Mention wireless networks, and the question of security will soon follow. It's not surprising that in spite of compelling business arguments for going wireless, many companies are holding back because of security concerns. But, while it's true that wireless networks create security issues that don't exist in wired networks, the issues are not insurmountable. 802.11 Security shows how you can plan for and successfully contend with security obstacles in your wireless deployment. This authoritative book not only explains the security issues, but shows you how to design and build a your own secure wireless network.802.11 Security covers the entire process of building secure 802.11-based wireless networks, in particular, the 802.11b ("Wi-Fi") specification. The authors provide detailed coverage of security issues unique to wireless networking, such as Wireless Access Points (WAP), bandwidth stealing, and the problematic Wired Equivalent Privacy component of 802.11. You'll learn how to configure a wireless client and to set up a WAP using either Linux or Free BSD. You'll also find thorough information on controlling network access and encrypting client traffic.Beginning with an introduction to 802.11b in general, the book gives you a broad basis in theory and practice of wireless security, dispelling some of the myths along the way. In doing so, they provide you with the technical grounding required to think about how the rest of the book applies to your specific needs and situations. Next, the book details the technical setup instructions needed for both the Linux and FreeBSD operating systems.Some of the topics covered include:
Station Security for Linux, FreeBSD, Open BSD, Mac OS X and Windows
Setting Up Access Point Security
Gateway Security, including building Gateways, firewall Rules, Auditing, etc.
Authentication and Encryption
FreeBSD IPsec client and gateway configuration
Linux IPsec client and gateway configuration
802.11 Security is a book whose time has come. If you are a network, security, or systems engineer, or anyone interested in deploying 802.11b-based systems, you'll want this book beside you every step of the way.
is the Manager of Network and Security Operations for VeriSign's Mass Market's division. He manages the security for over a hundred network devices and several hundred servers. He's the founder of the Shmoo Group (www.shmoo.com), a web site for security, cryptography, and privacy professionals, and NoVAWireless (www.novawireless.org), a community-based wireless network project in Northern Virginia.
is a security researcher and the Director of Methodology Development at Secure Software, Inc. He has been involved in wireless networking both through the Northern Virginia community wireless group and through commercial security research into the topology of wireless networks. His recent work includes investigation of layer two attacks against wireless networking devices.
Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of 802.11 Security is an Indian ringnecked parakeet. Indian ringnecked parakeets are native to northern Africa and India, but are kept as pets all over the world. They get their name from the distinct black ring that males developupon reaching maturity.Though Indian ringnecked parakeets are usually green, breeders have been able to produce blue, yellow, and albino mutations. Their beaks are dark coral on top and black underneath. The birds can reach between 16 and 20 inches from the top of their heads to the tips of their long tails.These parakeets are very playful and require a lot of attention when kept in captivity. They can learn to talk and are talented whistlers. When treated well and kept active, they can live up to 30 years. Darren Kelly was the production editor, Maureen Dempsey was the copyeditor, and Jan Fehler was the proofreader for 802.11 Security. Nancy Crumpton provided production services and wrote the index. Linley Dolby and Claire Cloutier provided quality control.Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.David Futato designed the interior layout. This book was converted to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is Lucas-Font's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia FreeHand 9 and Adobe Photoshop 6. The tip and warning icons were drawn by Christopher Bing. Linley Dolby wrote the colophon.
Let me start by saying that the book offers several good ideas on security wireless networks and explaining the lower levels of the wifi protocols. Then the disussion bleeds into configuring several different OSes to use WEP and wireless networks. Then security comes. The several OSes that are demonstrated are similar in their configuration. However, many of the methods are non-trivial for those not technically minded.
Furthermore, the book becomes very repeditive explaining the same security measures over and over again.
Chapter 14, which covers higher level encryption, should have gone IN DEPTH with solutions such as IPsec and SSL. Further discussion of SSH tunnels in this chapter would have been welcome as well. Unfortunatly, this chapter comes AFTER examples of setting up network gateways where you would want to incorperate such protocols.
I can not say I would reccommend this book to any other competent system administrator. Had it gone in-depth with high level encryption schemes and deployment examples I would have considered it very valuable.
I must admit to being somewhat disappointed with his book. In the interest of full disclosure, let me say right up front that I work for a Windows-focused software company that produces a line of Secure Shell (SSH) tools. With that out in the open, my two biggest disappointments are the lack of practical steps Windows users can take to secure a wirelss LAN and their own workstations and the factually incorrect and far too brief discussion of higher level security mechanisms (SSH and SSL) that can be used to secure WiFi traffic.
On the Windows front, the authors fail to provide any substantial documentation (a few screen shots might have been nice) showing how to enable and use WEP (which they correctly recommend in spite of its flaws). The entire section devoted to securing a Windows workstation is only three pages long! I know that general topic O'Reilly titles favor the *NIX world but this is really an imbalance, especially given the number of Windows desktops and laptops out there.
On the SSH front, a scant two pages (seven paragraphs) are devoted to what is arguably one of the cheapest and most effective ways to secure TCP application data - Secure Shell port forwarding. The authors write:
"This (port forwarding) can be useful for accessing one particular service, but is not practical for tunneling many different types of traffic."
Not so. There are a variety of tools, especially on the Windows and Mac OS X platforms that make it extremely easy to configure multiple port forward assignments that are automatically invoked after login and authentication. As I said above, I'm certainly biased on this note... my company makes two clients for the Windows platform that make this a "set-it-and-forget-it" proposition. I forward IMAP, SMTP, a mail pooling application, a corporate calendar, and a bug tracking application all day, every day. Using WiFi both at work and at home (over a cable connection), I have no worries about any of may data being intercepted and/or mangled.
SSH provides a high degree of interoperability between platforms, open source, freeware, and commercial clients and servers, and a high degree of ubiquity compared to other protocols offering the same security (OpenSSH ships with virtually every Linux distribution, Mac OS X, and Solaris). I'd really like to see a few more pages devoted to this topic (including SSL which is given equally brief discussion) in the next edition of this book.