2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	451/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 447 448 449 450 451 452 453 454 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Wireless Attacks
Wireless communication is a quickly expanding fi eld of technologies for networking,
connectivity, communication, and data exchange. Literally thousands of protocols, stan-
dards, and techniques can be labeled as wireless. These include cell phones, Bluetooth,
cordless phones, and wireless networking. As wireless technologies continue to prolifer-
ate, your organization’s security must go beyond locking down its local network. Security
should be an end-to-end solution that addresses all forms, methods, and techniques of
communication.

Wireless Networks
483
Wireless networking has become common on both corporate and home networks.
Properly managing wireless networking for reliable access as well as security isn’t always a
straightforward proposition. Even with wireless security present, wireless attacks can still
occur. There is an ever-increasing variety of attacks against networks, and many of these
work against both wired and wireless environments. A few focus on wireless networks
alone. This section examines various wireless security issues.
War Driving
War driving
is the act of using a detection tool to look for wireless networking signals.
Often, war driving refers to someone looking for wireless networks they aren’t authorized
to access. In a way, war driving is performing a site survey for possibly malicious or at least
unauthorized purposes. The name comes from the legacy attack concept of war dialing,
which was used to discover active computer modems by dialing all the numbers in a prefix
or an area code.
War driving can be performed with a dedicated handheld detector, with a
personal elec-
tronic device (PED) or mobile device
with Wi-Fi capabilities, or with a notebook that has a
wireless network card. It can be performed using native features of the OS or using special-
ized scanning and detecting tools.
Once a wireless network is detected, the next step is to determine whether the network
is open or closed. An open network has no technical limitations to what devices can con-
nect to it, whereas a closed network has technical limitations to prevent unauthorized con-
nections. If the network is closed, an attacker may try to guess or crack the technologies
preventing the connection. Often, the setting making a wireless network closed (or at least
hidden) is the disabling of service set identifier (SSID) broadcasting. This restriction is easily
overcome with a wireless SSID scanner. After this, the hacker determines whether encryp-
tion is being used, what type it is, and whether it can be compromised. From there, attack-
ers can grab dedicated cracking tools to attempt to break into the connection or attempt to
conduct man-in-the-middle attacks. The older and weaker your protections, the faster and
more successful such attacks are likely to be.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 447 448 449 450 451 452 453 454 ... 881