Anyone who is not already familiar with design patterns may, after a brief survey of the field, come away with the impression that design patterns are a lot of marketing hype, are just some simple coding techniques, or are the playthings of computer scientists who really should get out more. While each of these impressions carries a grain of truth, design patterns are an essential component of the professional C++ programmer’s toolkit.

A “design pattern” is a recurring architectural theme that provides a solution to a common design problem within a particular context and describes the consequences of this solution. A design pattern is more than a simple description of a technique; it’s a named capsule of design wisdom gleaned from successful existing practice, written in such a way that it can be easily communicated and reused. Patterns are about programmer to programmer communication.

From a practical perspective, design patterns have two important properties. First, they describe proven, successful design techniques that can be customized in a context-dependent way to new design situations. Second, and perhaps more important, mentioning the application of a particular pattern serves to document not only the technique that is applied but also the reasons for its application and the effect of having applied it.

Read the full story

Data Abstraction

A “type” is a set of operations, and an “abstract data type” is a set of operations with an implementation. When we identify objects in a problem domain, the first question we should ask about them is, “What can I do with this object?” not “How is this object implemented?” Therefore, if a natural description of a problem involves employees, contracts, and payroll records, then the programming language used to solve the problem should contain Employee, Contract, and PayrollRecord types. This allows an efficient, two-way translation between the problem domain and the solution domain, and software written this way has less “translation noise” and is simpler and more correct.

In a general-purpose programming language like C++, we don’t have application-specific types like Employee. Instead, we have something better: the language facilities to create sophisticated abstract data types. The purpose of an abstract data type is, essentially, to extend the programming language into a particular problem domain.

Read the full story

As mentioned, in the majority of cases an attacker does not have to do anything to get what he or she wants. The safe door is open and the goods are there to be taken. The Defcon 2002 wardriving contest showed that only 29.8 percent of 580 access points located by the contesters had WEP enabled. As much as 19.3 percent had default ESSID values, and (not surprisingly) 18.6 percent of discovered access points did not use WEP and had default ESSIDs. If you think that something has changed since then, you are mistaken. If there were any changes, these were the changes for the worse, because the Defcon 2003 wardrive demonstrated that only approximately 27 percent of networks in Las Vegas are protected by WEP. Because one of the teams employed a lateral approach and went to wardrive in Los Angeles instead, this number also includes some statistics for that city.

The Defcon wardrive observations were independently confirmed by one of the authors wardriving and walking around Las Vegas on his own.

Are things any better on the other side of the Atlantic? Not really. We speculated that only around 30 percent of access points in the United Kingdom would have WEP enabled. To validate this for research purpose, one of the authors embarked for a London Sightseeing Tour in the famous open-top red double-decker bus armed with a “debianized” laptop running Kismet, Cisco Aironet LMC350 card, and 12 dBi omnidirectional antenna. During the two-hour tour (exactly the time that laptop’s batteries lasted), 364 wireless networks were discovered, of which 118 had WEP enabled; 76 had default or company name and address ESSIDs. Even worse, some of the networks discovered had visible public IP addresses of wireless hosts that were pingable from the Internet side. If you are a wireless network administrator in central London and are reading this now, please take note. Of course, in the process of collecting this information, no traffic was logged to avoid any legal complications. The experiment was “pure” wardriving (or rather “warbusing”) at its best. Not surprisingly, warwalking in central London with a Sharp Zaurus SL-5500 PDA, D-Link DCF-650W CF 802.11b card (wonderful large antenna, never mind the blocked stylus slot), and Kismet demonstrated the same statistics. A similar level of 802.11 WLAN insecurity was revealed in Bristol, Birmingham, Plymouth, Canterbury, Swansea, and Cardiff.

Read the full story

The widespread area of 802.11 network coverage zones is one of the major reasons for rising security concerns and interest: An attacker can be positioned where no one expects him or her to be and stay well away from the network’s physical premises. Another reason is the widespread use of 802.11 networks themselves: By 2006 the number of shipped 802.11-enabled hardware devices is estimated to exceed 40 million units (Figure 1-2), even as the prices on these units keep falling. After 802.11g products hit the market, the price for many 802.11b client cards dropped to the cost level of 100BaseT Ethernet client cards. Of course there is a great speed disadvantage (5–7 Mbps on 802.11b vs. 100 Mbps on switched fast Ethernet), but not every network has high-speed requirements, and in many cases wireless deployment will be preferable. These cases include old houses in Europe protected as a part of the National Heritage. In such houses, drilling through obstacles to lay the cabling is prohibited by law. Another case is offices positioned on opposite sides of a busy street, highway, or office park. Finally, the last loop provider services via wireless are basically a replacement for the cable or xDSL link and 802.11b “pipe” is not likely to be a bottleneck in such cases, taking into account common xDSL or cable network bandwidth.

Figure 1.2. The growth of the 802.11 wireless market.

802.11 networks are everywhere, easy to find, and, as you will see in this book, often do not require any effort to associate with. Even if they are protected by WEP (which still remains the most common security countermeasure on 802.11 LANs), the vulnerabilities of WEP are very well publicized and known to practically anyone with a minimal interest in wireless networking. On the contrary, other wireless packet-switched networks are far from being that common and widespread, do not have well-known and “advertised” vulnerabilities, and often require obscure and expensive proprietary hardware to explore. At the same time, 802.11 crackers commonly run their own wireless LANs (WLANs) and use their equipment for both cracking and home and community networking.

Read the full story

Rather than concentrating on the basics of general information security or wireless networking, this introductory chapter focuses on something grossly overlooked by many “armchair experts”: The state of wireless security in the real world. Before getting down to it, though, there is a need to tell why we are so keen on the security of 802.11 standards-based wireless networks and not other packet-switched radio communications. Figure 1-1 presents an overview of wireless networks in the modern world, with 802.11 networks taking the medium circle.

Figure 1.1. An overview of modern wireless networks.

As shown, we tend to use the term 802.11 wireless network rather than 802.11 LAN. This particular technology dissolves the margin between local and wide area connectivity: 802.11b point-to-point links can reach beyond 50 miles in distance, efficiently becoming wireless wide area network (WAN) connections when used as a last mile data delivery solution by wireless Internet service providers (ISPs) or long-range links between offices. Thus, we consider specifying the use of 802.11 technology to be necessary: Local area networks (LANs) and WANs always had and will have different security requirements and approaches.