802.11 Security

Larger Cover

802.11 Security

By Bruce Potter, Bob Fleck

Publisher: O'Reilly Media

Released: December 2002

Pages: 192

Mention wireless networks, and the question of security will soon follow. It's not surprising that in spite of compelling business arguments for going wireless, many companies are holding back because of security concerns. But, while it's true that wireless networks create security issues that don't exist in wired networks, the issues are not insurmountable. 802.11 Security shows how you can plan for and successfully contend with security obstacles in your wireless deployment. This authoritative book not only explains the security issues, but shows you how to design and build a your own secure wireless network.

802.11 Security covers the entire process of building secure 802.11-based wireless networks, in particular, the 802.11b ("Wi-Fi") specification. The authors provide detailed coverage of security issues unique to wireless networking, such as Wireless Access Points (WAP), bandwidth stealing, and the problematic Wired Equivalent Privacy component of 802.11. You'll learn how to configure a wireless client and to set up a WAP using either Linux or Free BSD. You'll also find thorough information on controlling network access and encrypting client traffic.

Beginning with an introduction to 802.11b in general, the book gives you a broad basis in theory and practice of wireless security, dispelling some of the myths along the way. In doing so, they provide you with the technical grounding required to think about how the rest of the book applies to your specific needs and situations. Next, the book details the technical setup instructions needed for both the Linux and FreeBSD operating systems.Some of the topics covered include:

Station Security for Linux, FreeBSD, Open BSD, Mac OS X and Windows
Setting Up Access Point Security
Gateway Security, including building Gateways, firewall Rules, Auditing, etc.
Authentication and Encryption
FreeBSD IPsec client and gateway configuration
Linux IPsec client and gateway configuration
802.1x authentication

802.11 Security is a book whose time has come. If you are a network, security, or systems engineer, or anyone interested in deploying 802.11b-based systems, you'll want this book beside you every step of the way.

802.11 Security Basics
1. Chapter 1 A Wireless World
  1. What Is Wireless?
  2. Radio Transmission
  3. Inherent Insecurity
  4. 802.11
  5. Structure of 802.11 MAC
  6. WEP
  7. Problems with WEP
  8. Is It Hopeless?
2. Chapter 2 Attacks and Risks
  1. An Example Network
  2. Denial-of-Service Attacks
  3. Man-in-the-Middle Attacks
  4. Illicit Use
  5. Wireless Risks
  6. Knowing Is Half the Battle
Station Security
1. Chapter 3 Station Security
  1. Client Security Goals
  2. Audit Logging
  3. Security Updates
2. Chapter 4 FreeBSD Station Security
  1. FreeBSD Client Setup
3. Chapter 5 Linux Station Security
  1. Linux Client Setup
  2. Kernel Configuration
  3. OS Protection
  4. Audit Logging
  5. Secure Communication
4. Chapter 6 OpenBSD Station Security
  1. OpenBSD Client Setup
  2. Kernel Configuration
  3. OS Protection
  4. Audit Logging
5. Chapter 7 Mac OS X Station Security
  1. Mac OS X Setup
  2. OS Protection
  3. Audit Logging
6. Chapter 8 Windows Station Security
  1. Windows Client Setup
  2. OS Protection
  3. Audit Logging
  4. Secure Communication
Access Point Security
1. Chapter 9 Setting Up an Access Point
  1. General Access Point Security
  2. Setting Up a Linux Access Point
  3. Setting Up a FreeBSD Access Point
  4. Setting Up an OpenBSD Access Point
  5. Taking It to the Gateway
Gateway Security
1. Chapter 10 Gateway Security
  1. Gateway Architecture
  2. Secure Installation
  3. Firewall Rule Creation
  4. Audit Logging
2. Chapter 11 Building a Linux Gateway
  1. Laying Out the Network
  2. Building the Gateway
  3. Configuring Network Interfaces
  4. Building the Firewall Rules
  5. MAC Address Filtering
  6. DHCP
  7. DNS
  8. Static ARP
  9. Audit Logging
  10. Wrapping Up
3. Chapter 12 Building a FreeBSD Gateway
  1. Building the Gateway
  2. Building the Firewall Rules
  3. Rate Limiting
  4. DHCP
  5. DNS
  6. Static ARP
  7. Auditing
4. Chapter 13 Building an OpenBSD Gateway
  1. Building the Gateway
  2. Building the Firewall Rules
  3. Rate Limiting
  4. DHCP
  5. DNS
  6. Static ARP
  7. Auditing
5. Chapter 14 Authentication and Encryption
  1. Portals
  2. IPsec VPN
  3. 802.1x
6. Chapter 15 Putting It All Together
  1. Pieces of a Coherent System
  2. User Knowledge
  3. Looking Ahead

Colophon

Title:

802.11 Security

By:

Bruce Potter, Bob Fleck

Publisher:

O'Reilly Media

Formats:

Print
Safari Books Online

Print:

December 2002

Pages:

192

Print ISBN:

978-0-596-00290-9

| ISBN 10:

0-596-00290-4

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of 802.11 Security is an Indian ringnecked parakeet. Indian ringnecked parakeets are native to northern Africa and India, but are kept as pets all over the world. They get their name from the distinct black ring that males developupon reaching maturity.

Though Indian ringnecked parakeets are usually green, breeders have been able to produce blue, yellow, and albino mutations. Their beaks are dark coral on top and black underneath. The birds can reach between 16 and 20 inches from the top of their heads to the tips of their long tails.

These parakeets are very playful and require a lot of attention when kept in captivity. They can learn to talk and are talented whistlers. When treated well and kept active, they can live up to 30 years. Darren Kelly was the production editor, Maureen Dempsey was the copyeditor, and Jan Fehler was the proofreader for 802.11 Security. Nancy Crumpton provided production services and wrote the index. Linley Dolby and Claire Cloutier provided quality control.

Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.

David Futato designed the interior layout. This book was converted to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is Lucas-Font's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia FreeHand 9 and Adobe Photoshop 6. The tip and warning icons were drawn by Christopher Bing. Linley Dolby wrote the colophon.

Description

Table of Contents

Product Details

About the Author

Colophon

Recommended for You

Recently Viewed

Mastering Regular Expressions, 2nd Edition

By Jeffrey E.F. Friedl

July 2002

Java NIO

By Ron Hitchens

August 2002

Ebook: $31.99

Print & Ebook: $43.99

Print: $39.99

Free as in Freedom [Paperback]

Richard Stallman's Crusade for Free Software

By Sam Williams

March 2002

Ebook: $17.99

Print & Ebook: $25.25

Print: $22.95

Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews

oreilly 802.11 Security

2.5

(based on 2 reviews)

Reviews

Reviewed by 2 customers

Sort by

Displaying reviews 1-2

1/3/2004

2.0

802.11 Security Review

By Fox

from Undisclosed

Comments about oreilly 802.11 Security:

Let me start by saying that the book offers several good ideas on security wireless networks and explaining the lower levels of the wifi protocols. Then the disussion bleeds into configuring several different OSes to use WEP and wireless networks. Then security comes. The several OSes that are demonstrated are similar in their configuration. However, many of the methods are non-trivial for those not technically minded.

Furthermore, the book becomes very repeditive explaining the same security measures over and over again.

Chapter 14, which covers higher level encryption, should have gone IN DEPTH with solutions such as IPsec and SSL. Further discussion of SSH tunnels in this chapter would have been welcome as well. Unfortunatly, this chapter comes AFTER examples of setting up network gateways where you would want to incorperate such protocols.

I can not say I would reccommend this book to any other competent system administrator. Had it gone in-depth with high level encryption schemes and deployment examples I would have considered it very valuable.

1/28/2003

3.0

802.11 Security Review

By Marc Orchant

from Undisclosed

Comments about oreilly 802.11 Security:

I must admit to being somewhat disappointed with his book. In the interest of full disclosure, let me say right up front that I work for a Windows-focused software company that produces a line of Secure Shell (SSH) tools. With that out in the open, my two biggest disappointments are the lack of practical steps Windows users can take to secure a wirelss LAN and their own workstations and the factually incorrect and far too brief discussion of higher level security mechanisms (SSH and SSL) that can be used to secure WiFi traffic.

On the Windows front, the authors fail to provide any substantial documentation (a few screen shots might have been nice) showing how to enable and use WEP (which they correctly recommend in spite of its flaws). The entire section devoted to securing a Windows workstation is only three pages long! I know that general topic O'Reilly titles favor the *NIX world but this is really an imbalance, especially given the number of Windows desktops and laptops out there.

On the SSH front, a scant two pages (seven paragraphs) are devoted to what is arguably one of the cheapest and most effective ways to secure TCP application data - Secure Shell port forwarding. The authors write:

"This (port forwarding) can be useful for accessing one particular service, but is not practical for tunneling many different types of traffic."

Not so. There are a variety of tools, especially on the Windows and Mac OS X platforms that make it extremely easy to configure multiple port forward assignments that are automatically invoked after login and authentication. As I said above, I'm certainly biased on this note... my company makes two clients for the Windows platform that make this a "set-it-and-forget-it" proposition. I forward IMAP, SMTP, a mail pooling application, a corporate calendar, and a bug tracking application all day, every day. Using WiFi both at work and at home (over a cable connection), I have no worries about any of may data being intercepted and/or mangled.

SSH provides a high degree of interoperability between platforms, open source, freeware, and commercial clients and servers, and a high degree of ubiquity compared to other protocols offering the same security (OpenSSH ships with virtually every Linux distribution, Mac OS X, and Solaris). I'd really like to see a few more pages devoted to this topic (including SSL which is given equally brief discussion) in the next edition of this book.