How would you go about testing Wireless Security?

#1 (**permalink**) 04-26-2008, 04:41 PM

I was thinking of, not becoming a Cracker exactly, but of testing WiFi
durability with a laptop I have.

I can reinvent the wheel but I'd hope some pointers might get me to
thinking about something as yet not though of.

TBerk

#2 (**permalink**) 04-26-2008, 06:52 PM

On Sat, 26 Apr 2008 09:41:40 -0700 (PDT), TBerk
<bayareaberk@yahoo.com> wrote:

>I was thinking of, not becoming a Cracker exactly, but of testing WiFi
>durability with a laptop I have.
>
>I can reinvent the wheel but I'd hope some pointers might get me to
>thinking about something as yet not though of.

Ummm... if you asked a medical doctor the same question, "how does one
test to see if I'm in good health", you'll probably get the same dazed
look that I'm experiencing. It's very difficult to build a security
tool that checks the intergrity your unspecified operating system, all
the applications installed, all the utilities that you added, viruses,
worms, trojans, backdoors, key loggers, spyware, personal firewall,
data leakage, and wireless. You have to have some clue as to what
you're looking for. Each vulnerability has it's own tools. Virus
scanner for viruses. Spyware scanner for spyware. There are also
attempts at universal tools, such as Nessus scanner. Unfortunately,
the Windoze client version (NessusWX) has been discontinued. Search
Google for "vulnerability scanner".

However, for wireless, it's easy. If you're using WPA or WPA2
encryption, with a fairly long pass phrase, you're almost as good as
it gets. If you're using a RADIUS server for authentication, which
distributes unique WPA keys, even better. If you're at a coffee shop,
on an unencrypted wireless connection, and you're *NOT* using a VPN or
SSL tunnel, then you're subject to sniffing and not at all secure.
Extra credit for having a firewall running on your unspecified
operating system, but that doesn't prevent sniffing.

With wireless, it's really about how you use the wireless, than
whether it's "durable", "secure", or whatever. You can have a
perfectly secured wireless laptop, but if used improperly on an
insecure wireless connection, you're in trouble.

<http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security>

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

#3 (**permalink**) 04-30-2008, 05:00 AM

On Apr 26, 11:52 am, Jeff Liebermann <je...@cruzio.com> wrote:
> On Sat, 26 Apr 2008 09:41:40 -0700 (PDT),TBerk
>
<Snip>
> However, for wireless, it's easy. If you're using WPA or WPA2
> encryption, with a fairly long pass phrase, you're almost as good as
> it gets. If you're using a RADIUS server for authentication, which
> distributes unique WPA keys, even better. If you're at a coffee shop,
> on an unencrypted wireless connection, and you're *NOT* using a VPN or
> SSL tunnel, then you're subject to sniffing and not at all secure.
> Extra credit for having a firewall running on your unspecified
> operating system, but that doesn't prevent sniffing.
>
> With wireless, it's really about how you use the wireless, than
> whether it's "durable", "secure", or whatever. You can have a
> perfectly secured wireless laptop, but if used improperly on an
> insecure wireless connection, you're in trouble.
>
> <http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security>
> Jeff Liebermann

OK, Thx Jeff.

That 1st part had me feeling "oho, its a scolding I'm in for..." but
something came from your post.

TBerk