Penetration Testing mailing list archives
RE: Wireless Pent-Test
From: MJohnst5 () prdgb JNJ com
Date: Mon, 6 Oct 2003 18:00:56 +0200
Hey there, Here is link to all the wireless tools that you would ever want: http://neworder.box.sk/codebox.links.php?&key=wireless And have a read on security focus ... they have just posted the 2nd installment of creating a wireless security policy. Besides describing aspects relative to policy it should give you some ideas on better to secure your users wireless Lans. Of course WEP is not the most secure thing in the world, but used in conjunction with other security methods you could make life for a hacker difficult. Mark -----Original Message----- From: Cesar Diaz [mailto:cesadiz () yahoo com] Sent: 05 October 2003 02:16 To: pen-test () securityfocus com Subject: Wireless Pent-Test Remote users in my company have been begging for permission to use wireless NICs in their laptops for awhile now. When they are not on the road, most of them work from home and would like to be able to use their laptops anywhere in their house. Due to our industry and business requierements, we have to document every process and method used to access our data and prove that we've tested the security of our data.In order to let the users go wireless I have to show that I've tested the security on a wireless network. Our idea is to let the users buy wireless routers to connect to their cable/dsl routers and then wireless PCMCIA or USB cards on the laptop. We would implement 128 bit WEP security to prevent unauthorized access. I realize that WEP does not provide for stringent security, but we feel that by forcing users to change their WEP key regularly we can meet our requierements. My question is, how do I test WEP and document wether or not it's secure? Any way to sniff for WEP keys, or to brute force attack a WEP session? If there is, how hard is it to set up? How much of a risk of a wireless connection with WEP enabled to be comprimised other than a dedicated, brute force attack? Any information is greatly appreciated. Cesar --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- Re: Wireless Pent-Test, (continued)
- Re: Wireless Pent-Test Raistlin (Oct 07)
- Re: Wireless Pent-Test Cedric Blancher (Oct 08)
- Re: Wireless Pent-Test Raistlin (Oct 08)
- Re: Wireless Pent-Test n0g0013 (Oct 07)
- Re: Wireless Pent-Test goat (Oct 06)
- Re: Wireless Pent-Test Gregory Spath (Oct 06)