Rating: 
Summary: This is why I didn't cover wireless in my security book!
Review: 'Wi-Foo' is the wireless book the security community needs. The book mixes theory, tools, and techniques in a manner helpful to those on the offensive or defensive side of the wireless equation. After reading 'Wi-Foo,' I'm glad I didn't try to cover similar topics in my 'Tao of Network Security Monitoring' -- these authors have written the definitive wireless 'hacking' text.
Several aspects of 'Wi-Foo' make the book a winner. First, with the exception of crypto topics in chapters 11 and 12, they tend to defer to previously published works rather than rehash old topics. For example, rather than exhaustively explain 802.11i, they refer readers to 'Real 802.11 Security,' an excellent defense-oriented wireless book. 'Wi-Foo' also assumes readers are familiar with TCP/IP and system administration, leaving out potentially redundant material.
Second, the authors demonstrate the degree to which they are plugged in to the wireless hacking community. They discuss developments from security conventions like Def Con, and explain tools and techniques not yet released (at time of writing) from the 'underground.' The number of tools explained by 'Wi-Foo' well exceeds that found in other wireless books, and the authors clearly explain why they prefer certain tools and discard others. This 'use what works' mentality is pervasive and effective, and I was very glad to see BSD tools featured along with the usual Linux suspects. I was particularly impressed by ch 9, where readers learn what to do next after compromising a wireless network. Other books stop at 'cracking WEP,' for example. Ch 4 and 7 also give the best advice I've seen on different aspects of wireless hardware, on a chipset-comparison level.
Finally, the authors complement their advice on wireless vulnerability assessment and penetration testing with sound defensive strategies. Ch 13 explains how to combine FreeRADIUS, open1x, and OpenLDAP to make an open source wireless authentication system. NoCat is discussed as an alternative. I was very happy to see an entire chapter on wireless IDS, especially the layer-based requirements listing. This serves as a good guide when checking the capabilities of commercial wireless IDS products.
The only drawback I see to 'Wi-Foo' is the inclusion of two chapters on crypto (ch 11 and 12). I would have preferred the authors to refer readers elsewhere, perhaps to a book like 'Cryptography Decrypted' or a heavier tome by Schneier or the like. I also noticed slightly rough English in some places, but these did not bother me like other books I've reviewed.
Overall, 'Wi-Foo' is the best book available for wireless assessment teams, explaining tools in an exceptional manner and smashing myths behind which security administrators hide. (Think your wireless network doesn't produce enough packets for WEP to be cracked? Read ch 8.) I'm adding 'Wi-Foo' to my 'Weapons and Tactics' Listmania List, and I recommend readers add this surprise hit to their bookshelves.
Rating:
Summary: Everything you wanted to know, and then some
Review: Be scared when i tell you that as large as this book is, not one page is wasted. With the help of this book, i went from knowing very little about wireless security( and wireless networks in general), to knowing a lot. To top it off, i know i missed a great deal of information, and could probably read the book a second or third time... maybe then i would have gathered all of the material in it.
As a plus, if you are unclear about something in the book, the forum is a great place. I recieved some answers to my own problems on the forum. As well as some good tips as to which wireless cards i will pick up in the future.
Honestly, i've been through a lot of computer books, but none kept my attention better, or inspired me more than this one.
Rating: 
Summary: Great, but aims way too high on expertise scale
Review: Do you think there are too many wireless security books already? Let me tell you, you haven't read a wireless security book until you read `Wi-Foo'.
This book offers minimum coverage of the basics of wireless security and dives deep into advanced subjects (sometimes pushing my knowledge of wireless security to the wall). It lacks the typically redundant coverage of hardware and basic wireless technology. Also it doesn't get fixated on the tools (as some other volumes) and offers methodology and other sounds advise in addition to the tools. It also offers cryptography basics such as symmetric ciphers and key exchange protocols. It also covers many useful subjects around wireless security as the use of VPNs, central authentication fundamentals and design of the wireless intrusion detection systems. Appendices include signal single conversion tables and lists of wireless equipment other equipment as well as antenna radiation patterns.
Authors' writing style is pleasant and has some truly "British humor", which always makes the book more fun to read. The book slightly favors the attacking side over the defensive side, but still provides a lot of useful advice for those defending wireless networks. Another fun section is the one that covers what occurs after the attackers break for wireless security and get to the protected network.
The downside is that the authors often assume that just about every reader has the same level of expertise. I kind of know a thing or two about security, but a lot of stuff went over my head due to lack of background material. Thus, I suspect that only those knowledgeable in wireless security will benefit from the entire book, others will likely have places where the authors lost them.
If you deal with wireless security (attack or defense) - get it with no questions asked.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Security Strategist with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004) and a contributor to "Known Your Enemy II (AWL, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
Rating:
Summary: Definitive source on wireless security
Review: Even though it's highly technical and requires frequent interaction with the laptop to test out the utilities described by the authors, I got intrigued by it. It is very easy to read, although the information discussed is fairly advanced. The first half of the book largely looks at the network from the point of view of the attacker, while the second deals with defending the network.
If you do security consulting for living, the appendices are also quite nice, with checklists and interesting trivia on wireless security issues. I interviews the authors (...) about their affinity towards Linux/BSD systems in testing and managing networks, and they expressed strong preference for free and highly configurable tools instead of proprietary products (which are not necessarily bad).
Rating:
Summary: I normally do not review books but....
Review: I normally do not review books unless something unique catches my interest. This book is above unique.
What comes to mind first after reading the first couple of chapters is:
What a great book!!
I just picked it up last night and I'm already in love with it. I got this book because of the lack of information online about wireless security. Yeah, I found some stuff online but its scattered in different places or does not give a very descriptive answer to the questions I am looking for. This book answered all my questions so far and I am only at the beginning chapters!!! I cant imagine the amount of knowledge I will gain with all the chapters still left to read.
This book is a great mix between understanding how wireless security works and the tools and steps involved in penetrating/protecting your wireless network as well as explaining detailed information without going over my head. The time and effort put into this book is amazing and I strongly suggest picking it up. Wireless devices in the world are here to stay and if you want to get ahead of the game and learn the ins-and-outs of wireless security, this is not only the first step but the best step in the right direction.
I needed some type of "Wireless Security Bible" and I found that in this book. Another great feature I like about this book are the pages. Ill explain... other computer related books have weak, thin pages. I use a highlighter while I read. Most of the time the highlighter will bleed through the page to the other side. Wi-Foo has well made pages that are much better then the normal flimsy pages of other books. I can highlight words to my hearts desire and it doesn't bleed over to the backside page.
The seriousness of wireless security is no joke and anyone who does not have the knowledge provided in this book will find themselves in no laughing matter. The author strongly explains the seriousness of these issues along with a good since of humor tied to it. Which makes it fun to read.
What a great book!!
I find most of my information online sense its widely available and free. But with wireless security I found the information online to be dry or incomplete or just to highly-technical for me to follow. Searching for hours and hours just to find answers to some of the questions I had was overwhelming.
The people who put this book together are well known security experts and have many years of experience. I first heard about them at a Defcon security conference and have continuously seen there names popping up all over the place. So knowing this information is coming from people with extensive expertise and experience in this field makes it much more reliable to me then some of the information I found on the internet. Plus its all in one spot. I don't have to spend hours upon hours searching the internet to find information I am looking for.
There are so many other things that I love about this book so far and I cant wait to get home and read more of it. I found myself spending more then 7 hours straight last night reading this book and still did not want to put it down. (it was 5:00am and I had to go to bed)
What a great book!!
I just want to say Thank You to the authors and everyone else involved in making this book.
Best Book in Wireless Security... period
Mick
Detroit Michigan
check out:
http://www.michiganwireless.org/
Rating:
Summary: Protecting a wireless net
Review: In the post dot com era, one rare shining spot has been the explosive growth of 802.11 WiFi. Almost overnight, a grassroots movement has engendered widespread adoption. But almost as quickly has come the realisation that the very wireless nature of your network can expose you to far easier evesdropping than a traditional wired network, where an intruder might have to first gain physical access.This book goes into the details of how to detect and possibly enter a wireless net, and also how to prevent this. The text makes clear that these are two sides of the same coin. To do either well, you must also learn the complementary ability. All the key buzzwords are explained. Like warwalking, warcycling and wardriving. The authors even suggest their own variant - warclimbing. This is where you ascend a tall building, and use the altitude to help search widely for nets. Though if WiMax ever becomes popular, a lot of these war* ideas may be moot. Various open source tools are suggested for your work. Especially sniffers! To offer more protection, the book takes you into the latest encryption standards, like AES (aka. Rijndael), and how to deploy it. They don't discuss the underlying maths, so don't worry if your discrete maths background is a little rusty!
Rating:
Summary: WI-FOO The Secrets of Wireless Hacking
Review: The first couple of chapters are review of Wireless basics, which is good for people like me with no prior knowledge in this area. The book also covers (in detail) step-by-step methods of pre-planning, attacking/hacking, and what folks are going to go for after you have access.
The book was very well layed out. The only negative was the cryptography chapters, which were a little "dry" for me. But, most of this book was understandable. All in all, this was one of the best technical books I've read.
Rating:
Summary: Complete Coverage
Review: The first two chapters (20 pages) are introductory. The next two chapters (50 pages) serve as a tutorial on getting wireless cards, drivers, and utilities running on Linux. The next five chapters cover attacks and tools. Details of the attacks are covered in depth. In some cases discussions reference latter chapters where the protocols are discussed in depth. Each took is discussed enough to get the reader started. After that, discovering the details of the tools is left as an exercise to the reader.
The remaining 7 chapters cover defense (230 pages). The authors approach though-out these sections is to explain the details of the protocols while discussing defensive techniques. Two chapters on cryptography strive to strike a balance between explanations for crypto experts and explanations for those without much of a mathematical background. It will take some work to fully understand these chapters because of the detail. By the same measure, they will make a great reference for me.
At 34.99 less Amazon discount, this book is a bargain. It's easily a 50 or 60 dollar book when compared to others. I paid full price for mine at Border's, because I couldn't wait to get into it. For those who need a comprehensive understanding of 802.11a through 802.11i security, I can't think of anything better.
Rating:
Summary: Title: "Wi-Foo: The Secrets of Wireless Hacking"
Review: The scope of "Wi-Foo" is impressive; it sets out to address a very
broad range of specific topics within the field of wireless networking.
To my delight (and considerable surprise) it does an effective job of
giving relevant and useful information for each of the topics it covers.
I'd say that this book has quite suddenly become my #1 pick from a shelf
full of related wireless books.
As the title may suggest to some, this book focuses on security
issues pertaining to wireless networking. It gives equal time
to breaking the defenses of wireless networks, as well as defending
them. After all, a critical step in protecting your network's assets is
knowing how The Baddies intend to defeat your intrusion counter-measures.
Much has been said in other books about the ease of bypassing existing
wireless security, but this book is one of the few that gives an adequate
assessment of how to detect these types of attacks. Complimenting
its survey of common wireless attack tools, this book details the
detection of popular attack-tools by implementing wireless intrusion
detection sensors. Script-kiddish tools and attacks aside, other important
aspects of detection are addressed; a sensible approach to categorizing
suspicious events on WLANs is covered in the intrusion detection section.
Overall, a comprehensive plan for evaluating, testing, and defending
your WLAN is presented in this book. People who work in the network
security field will find themselves nodding their head to much of the
material presented in these sections. Newcomers to the field will learn
a well-rounded approach to accomplishing their security objectives.
Aside from its primary goal of educating readers about security, the
book provides a useful overview of prerequisite subjects. For example,
the different varieties of client card chip-sets are covered in detail,
with a special emphasis given to using them with Linux and *BSD
(this meshes nicely with the section on DIY wireless IDS sensors.)
This progresses nicely into examples of using your wireless equipment
to perform war-driving surveys. These examples are used as a means to
explain the way the protocols work. The book eventually progresses into
higher-level subjects like using LDAP and FreeRADIUS to authenticate
users. An introduction to cryptography is even covered, followed by a
round-up of VPN implementations. The scope of this book is very broad,
indeed, but manages to cover the material in such a way that newcomers
won't be overwhelmed.
This title does a great job of presenting a comprehensive tutorial,
while also acting as a useful reference for those already familiar with
the subject. The appendices are admirable, providing useful information
like antenna irradiation patterns, penetration testing templates, and
even default SSIDs for common 802.11 devices.
While some of this information may become outdated by the fast-moving
wireless field, the common sense principles given will ensure the
usefulness of this book for some time to come.
Rating: 
Summary: Not sure who this book is for
Review: This book has both high-end theory cryptography theory and practical hacking content for wireless networks. As such I found sections of the book somewhat interesting, and others totally impenetrable. Some sections had straightforward screenshot based walkthroughs, others required knowledge of calculus and circuit design.
I can't recommend this book to anyone directly. It's a book that has to be browsed for the content you need, and then the coverage of that content evaluated in person.
|
