I think you just did...

To be perfectly frank, if all you want to do is WiFi security (and you want to do it properly), you need a good grounding in network security first - after all, WiFi is just another method of transmitting data across a network. Looking at WiFi alone is like saying, "I want to be a mechanic, but I'm only going to be a mechanic that changes fan belts".

This is why you can't find work in the field - it's simply one aspect of modern networking, and isn't so specialised that individuals dedicated to solely that aspect of networking are required to perform it. Any competent admin should be able to implement, configure, and deploy a reasonably secure WiFi network with no more difficulty than would be required for a wired network.

In general, if you've got some form of signed contract or release stating that you expressly have the right to conduct a penetration or other test on a client's WiFi (or wired) network then you should be in the clear. In most countries, merely detecting the presence of a WiFi network is not a crime, but if you attempt to gain access to it without said permission then you're almost certainly into illegal waters.

I disagree there, I think there is a large enough market for WLAN Security Consultancy. Even if admin are aware of the rudimentary security methods, they usually haven't got onto rogue APs, static keys, etc. This survey is just an example.

Yeah, I was fishing for some discussion of what would be a good business plan to get going on this (however absurd it sounds). First things first, create a website offering my services, which currently are sweet f.a. as I don't even own a laptop. Yes, yes, very funny. Combine that with my Windoze dependance and I am looking like a right prick. But... say I did learn linux, and could afford a decent kit (GPS, the works) and had a presentable website which, at first glance, looked reputable and worthy of consultancy fees. Could I go wardriving and compile a list of networks and businesses which could be approached with my service? Combine that with a business partnership with CWNA/CWNP training companies that could possibly agree to "pass-on" fees? Would you say it had a chance?

And I do realise that although I have ideas for security systems design, I have no experience or investment capital. which is why further partnerships would be struck up with companies who could provide solutions.

Disagree all you want..but there is not a lot of market for WLAN ONLY security services. Very few businesses have ONLY WLANs. Therefore, if they are going to outsource security, they outsource it for their ENTIRE network. Most security services companies offer some form of WLAN security testing these days.


Where to start here...first, taking the results of a WarDrive to someone and saying "Hey look you have security problems" is about as effective as that asshat that knocks on your door or calls you on the phone every couple of months trying to sell you an alarm system for your house. Yep...you slam the door in his face or hang up on him. Moreover, in the world of Computer/Network security, many, if not most, companies will immediately accuse you of an attack on their systems.


Next, nothing..well maybe a couple of things but not many, makes me sicker than the "Let's turn WarDriving into a job" crowd. Be respectable.

Skroo is absolutely right in that WLANs are just another form of networking. Trust me, if you were to run a Nessus scan, without a pre-existing contract, on a companies external facing network and then take those results to them and try to sell them a "security audit" or "penetration test" they would kick your ass right off their premises...as well they should. This is no different.

There are no shortcuts in INFOSEC. If you want to be an INFOSEC professional and not a charlatan, then put the time in, learn about networks, operating systems and vulnerabilities. Don't latch on to security buzz word of the day and try to turn a quick buck. It makes you look bad and it gives those of us that HAVE bothered to actually build a reputation in this field a bad name.

Fair enough guys, you're both right. I'd better get my head into some reading and get in the rat race asap. Still gonna do the Linux thing and try and get some kind of audit capable equipment so that I can get some experience with it.

I'll google and do the white paper searches, but if you guys have any links or books you can recommend for a start in network security systems could you PM them to me plz.

If you're interested in my paper. It's not exactly complete, the examples aren't detailed enough and there isn't enough on edge controlled systems. I ran out on the word limit and havent picked it up since.

Cheers

Having worked in InfoSec most of my professional career (as an admin, a consultant, and currently as a dedicated in-house architect) I can tell you, the quickest way to end up unemployed is to pigeon-hole yourself into a niche market. Theres not a lot of work out there even for dedicated InfoSec folks, most of the time being 100% security focused will preclude you from jobs where they need a broader skill range. To pigeon-hole yourself even further by being a WIFI InfoSec guy will only hold you down.

As to the need, yup its there alright. You know it, I know it, everyone here knows it, but thats because we're security focused people. Security is expensive and most companies dont see it as an issue (I'm speaking from experience here, selling security as a consultant to big companies is a lot like selling vacuum cleaners door to door). Its not important wether we see it as an issue, its important that the suit-and-tie types see it as an issue, afterall they sign the checks and approve the work. With things that are security focused we tend to be several years ahead of those types with our concerns. I remember telling people in the late 90s to start looking at IDS, and companies are only just now starting to begin thinking about it. Heck, theres still companies out there that dont even have basic firewalls. So tout all the reports you want, you're just preaching to the choir here. The sad truth is, most of these companies will not implement WiFi security till they get hacked via their wireless LAN, and even then they might not do more than throw a couple bucks at the problem and say 'we're secure'.

As far as being dedicated to WiFi goes, you're much better off just working on becomming an InfoSec focused engineer. WiFi is only part of the total package. For example, where most hackers get in trouble is when they decide all they want to do is Pen Test. PenTesting makes up maybe 5% of my time, so if thats all I'm good at, I'm gonna make a pretty crappy security engineer regardless of how well I can root boxes. Same can be said for WiFi security, or secure architecure, or code auditing, etc. Its being able to do all of those things that make you an attractive security person. And its not just engineering, you have to learn the business side of it too. Lots of engineers get frustrated when trying to work with non-engineers on InfoSec related projects. This is mainly due to the perception and skill of the engineer vs. the perception and skill of the non-engineer. If you can have the engineering skills AND the skills to transcend that gap between engineering and everyone else, you will be a very balanced InfoSec person indeed.

So in conclusion, being over focused == bad. Being well rounded technicaly with a dash of business savvy == good.

At the moment I work for a wireless public hotspot company in Los Angeles. We do our own security and set up our own devices, we dont hire people just for security, because most people who do wireless stuff do all of it (set up @ secure it) so if your going wireless security ONLY, Take your advice from noid and skroo. What I've noticed in the job market so far is that big companies, hotels, coffee shops, all the places where wi-fi access would be usefull either:

A. Let there techies do it (large companies)
B. Hire guys like me to do it (public hotspots)

I don't think at the moment there a secular market for this field, yet I know nothing of what the UK is like... Get the Networking degree and go from there= your best bet.

i highly doubt you'd be able to do wireless security in the UK..but i have a suggestion..go into the BT Labs the shit they come up with is fucking amazing...i want to do it but im to lazy so im just going to be a sys admin or something crapola like that

UK, if you want a true test of your knowledge and skills, you'd be more than welcome to attend DC - If work allows this year, I will be there with a public wifi challenge, and first one to take root == $500.00 in cash, provided you let me watch you do it again and/or you supply code/methods to get past what I've constructed. It'll be a public challenge that'll go for any who need the $$ to make it through DC and have the skills to take the box. My skills with wifi aren't perfect, but I think it'll be a fun time for all ages.

Qu|rk-

Qu|rk,

I seriously wouldn't know where to start with it. I know about some of the hack tools but I am no hacker. I'm still trying to get to grips with Linux. The reason I asked the initial question was to see if there were other professionals using tools for consultancy and what methods there were for this type of work. Its evident that security in this area is not a major worry for the majority of business network managers, basically because they aren't even aware of it and don't like to be made aware of by you showing them that its hackable.

UK

Chris, Noid, and Skroo have pretty much covered this one, so I'm going to try to comment on the quote above. Rules and regulations or not, as admin on a decent sized network I've seen many crazy things that are grey area, and have acted upon. Previous events are a good indicator of future ones, and if there is any reason whatsoever to believe that someone is toying with the network, I do recon on the one probing the shit out of the network in question should something bad happen(hasn't thus far, thankfully). If you were a sysadmin, and I was outside your building, be it at a wifi ap or an x-box, tampering with your PBX or other just to see if its secure, before approaching you with my results and asking you if you wanted the holes patched...

A) would you trust me to actually work on said network?
B) or view me as an intruder?
C) would it make you more paranoid than most sysadmin are?
D) would you get law enforcement involved?

my guesses to this for most would be...
A) no
B) yes
C) yes
D) yes, pending on what was found, and how dangerous it could be - unless C) was super paranoid, then D) would be yes by default

my 2 cents,
Quirk-

Yeah, all you guys have got good things to say.

If the consultancy of network security was to go ahead it would need a stabilised and well respected front, such as a large business network provider, who may employ you as an extra part of their service; network security audit. And so you need to really be a total security guru.