SECURITY 617

Wireless Ethical Hacking, Penetration Testing, and Defenses

Wireless technology fundamentally changes accepted security paradigms. With the pervasive deployment of wireless technology, attackers have latched on with sophisticated and effective techniques to exploit wireless systems at work, at home, or on the road. Despite the significant threats, organizations are deploying WiFi, Bluetooth, and proprietary wireless technology at a break-neck pace. This can expose internal networks and client systems, often allowing attackers to bypass intrusion detection systems and other defenses.

To be a wireless security expert, you need to have a comprehensive understanding of the technology, the threats, the exploits, and the defense techniques along with hands-on experience in evaluating and attacking wireless networks. This course takes an in-depth look at these fields, exposing you to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, you'll navigate your way through the techniques attackers use to exploit WiFi networks, including attacks against WEP, WPA/WPA2, PEAP, TTLS, and other systems. We'll also examine the commonly overlooked threats associated with Bluetooth, WiMAX, and proprietary wireless systems. Using the SWAT toolkit, we'll back up the course content with hands-on labs and practical exercises designed to reinforce the concepts.

Using assessment and analysis techniques, this course will show you how to identify the threats that expose wireless technology and build on this knowledge to identify defensive techniques that can be used to protect wireless resources.

The SWAT Toolkit consists of:

• Powerful AirPcap TX wireless USB adapter for Windows and Linux systems
• USB Global Positioning System (GPS) adapter
• High-power Bluetooth interface
• All software and tools used in lab exercises

In terms of technical content, this course ranks up at the top for in-depth, comprehensive information about wireless security. However, you don't need to be an expert in wireless technology to succeed in this course. To help students consume the course content, I've written extensive notes for every topic, complete with review question and answer sections and recommendations for additional reading if you want to dig deeper. Many students comment that their favorite part about the course is the hands-on time, which makes up a significant part of the course. Classroom labs are written such that even if you have never used wireless technology or a Linux system before, you'll be able to complete all exercises, and reproduce your results against your own networks when you return to the office. Combined with the excellent SANS instructors, everyone can take this class and gain useful and valuable skills for attacking and defending wireless networks.

The perfect balance of theory and hands on experience.
-James d. Perry II, University of Tennessee

Author Statement

The wireless security field continues to amaze and astound me on a regular basis. In many cases we can observe that wireless LAN security has improved, taking advantage of strong protocols such as WPA or WPA2. While this is a significant boon toward helping secure wireless networks, it isn't slowing down the attack community who is instead focusing their analysis on other weaknesses including vulnerable clients, broken authentication strategies and network manipulation attacks. In addition, attackers are becoming more focused on other wireless systems that have been otherwise overlooked, including Bluetooth, cellular technology and other proprietary systems such as wireless keyboards. While developing this course it became clear to me that in order to be an expert in the wireless security field you not only need to understand the threats of today, but you must also be able to apply the lessons we've learned from past wireless security blunders to new technology. To meet the goal of helping you become a wireless security expert, I take every opportunity to teach about the threats of today as well as how we can critically analyze wireless systems to identify the threats of tomorrow as well. By the end of this course you will have the valuable and in-demand skills necessary to assess the security of wireless technology and to design and deploy systems to protect your organization from wireless threats.
- Joshua Wright