Wireless security – an oxymoron? Not necessary with careful planning, configuration, understanding of 802.11 protocols and their weak spots. That is exactly what this tiny neat book provides to the readers – an information on the fundamentals of wireless security and practical solutions for deploying a secure 802.11 network.
Authors: Bruce Potter and Bob Fleck
Publisher: O´Reilly & Associates
Available for download sample chapter number 7 – “Mac OS X Station Security”
About the authors
Bruce Potter is the Manager of Network and Security Operations for VeriSign´s Mass Market´s division. He manages the security for over a hundred network devices and several hundred servers. He´s the founder of the Shmoo Group (www.shmoo.com), a web site for security, cryptography, and privacy professionals, and NoVAWireless (www.novawireless.org), a community-based wireless network project in Northern Virginia.
Bob Fleck is a security researcher and the Director of Methodology Development at Secure Software, Inc. He has been involved in wireless networking both through the Northern Virginia community wireless group and through commercial security research into the topology of wireless networks. His recent work includes investigation of layer two attacks against wireless networking devices.
The book begins with an introduction to wireless networks basics: 802.11 suite of protocols, Wired Equivalency Protocol (WEP) and talks briefly about radio transmission issues. The followed chapter deals with types of attacks that can be launched against wireless networks. The authors dedicate a great portion of the chapter to various Denial-of-Service attacks (against both Wired and Wireless networks). Topics such as Address Resolution Protocol (ARP) poisoning and Man-In-The-Middle (MITM) attacks are also covered in the chapter.
After covering the basics of wireless networks, their security and risks, the book is divided into three parts, each one of them covering the security issues of one of the three major components of a wireless network – station, access point (AP) and gateway.
In the first part, the authors explain methods for securing and configuring correctly a wireless station (client) on a wide range of platforms: FreeBSD, Linux, OpenBSD, Mac OS X and Windows. Topics like secure kernel configuration, firewall setup and audit logging (swatch, syslog) are being discussed.
Moving further, the authors cover the configuration and security of access points. The first half of the relevant chapter provides information on hardware access points, but those who are looking for alternative solutions will find the second half of it, where the authors discuss how to setup securely Linux, FreeBSD and OpenBSD wireless access point, very useful.
The book ends up with a discussion on the configuration and security issues of the network gateway. In this part the authors provide a practical guide with configuration samples to installing a properly secured network gateway for a wireless network on Linux, OpenBSD and FreeBSD. In this part, the readers also get familiar with various authentication and encryption tools to enhance wireless security – IPSec, Portals, 802.1x and VPNs.
“802.11 Security” is not just another theoretical book discussing wireless security, but rather a book, which is written in a practical manner that helps the reader to easily setup a secure wireless network. Further more, the book covers a wide range of operating systems (Linux/*BSD), which is pretty rare to find in wireless related books.
This book is essential for network administrators, system engineers, wireless enthusiasts and people who are willing to deploy a wireless network, especially in a non-Windows environment. I would not recommend it though to Windows users.