Black Hat USA 2008 Training
Caesars Palace Las Vegas • August 2-7
Invisible Network, Invisible Risk
Adam Laurie
Overview
The explosion of wireless networking has given rise to a parallel explosion of increased risk, due to the ease with which out-of-box deployments can be compromised, and the lack of expertise required to get them up and running in the first place. Recent studies have shown that despite being well known, the problem of open and insecure network deployments is on the increase, and even highly publicized 'war-driving' efforts have done little to curb their growth.
This course will cover the best practice procedures for deploying wireless networks securely, as well as the tools available for both auditing and penetration testing. During the course, students will learn the history of the problems associated with wireless networking, the measures and counter measures taken along the way, and some of the more interesting phenomena surrounding the technology such as war-driving and 'free' community network projects, such as Consume in the UK and BAWUG in the USA.
We will also look at some of the less well known, but increasingly prevalent technologies such as Bluetooth, infra-red, RF and RFID, which carry with them some suprising, unexpected and interesting risks.
Subjects covered:
- Wireless access points.
- Standards: 802.11a/b/g
- 10 golden rules for running a wireless network
- Range considerations
- End-to-End encryption on insecure networks
- WEP, WPA, AES, VPNs
- 802.1x, EAP, Radius, Chap, PAP
- War-driving
- WEP cracking
- Network discovery
- Network sniffing
- Fundamentals - hardware, network layer, application layer
- Linux/BSD tools
- Known exploits & vulnerabilities: Bluejacking, Bluesnarfing, Bluebugging, Bluekissing, Bluebumping
- Range considerations
- Tools
- Known exploits
- Future exploits?
- Tools
- Known exploits
- Future exploits?
- Familiarity with wireless network standards
- Familiarity with wireless network vulnerabilities
- Learn to deploy wireless networks securely
- Learn to audit wireless networks for security
- Learn to use insecure networks securely
- Familiarity with Bluetooth components
- Awareness of risks associated with Bluetooth
- Awareness of other potentially risky technologies
What to Expect
This course is a mixture of lecture and hands-on. Students will have the opportunity to see wireless auditing and hacking tools in use, as well as installing and trying them out for themselves, and there will be plenty of question and answer sessions throughout.
As well as the course notes and slides, students will leave with a CD containing all the tools and drivers used during the course.
Who Should Attend
- Network Managers
- System Administrators
- Road Warriors
Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
Trainer:
Adam Laurie
is Chief Security Officer and Technical Director of The Bunker Secure Hosting Ltd., and has been involved in the computer industry since the Eighties. In the late Nineties, he and his brother, Ben Laurie, published the secure web server package 'Apache-SSL', which went on to become the leading secure web server software worldwide, and set the de-facto standard. This, in turn, led to a focus on computer security, and the founding of 'The Bunker', a hosting facility dedicated to highly-secure hosting. Adam has been responsible, since it's inception, for the recruitment and training of all of the security and sysadmin staff at The Bunker, and continues to provide the framework for ongoing and future training. He is also a long time member of the DEFCON 'goon' staff, and was involved in the initial years of setting up the Black Hat conferences. In his spare time (what little of it there is), he likes to make small (usually round) holes in things, preferably from a great distance.|
Early:
Ends |
Regular: |
Late/Onsite: |
|
USD |
USD |
USD |