Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company’s live modem pool. Which of the following activities is MOST appropriate?
A. War dialing
B. War chalking
C. War driving
Correct Answer: A
Section: Threats and Vulnerabilities
War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin
board systems and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers – malicious hackers who specialize in computer security
– for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by
security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company’s telephone network.
B: War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection,
usually offering an Internet connection so that others can benefit from the free wireless access. The open connections typically come from the access points of wireless networks
located within buildings to serve enterprises. The chalk symbols indicate the type of access point that is available at that specific spot. War chalking is not used to test the security
controls of modems.
C: War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To
do war driving, you need a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be
mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the
network, obtain a free Internet connection, and possibly gain access to company records and other resources. War driving is not used to test the security controls of modems.
D: Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging
data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile
phone, an attacker can access information — such as the user’s calendar, contact list and e-mail and text messages — without leaving any evidence of the attack. Other devices that
use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some
devices, but others are vulnerable as long as Bluetooth is enabled. Bluesnarfing is not used to test the security controls of modems.