongoing and future training. He is also a long time member of the DEFCON 'goon' staff, and was involved in the initial years of setting up the Black Hat conferences. In his spare time (what little of it there is), he likes to make small (usually round) holes in things, preferably from a great distance.