Once you implement your “secure” wireless network, the true test is to see how your airwaves and devices look from a hacker’s eye view. There are several must-have tools that can help you along with this. Keep in mind there’s a bit of knowledge required to operate these tools and interpret their findings but it’s not rocket science. With a little bit of reading and some hands-on practice you can use these tools to find out where your wireless network is (still) vulnerable.
In addition to a laptop computer with a mainstream network card, consider adding the following tools to your wireless network security testing toolbox.
- NetStumbler (www.netstumbler.com/downloads) to find out what wireless devices respond to a “hey, anybody there?” request.
- Kismet (www.kismetwireless.net) to find wireless devices that may not respond to NetStumbler requests, capture packets, and much more.
- BackTrack (www.backtrack-linux.org) to be able to run Kismet and a ton of other wireless network tools directly from a bootable CD without having to fuss and cuss getting Linux to work with wireless drivers.
- OmniPeek Network Analyzer (www.wildpackets.com/products/network_analysis_and_monitoring/omnipeek_network_analyzer) to capture packets, look for top talkers, analyze protocols, and practically anything else wireless-related, all in a very easy-to-use graphical interface.
- AirMagnet WiFi Analyzer (www.airmagnet.com/products/wifi_analyzer/) for a really nice graphical representation of anything imaginable involving the 802.11 protocol.
- CommView for WiFi (www.tamos.com/products/commwifi) for a great lower-cost wireless network analyzer alternative to capture packets, monitor the airwaves, capture packets, generate packets (great for wireless packet injection), bandwidth monitoring, and more. To me, the best thing about CommView for WiFi is its top notch WEP and WPA cracking capabilities.
- Aircrack-ng (www.aircrack-ng.org/) for a low-cost (free) way of cracking WEP and WPA-PSKs.
- GFI LANguard (www.gfi.com/lannetscan) and QualysGuard (www.qualys.com) for in-depth vulnerability testing of the hosts on your wireless network including workstations, servers, access points, and more.
- Acunetix Web Vulnerability Scanner (www.acunetix.com) and N-Stalker (www.nstalker.com) for vulnerability testing of the Web interfaces on your access points and related Web hosts.
As you go along with your wireless security testing endeavors, keep in mind the following two things about security testing tools: 1) You’ll likely need multiple tools to ensure you’ve looked at everything, and 2) With a few exceptions, you get what you pay for.
Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. He can be reached through his website at www.principlelogic.com.