Average Reviews:
(More customer reviews)'Wi-Foo' is the wireless book the security community needs. The book mixes theory, tools, and techniques in a manner helpful to those on the offensive or defensive side of the wireless equation. After reading 'Wi-Foo,' I'm glad I didn't try to cover similar topics in my 'Tao of Network Security Monitoring' -- these authors have written the definitive wireless 'hacking' text.
Several aspects of 'Wi-Foo' make the book a winner. First, with the exception of crypto topics in chapters 11 and 12, they tend to defer to previously published works rather than rehash old topics. For example, rather than exhaustively explain 802.11i, they refer readers to 'Real 802.11 Security,' an excellent defense-oriented wireless book. 'Wi-Foo' also assumes readers are familiar with TCP/IP and system administration, leaving out potentially redundant material.
Second, the authors demonstrate the degree to which they are plugged in to the wireless hacking community. They discuss developments from security conventions like Def Con, and explain tools and techniques not yet released (at time of writing) from the 'underground.' The number of tools explained by 'Wi-Foo' well exceeds that found in other wireless books, and the authors clearly explain why they prefer certain tools and discard others. This 'use what works' mentality is pervasive and effective, and I was very glad to see BSD tools featured along with the usual Linux suspects. I was particularly impressed by ch 9, where readers learn what to do next after compromising a wireless network. Other books stop at 'cracking WEP,' for example. Ch 4 and 7 also give the best advice I've seen on different aspects of wireless hardware, on a chipset-comparison level.
Finally, the authors complement their advice on wireless vulnerability assessment and penetration testing with sound defensive strategies. Ch 13 explains how to combine FreeRADIUS, open1x, and OpenLDAP to make an open source wireless authentication system. NoCat is discussed as an alternative. I was very happy to see an entire chapter on wireless IDS, especially the layer-based requirements listing. This serves as a good guide when checking the capabilities of commercial wireless IDS products.
The only drawback I see to 'Wi-Foo' is the inclusion of two chapters on crypto (ch 11 and 12). I would have preferred the authors to refer readers elsewhere, perhaps to a book like 'Cryptography Decrypted' or a heavier tome by Schneier or the like. I also noticed slightly rough English in some places, but these did not bother me like other books I've reviewed.
Overall, 'Wi-Foo' is the best book available for wireless assessment teams, explaining tools in an exceptional manner and smashing myths behind which security administrators hide. (Think your wireless network doesn't produce enough packets for WEP to be cracked? Read ch 8.) I'm adding 'Wi-Foo' to my 'Weapons and Tactics' Listmania List, and I recommend readers add this surprise hit to their bookshelves.
Click Here to see more reviews about: Wi-Foo: The Secrets of Wireless Hacking
Get 32% OFF
Click here for more information about Wi-Foo: The Secrets of Wireless Hacking
0 comments:
Post a Comment