Ten Tips for Following Up - The Part of Tens - Hacking Wireless Networks (2015)

Hacking Wireless Networks (2015)

Part IV

The Part of Tens

Chapter 18

Ten Tips for Following Up

after Your Testing

In This Chapter

ᮣ Pulling everything together

ᮣ Generating the final report

ᮣ Retesting for vulnerabilities

ᮣ Getting sign-off

ᮣ Plugging the security holes

ᮣ Taking notes for future reference

ᮣ Ongoing testing and monitoring

ᮣ Learning more about your testing tools

ᮣ Keeping up with 802.11 technology

After you complete your wireless ethical-hacking tests, the work’s not done. The vulnerabilities you’ve found are only a current snapshot of what’s taking place, so time is of the essence. It’s important to keep up your momentum and follow through to make sure you maximize the return on your efforts. By performing the steps in this chapter, you’ll have a more secure wireless network — not only now, but also in the future.

Organize and Prioritize Your Results

During your ethical-hacking tests, you’ve likely amassed a large amount of vulnerability information and test data from your hacking tools. It’s critical to comb through this information and organize your vulnerabilities into a readable and manageable format. The idea is to create a good roadmap for addressing these issues, both now and later.

26_597302_ch18.qxd 8/4/05 7:27 PM Page 322

322 Part IV: The Part of Tens

Break your vulnerabilities down into groups similar to the breakdown of the various chapters of this book, such as default-settings weaknesses, wireless-client issues, encryption problems, and so on. Next, prioritize your vulnerabilities overall or within each category. You can use a rating system such as 1

for High (Must Address Now), 2 for Medium (Need to Address Soon), and 3

for Low (Should Address in the Future When Time/Resources Permit).

As you rate the problems, focus on both the likelihood that a vulnerability will be exploited and the impact to your organization if it is exploited. For example, WEP key-rotation or LEAP-authentication vulnerabilities would likely be a lower priority compared to radio signals leaking outside the building — or certain systems not running WEP encryption at all.

Prepare a Professional Report

The big deliverable for your project sponsor is your final report — outlining the wireless network security vulnerabilities you found, along with specific recommendations for fixing those problems. It’s the final product that you and/or others will rely upon as you make security decisions in the future.

Because various people — including company bigwigs — may have access to this report, make it look professional. This is important not just for the sake of readability — it also plays a role in whether you’ll be asked to do this type of work for your project sponsor again in the future. Charts, tables, and other easy-to-refer-to forms of graphical data are especially nice. Just don’t focus too much on style over substance.

Retest If Necessary

As you pull your test results together, you may discover some interesting or unexpected results that you may need to look into further. In addition, you may realize that you’ve overlooked a system and need to go back and retest.

Don’t fret — that’s okay. Simply retest the systems and either integrate your new results with your existing data or add an addendum to your report that outlines your latest findings.

Obtain Sign-Off

It’s important to get sign-off from your project sponsor: a written statement from the sponsor to acknowledge that your work is complete. If you’ll be obtaining your boss’s sign-off, doing so can be as informal as an e-mail (or even her signature on the cover page of the final report). Written acknowledgement is especially important for independent consultants: It helps you 26_597302_ch18.qxd 8/4/05 7:27 PM Page 323

Chapter 18: Ten Tips for Following Up after Your Testing 323

get paid for all your efforts! The bottom line is that you must be sure your sponsor agrees the work is complete — and is willing to say so in writing.

Plug the Holes You Find

This is a no-brainer. The whole reason you’re performing ethical-hacking tests against your wireless systems is to make them more secure. Make sure that you or the responsible parties follow up and actually address the vulnerabilities you’ve found — especially the high- and medium-priority items.

Document the Lessons Learned

One eternal principle of network security that we’ve discovered over the years is that you have to learn from past experiences — and pass it on. The best way to do so is to document the information your testing has uncovered.

Don’t just report — recommend. If you make mistakes during your testing, discover a better practice than the one you normally use; if you simply want to make notes that’ll streamline your ethical-hacking efforts in the future, then document it all — the methods, the specific tools used, the problems uncovered, the remedies. Simply pull out pen and paper or fire up your favorite word processor and create a document. Make sure you keep a hard copy and update periodically. You can document as soon as you discover something new or after your testing is completed — whatever works best for you. This information will be invaluable; time spent documenting the work makes the work more effective.

Repeat Your Tests

One of the downsides to ethical hacking is that all the tests you perform provide only a snapshot in time of your wireless network vulnerabilities. Changes in the system over time produce new vulnerabilities, and new threats are always emerging. If you truly want to keep your systems solid and secure into the future, you’ve got to repeat the tests we’ve outlined in this book over and over again. How often? Well, there is no one best schedule since everyone’s needs are different. You may find that monthly, quarterly, bi-annual, or annual tests are best. If in doubt, err on the side of caution and test as often as time, money, and manpower permit.

26_597302_ch18.qxd 8/4/05 7:27 PM Page 324

324 Part IV: The Part of Tens

Monitor Your Airwaves

Another part of your ongoing efforts should include the periodic monitoring of your airwaves for any changes. Look for additional wireless clients that have joined your network, network traffic, protocol utilization, and evidence of other wireless systems in close proximity to yours. A basic software tool such as Network Stumbler will work for small wireless networks, but for larger deployments, it would behoove you to use something more scalable and manageable such as a wireless-network analyzer or even a wireless and intrusion detection or prevention system.

Practice Using Your Wireless Tools

Throughout this book, we’ve covered an array of wireless-security testing tools. Many of these tools are complex and can take years to master. Well, why not start the mastery process now? Get your hands dirty by using your tools on an ongoing basis. Familiarize yourself with their functionality, especially those features that you’ve never used. This is especially important for a tool such as a wireless network analyzer. You might just find something that’ll be of benefit when your formal testing time comes around. This learn-by-doing approach can be more help to your becoming an expert ethical hacker than anything else.

Keep Up with Wireless Security Issues

For the true pro, school is never really out. As with any worthy technology, 802.11 wireless-security issues are always popping up. The best way to stay unsurprised by them is to stay tuned in to your own favorite wireless-security resources (our favorites are the security resources we outline in this book’s Appendix A). Knowledge is power, so make a point to keep up with what’s going on in the wireless world.

27_597302_pt05.qxd 8/4/05 7:07 PM Page 325