What to bring:
Students should bring their own laptop with WIFI and network capability. During the course, network sniffing and wireless discovery tools will be installed.
Students who do not wish to install tools or do not have a suitable laptop available will be able to follow the process on the trainer's demonstration system.
Students should be familiar with installing software and device drivers on Windows® or Linux®, and have a basic working knowledge, at application/port level of TCP/IP and networking in general.
|
Overview:
The explosion of wireless networking has given rise to a parallel explosion of increased risk, due to the ease with which out-of-box deployments can be compromised, and the lack of expertise required to get them up and running in the first place. Recent studies have shown that despite being well known, the problem of open and insecure network deployments is on the increase, and even highly publicized 'war-driving' efforts have done little to curb their growth.
This course will cover the best practice procedures for deploying wireless networks securely, as well as the tools available for both auditing and penetration testing. During the course, students will learn the history of the problems associated with wireless networking, the measures and counter measures taken along the way, and some of the more interesting phenomena surrounding the technology such as war-driving and 'free' community network projects, such as Consume in the UK and BAWUG in the USA.
We will also look at some of the less well known, but increasingly prevalent technologies such as Bluetooth, infra-red, RF and RFID, which carry with them some suprising, unexpected and interesting risks.
Subjects covered:
- Wireless access points.
- Standards: 802.11a/b/g
- 10 golden rules for running a wireless network
- Range considerations
- End-to-End encryption on insecure networks
Security and encryption:
Authentication:
- 802.1x, EAP, Radius, Chap, PAP
Tools:
- War-driving
- WEP cracking
- Network discovery
- Network sniffing
Bluetooth:
- Fundamentals - hardware, network layer, application layer
- Linux/BSD tools
- Known exploits & vulnerabilities: Bluejacking, Bluesnarfing, Bluebugging, Bluekissing, Bluebumping
- Range considerations
Infra-red:
- Tools
- Known exploits
- Future exploits?
RF/RFID:
- Tools
- Known exploits
- Future exploits?
Learning Objectives:
- Familiarity with wireless network standards
- Familiarity with wireless network vulnerabilities
- Learn to deploy wireless networks securely
- Learn to audit wireless networks for security
- Learn to use insecure networks securely
- Familiarity with Bluetooth components
- Awareness of risks associated with Bluetooth
- Awareness of other potentially risky technologies
By the time you have completed this course, you will be confident that you can deploy a wireless network and/or check that your network is secure. You will also learn how to use completely insecure and untrusted networks without compromising your own security. Just thinkyou'll be able to attend DEFCON and *still* be able to remotely manage your office firewall over the free wireless network at the Riviera Hotel! :)
What to expect:
This course is a mixture of lecture and hands-on. Students will have the opportunity to see wireless auditing and hacking tools in use, as well as installing and trying them out for themselves, and there will be plenty of question and answer sessions throughout.
As well as the course notes and slides, students will leave with a CD containing all the tools and drivers used during the course.
Who Should Attend:
- Network managers
- System administrators
- Road warriors
|
Trainer:
|
Adam Laurie is Chief Security Officer and Technical Director of The Bunker Secure Hosting Ltd., and has been involved in the computer industry since the Eighties. In the late Nineties, he and his brother, Ben Laurie, published the secure web server package 'Apache-SSL', which went on to become the leading secure web server software worldwide, and set the de-facto standard. This, in turn, led to a focus on computer security, and the founding of 'The Bunker', a hosting facility dedicated to highly-secure hosting. Adam has been responsible, since it's inception, for the recruitment and training of all of the security and sysadmin staff at The Bunker, and continues to provide the framework for ongoing and future training. He is also a long time member of the DEFCON 'goon' staff, and was involved in the initial years of setting up the Black Hat conferences. In his spare time (what little of it there is), he likes to make small (usually round) holes in things, preferably from a great distance.
|