Step 1: Build your arsenal of tools

For starters, you need good wireless cards -- not one but two, maybe three. The reason is that different tools require -- or at least work better with -- specific wireless chipsets. I've had good luck with the old Orinoco Gold card as well as the Netgear WAG511v2. Refer to your tool documentation for the best fit. Another good thing to look for is a card that has an external antenna connector for hooking up a Cantenna or similar wireless signal booster device. This can make all the difference in the world when rooting out low-powered or hidden wireless devices.

As far as wireless security testing software goes, I recommend the following:

Free Tools

1. NetStumbler quickly identifies basic wireless devices that will respond to an "anybody out there?" request.

2. Kismet roots out wireless devices that have their SSIDs hidden or otherwise won't respond to basic NetStumbler probes. If you're not into Linux or don't want to spend hours if not days setting up your wireless card drives in Linux, you can run Kismet directly from the BackTrack Live CD.

3. Aircrack is for WEP and WPA pre-shared key cracking.

4. FakeAP on the BackTrack Live CD mimics a legitimate access point and sets up an evil twin attack to see how your users carelessly connect to any old access point.

1. AiroPeek wireless network analyzer to quickly and easily capture packets, look for top talkers, discover rogue systems, and more

2. AirMagnet Laptop Analyzer, among many other things, has a nifty signal strength meter for determining how close or far away a wireless device is when you're walking around trying to locate it.

3. Network Chemistry RFprotect Mobile is a full-featured and simple-to-use option to capture packets, locate legitimate and rogue devices, monitor signal strength and more.

4. CommView WiFi is for low-cost packet capturing, packet generation and more.

Don't overlook the fact that wireless security testing doesn't just involve access points, laptops and the 802.11 protocol. Wireless is merely an entry point into your network -- not necessarily a standalone entity to test. Once you're able to obtain wireless network connectivity via MAC address spoofing, WEP/WPA cracking or whatever, you still have a ways to go poking around your Windows environment and testing Web applications, databases and so on. For a list of recommended tools, check out the Top 15 security tools for testing Windows.

That said, know that you're not going to find all wireless security vulnerabilities with tools alone. Knowledge of how wireless networks work combined with general networking, OS and security experience are all equally important.

Wireless network security testing

 Home: Introduction
 Step 1: Build your arsenal of tools
 Step 2: Search for weaknesses
 Step 3: Dig in deep to demonstrate the threat

ABOUT THE AUTHOR:

Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.. Copyright 2006 TechTarget

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Wireless Windows Mobile security tips for the on-the-go pro Security tools that can boost Windows mobile security Windows mobile security: Get it locked down Remote access security measures for Windows users IT admins get help minding remote users Step 3: Dig in deep to demonstrate the threat Step 2: Search for weaknesses A five-point strategy for secure remote access Penetration testing for Windows systems Know your wireless encryption options Microsoft Windows Network Security Are tougher NACs needed in your shop? Setting your Windows security assessment expectations, step by step Restricting user permissions in folders Windows XP folder permissions management NTFS permissions control: Who will watch the watcher? Top Windows server hardening tips of 2006 Safe and secure Windows logging practices Eliminate zero-day threats with virtual server technology Permitting Ping: ICMP Exceptions Stop unauthorized access Third Party and Shareware Windows Mobile security tips for the on-the-go pro Free security tools that can improve IIS security Security tools that can boost Windows mobile security Free security testing tools for Windows handheld devices Metasploit 3.1 updates improve Windows penetration testing Security tools that limit user logon in Windows How can I use Process Explorer as a Web security tool? New Windows security tool protects users from keyloggers: XecureCK Top Windows security testing tips of 2007 Sniffing out security problems in Windows networks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Security Descriptor Definition Language  (SearchWindowsSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary