The title of this week's tip is actually the title of an excellent book by Tara M. Swaminatha and Charles R. Elden (Addison-Wesley, 2002, ISBN: 0201760347). Although it's a bit dated because it omits coverage of 802.11g and 802.11x security issues (more on those topics in tips to come), it's nevertheless a worthwhile addition to anybody's wireless library because it deals with 802.11b (still the most common type of wireless networking technology in use) and because of its simple, straightforward coverage of key topics in wireless security and in designing more secure wireless networks. The book also covers BlueTooth and the Wireless Application Protocol (WAP) in some detail.
The book begins with an overview of these key wireless technologies, then goes on to explore typical wireless networking setups. These include so-called personal area networks (PANs, usually deployed in small-scale home settings), local area networks (usually abbreviated as WLANs, for wireless LANs, to distinguish them from wired networks), and wide area networks (WANs). Next, the book moves on to examine a series of four case studies with a primary emphasis on WLANs, including scenarios in a home, an office complex, a university campus and a hospital.
In explaining and exploring wireless security, the authors stress security as an ongoing process that must start with system design, and carry through pilot test, deployment, maintenance (and ultimately, migration to some successor). They also do a great job of covering key security principles to provide readers with the vocabulary and techniques necessary to assess risk and establish proper security implementations. Along the way, they provide cogent and succinct coverage of key security topics that include AAA (authentication, authorization, and accounting/auditing), access controls, confidentiality, integrity, privacy, and non-repudiation.
They also delve into wireless networking devices and configurations, cryptography, and privacy topics. The book concludes with a series of four chapters on what the authors call the I-ADD security analysis process:
- Identify targets and roles
- Analyze known attacks, vulnerabilities, and potential attacks to avoid or protect yourself from them
- Define a security strategy, establishing trade-offs among security, functionality, and management as your risk analysis requires
- Design security into your systems from the get-go
For those seeking to understand wireless security concepts and principles, this is a terrific book. But it is not a product guide or a step-by-step deployment manual. For those purposes, other tools make more sense (and will be covered in future tips).
Ed Tittel is a full-time writer, trainer, and consultant. He's written widely on security topics, including security policy tips for SearchSecurity.com, certification prep books for TICSA, CISSP, and Security+, and as a contributing editor for Certification Magazine. E-mail Ed at email@example.com.