Laboratory Exercises for Wireless Network Attacks and Defenses

ISBN 1-933510-99-4 / 2010 CISSE Abstract With the increase of information security programs and curricula, a number of laboratory experiments or exercises, laboratory-based courseware or courses have been developed for information security education. While most of the existing laboratory exercises/experiments focus on security issues in a wired network, this paper describes a series of laboratory exercises we’ve developed for demonstrating wireless network attacks and defenses using common open source tools. These laboratory exercises demonstrate the following concepts or methods: wardriving, eavesdropping, WEP key cracking/decryption, Man in the Middle, ARP cache poisoning, MAC spoofing and defense techniques of some of the attacks. The goal of these exercises is to help students learn through exploring, or playing with the real system. These laboratory exercises can be used in an introductory network security or computer networks class. Our classroom experiences of teaching these laboratory exercises are also reported in this paper. Our future work includes exploring more ways to conduct these laboratory exercises effectively, and design comprehensive laboratory exercises that require the students to combine various wireless network attack and defense techniques.