Reviewers for Backtrack 5 Wireless Penetration Testing Beginner's Guide
 

Hi,

We are coming up with a book "Backtrack 5 Wireless Penetration Testing Beginner's Guide". I am looking for people who can do the technical review for this book. If interested please get back to me. My e-mail address is [EMAIL REMOVED BY MODERATOR] (Eliminate the spaces before and after at).

Excuse me, but what exactly is the point of penetration testing a wireless network? You don't need to do pen testing on WEP to know it is not secure and you shouldn't use it. And if you do pen testing on a WEP network, the results won't tell you anything you didn't already know. Its exactly the same with any other encryption method. Really, the only "pen" testing needed on a wireless network is looking at the encryption used and the passphrase (if used), and if it isn't WPA2/EAP, you need to up it.


There, I just wrote your guide for you.

Not really - is there a DoS condition that can be implemented? Can someone install a base-station that emulates the same network and steals users 802.1x credentials? What version of EAP are you using - there are known attacks for some (specifically, LEAP is god-awful). Does the infrastructure allow users of a "guest" wireless network to invade "corporate" address space? Any information leakage?

Your "guide" isn't very thorough - not that I'm going to send a random person email over the network seeking info on a BackTrack version that isn't even released.

IMO, the OP is soliciting. He's promoting and asking for the security people here to review his work. I've no idea if the book is free or if he's making money from it (probably the latter). Additionally, he's not sharing it out for everyone to take a look and collaborate on the reviewing. IMO, this post isn't particularly cool. One-post-wonder material, too... Also, who is "we"?

For the average user here at LQ, Hangdog42's 'review' would be enough, IMO. Is the average user here at LQ cognizant of possible DoS conditions on his wired LAN??? Probably not....and if that's is indeed the case, the same would probably apply to his wireless segment. Anyone can install a wired router on a wired LAN also (we see it all the time at work)...a wireless base station would be similar.

Basically, none of what you state is real news. Sure, that doesn't make it any less important, but really, the review is about BackTrack and wireless penetration testing, which really has nothing to do with most of what you were hinting at, which is vulnerability assessment...they are different. They sometimes are linked but they are different.

Those are all valid concerns, but penetration testing doesn't address any of them (well, maybe the LEAP vulnerabilities). I guess what is at the heart of my beef with wireless penetration testing is that wireless attacks generally focus on cracking the underlying encryption algorithms. That means that you can't make some configuration changes to fix the problem, you have to stop using the algorithm all together. This is in stark contrast to something like a PHP web site, where it is very possible to mis-configure php.ini and leave yourself wide open to assault. In that case, pen testing might reveal the mistake prior to it being found by others.

I fully agree. I was looking to take this off the zero replies list and got a little carried away.

gauravm, the LQ Job Marketplace is probably the most appropriate place for seeking this kind of help.