Spy guys

Computerworld - Maybe I’m a little old for it, but I do enjoy the change of pace a big wireless security penetration project provides.  Once or twice a year, I get to put down my thrill-a-minute governance frameworks, quit rockin’ out policy advice, and make like the black hats for a week or two. 

There are a few differences between this sort of project and the usual network security assessment.  It also prompts a lot of questions from clients, peers and curious IT staff, most likely because it looks like a lot of fun.  For the most part, it is. 

It goes like this: Instead of heading to Hertz when I hit the ground in a client's city, I hitch a ride over to Penske or a local truck rental outfit and pick up a large plain white van or a midsize box truck for my team.  I'm partial to fiberglass-sided box trucks because they are relatively transparent to radio signals.  This means no external antennas or tell-tale wires trailing out of the cab or back door.

Then we strike out for Goodwill or the local thrift store.  I'm on the frugal side, but I don't fancy sitting cross-legged in the back of a truck for a week. I buy a couple of desks and enough chairs for the consultants that’ll be joining us for the exercise, and set them up in the back of the truck. A few twenties will take care of it.  If we're in droll mood and a bit lucky, a couple of disassembled cubicles will fit the bill.

A hefty power inverter (400 or 800 watts) and a couple of power strips heat up the mobile office.  A pass-through door from the cab to the truck box is handy for plugging in a commodity-sized inverter, but a larger one will have to be wired directly to the truck batteries. I will admit to bringing a couple of low-wattage 120 volt LED bulbs to brighten things up with a thrift store granny lamp, and I once bought a really nice rug.  However I've refrained from toting along a too many creature comforts that might overwhelm the truck battery, and I've never brought out a blender for margaritas.  No, sir.

The wireless tools are predictable; laptops with specialized wireless cards, ominous-looking antennas, and a decent magnetic GPS to stick on the roof.  When choosing a wireless PCMCIA card or a replacement MiniPCI card for one's laptop, sensitivity is as important as output power.

Generally one large omnidirectional antenna and one serious directional antenna will do the trick for 2.4-GHz work (802.11b or .11g), but more may be necessary for alternate frequencies (5GHz for 802.11a) or more aggressive attacks.  While some favor the Yagi-style directional antenna for their impressive ray-gun or phallic appearance, I'm a fan of equivalent high-gain flat panels (PDF format) for sheer portability and practicality.