In: Categories » Electronics and communication » Network security » PDAs Versus Laptops
|
The first question that beginners ask before assembling their kit is whether a laptop or a PDA should be used for wireless penetration testing of any kind. Our answer is to use both if you can. The main advantage of PDAs (apart from size) is decreased power consumption, letting you cover a significant territory while surveying the site. The main disadvantage is the limited resources, primarily nonvolatile memory. The CPU horsepower is not that important here as we are not cracking AES. Other disadvantages are the limited amount of security tools available in packages and lack of Compact Flash (CF) 802.11 cards with standard external antenna connectors (we have yet to see one). However, Secure Digital (SD) and CF memory cards are getting larger and cheaper, external connectors can be soldered to the cards, and both Linux and BSD can be successfully installed on major PDA brands. In addition, CF-to-PCMCIA adapters or PCMCIA cradles can be used to employ your favorite PCMCIA card with an MMCX connector. PCMCIA cradles for iPAQs supporting two client cards and an auxiliary built-in battery to compensate for the additional power consumption by the cards are simply great. When we talk about the use of PDAs in wireless penetration testing, we mainly mean Compaq's iPAQs and Sharp Zaurus. Wireless sniffers for other PDAs do exist; for example, the Airscanner Mobile Sniffer (Windows CE; free for personal use, downloaded from http://airscanner.com/downloads/sniffer/amsniffer.exe), and PocketWarrior (Windows CE; GPL, home page at http://pocketwarrior.sourceforge.net/). However, if you want more than just network discovery and packet capture, you will need a UNIX-enabled PDA with a collection of specific tools. Sharp Zaurus comes with the Embeddix Linux preinstalled, with the main install-it-yourself alternative being OpenZaurus based on the Debian Linux distribution. Although iPAQs come with Windows CE by default, Linux distributions like Intimate, Familiar and OpenZaurus can be installed on iPAQs by anyone willing to experiment with open source security tools on a StrongARM platform. In fact, you can buy an iPAQ with Familiar Linux preinstalled from http://www.xtops.de. The common GUI for these distributions offered by Xtops is Open Palmtop Integrated Environment (OPIE). OPIE is similar to Trolltech's Qtopia used by the Embeddix distro on Zaurus. Another Linux PDA GUI alternative is the GPE Palmtop Environment, based on a GTK+ toolkit and running over an X server. Unfortunately, the peculiarities of installing Linux on iPAQs go beyond the purpose of this article. The best place to look for how-to information and help on this topic is http://www.handhelds.org/. Of note, IBM has produced an experimental 802.11 security testing software for iPAQs running Linux. More about this software suite can be found at http://www.research.ibm.com/gsal/wsa/. Another possibility is running NetBSD to use the brilliant BSD-airtools suite and Wnet (if ported from OpenBSD 3.2). This requires more effort and knowledge than installing Intimate or Familiar, but isn't the pursuit of knowledge what hacking is really about? To find out more about installing BSD on your beloved PDA, check out the NetBSD mail list at http://handhelds.org/hypermail/netbsd/. If you decide to remain on the Windows CE side, the best idea is to get a copy of AirMagnet, Sniffer Wireless PDA version, or PDAlert. Neither solution is cheap, but that is to be expected from proprietary software. Although a PDA running Linux or BSD can be turned into a very powerful wireless security auditing tool, the inconvenience of using a small keyboard allied to the price of the full kit (additional nonvolatile memory, PCMCIA cradle/CF 802.11 card, PDA-specific GPS device) and the time-consuming Linux/BSD installation (if not preinstalled) means that all but the most determined should stay away from PDA-only wireless security auditing. An additional issue is finding the 802.11a and now, 802.11g cards for PDAs, which are nearly nonexistent. However, there are YellowJacket and YellowJacket Plus suites for iPAQs designed for evaluating 802.11a WLANs and available from Berkeley Varitronics Systems (http://www.bvsystems.com/). Generally, Berkeley Varitronics produces a large variety of brilliant wireless site survey tools for a selection of protocols, although they come at a hefty price. We have found a compromise in the "PDA vs. laptop" question: Use the PDA running a tool like Kismet or Wellenreiter and some signal strength monitoring software (e.g., wavemon or Wireless Monitor) for site surveys and rogue access point (or even user) discovery and the laptop loaded with the necessary tools for heavy-duty penetration testing. As for which laptop to choose, just be sure your pick, as long as it can run Linux or BSD, has two PCMCIA slots and as much battery life as possible.
 |
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
The next point in our security policy checklist is network positioning and separation. If there is a single access point or wireless bridge on the network, its deployment is straightforward: Plug the IP address into the WAN interface of an appropriately configured firewalling device. Such a device can be a sophisticated commercial wireless gateway, a configured common OS-based firewall, or even a SOHO firewall such as Cisco PIX 501 or Nokia SonicWall. However, if multiple access points are deployed and users are allowed to roam ...
2. RADIUS
This section takes a few steps to describe the basic principles of the AAA methodology, which is considered to be the fundamental structure behind the Remote Authentication Dial-In User Service (RADIUS). Additionally we briefly identify the functionality and principles of the RADIUS protocol. In the middle of the section we go through the steps required to install, configure, maintain, and monitor your RADIUS services. We conclude with practical implementations of the RADIUS protocol in relation to user authentication on wirele...
3. Cryptographic Hash Functions
Can symmetric cryptography meet the requirements of the Biba model, based on the data integrity checks and proper authentication? The answer is "yes," but in a very inefficient way. Recall the practical authentication example with the UNIX (well, Linux in our case) password encryption flaw when DES in ECB is used. Of course, any of the feedback modes or 128-bit block ciphers can be used instead of DES, with the obvious performance penalties. However, in our example, MD5 scales very well. A cryptographic hash function i...
4. 802.11i Wireless Security Standard and WPA
Thus, the main hope of the international 802.11 community and network administrators lies with the 802.11i standard development. Sometimes 802.11i is referred to as the Robust Security Network (RSN) as compared to traditional security network (TSN). The "i" IEEE task group was supposed to produce a new wireless security standard that should have completely replaced legacy WEP by the end of 2003. In the meantime, some bits and pieces of the incoming 802.11i standard have been implemented by wireless equipment and software vendor...
5. Proprietary Improvements to WEP and WEP Usage
The article devoted to the proprietary and standards-based improvements for currently vulnerable 802.11 safeguards. The most publicized 802.11 vulnerability is the insecurity of WEP. We have already reviewed the cryptographic weaknesses of WEP linked to the key IV space reuse and insecure key-from-string generation algorithm. There are also well-known WEP key management issues: All symmetric cipher implementations suffer secure key distribution problems. WEP is no exception. In the original design,...
6. Penetration Testing as Your First Line of Defense
It is hard to overemphasize the importance of penetration testing in the overall information security structure and the value of viewing your network through the cracker's eyes prior to further hardening procedures. There are a variety of issues specific to penetration testing on wireless networks. First of all, the penetration tester should be very familiar with RF theory and specific RF security problems (i.e., signal leak and detectability, legal regulations pertaining to the transmitter power output, and characteris...
7. Asymmetric Cryptography
Message authentication using HMACs works just fine, but how do we distribute symmetric cipher keys among the users? We can pass them around on floppies or fancy USB pen-drives with encrypted partitions on them, but what if many users live all over the world? What if the physical key distribution method takes time and the keys must be frequently changed? This is the case with the traditional WEP, which should be rotated every few minutes. Key-encrypting keys (KEKs) were offered as symmetric cipher keys used only to encrypt...