Jan 25 2011

The Wireless Penetration Testing Lingo

In a wireless penetration assessment, it is helpful to know the terms used by industry professionals:

802.11a, b, g and n  Standards used in wireless LANs.

Client-side attack  An attack against the devices that connect to the network, such as notebooks or mobile phones, rather than an attack against the network infrastructure.

DECT  Digital Enhanced Cordless Telecommunications is a digital communications standard used by cordless telephones.

HIDS  A host-based IDS monitors the behavior and state of a system to identify anomalous circumvention of security policies.

IDS/WIDS  Intrusion detection systems and wireless IDSes are appliances or programs that monitor for malicious activities and produce reports.

Infrastructure attack  An attack against the network itself — such as access points, switches and routers — exploiting the network configuration.

IPS  Intrusion prevention systems are security appliances that monitor for, identify, log, report and attempt to block malicious activity on a network.

PEAP  The Protected Extensible Authentication Protocol protects the EAP (commonly used as an authentication framework in wireless networks) with an encrypted and authenticated TLS tunnel.

RADIUS  Remote Authentication Dial-In User Service provides centralized authentication for computers connecting to a network.

Rogue access point  An AP added to a network without permission. Sometimes these are placed by attackers, but more commonly by users seeking convenience. They pose an extreme danger, as they are not configured by agency IT staff.

Sniffing  Intercepting traffic passing over a network. This traffic often contains information valuable to an attacker to strategize attacks against networks and systems.

TLS  Transport Layer Security is the successor of Secure Sockets Layer and encrypts segments of certain network connections.

USRP  Universal Software Radio Peripheral is a USB board for building software radios. With freely available schematics, USRPs are a low-cost way to create tools for attacking wireless networks.

WEP  Part of the original 1997 802.11 protocol, Wired Equivalent Privacy was intended to provide security, as the name suggests, comparable to a wired network. WEP is now considered deprecated and can be cracked with freely available software in a few minutes.

ZigBee  It’s becoming prevalent as a low-power consumption protocol for wireless control and monitoring of devices such as light switches and HVAC.