IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

BK8021SC.RVW 20030404

"802.11 Security", Bruce Potter/Bob Fleck, 2003, 0-596-00290-4,
%A Bruce Potter
%A Bob Fleck
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%D 2003
%G 0-596-00290-4
%I O'Reilly & Associates, Inc.
%O U$34.95/C$54.95 800-998-9938 fax: 707-829-0104 info@ora.com
%O http://www.amazon.com/exec/obidos/ASIN/0596002904/robsladesinterne
%O http://www.amazon.ca/exec/obidos/ASIN/0596002904/robsladesin03-20
%P 176 p.
%T "802.11 Security"

The preface states that this book is aimed at the network engineer, and the security engineer, or the hobbyist, but it is not an introductory work. The reader will need to know Linux to the kernel configuration level, and TCP/IP networking to the ARP (Address Resolution Protocol) level.

Part one addresses the basics of 802.11 security. Chapter one provides a background, and looks at issues, in wireless communications, although primarily from a communications, rather than security, perspective. There is a review of attacks and risks, in chapter two, and for once there is a comparison of wired versus wireless hazards, ranging from the common (interference from portable phones) to the sophisticated (signal strength attacks related to diversity antennae).

Part two deals with station, or remote device, security. Chapter three examines attacks against machines and networks, and suggests the use of SSL (Secure Sockets Layer) and SSH (Secure SHell). Configuration recommendations for the kernel, startup, firewall, and other aspects of FreeBSD are covered in chapter four. Chapters five, six, and seven do the same for Linux, OpenBSD, and Mac OS X, respectively (with a concentration on the AirPort utilities for the Mac). Windows, in chapter eight, reviews basic workstation items only, with limited advice and direction.

Part three looks at access port security, and the setup of access points under Linux, FreeBSD, and OpenBSD are all contained in chapter nine.

Gateway security is the topic of part four, with chapter ten looking at gateways and firewalls, while the use of the three UNIX variants as gateways is discussed in chapters eleven, twelve, and thirteen. Authentication and encryption, mostly with IPSec, is reviewed in chapter fourteen. A rather vague closing is given in fifteen.

As noted, this is not a book for beginners. Presumably readers should already know the most common dangers of wireless LANs, such as allowing default access passwords to remain active, and broadcasting the station set identifier. WEP (Wired Equivalent Privacy) is dismissed as irrelevant: since it is deeply flawed, one can assume that the concentration on technologies such as IPSec and station security is of greater use than suggesting minor improvements in the use of WEP keys and initialization vectors. However, it is a bit of a pity that the authors took this route. With the addition of possibly an extra fifty pages this could have been an excellent reference for all wireless LAN administrators.

copyright Robert M. Slade, 2003 BK8021SC.RVW 20030404