For the best possible introduction for this kind of book, I'll quote Ivan Arce, Core Security Chief Technology Officer, who in the recent interview for HNS categorized security of wireless networks as: "very close to non-existent". Wireless Local Area Networks are a relatively new solution, so the book publishers started to release publications discussing wireless security threats. Today we take a look at Carter/Shumway "Wireless Security End to End".
About the authors
Brian Carter, CISSP, CSS-1, is a former intelligence analyst for both the military and law enforcement who currently works as an Information Protection Analyst for NatCity Investments, handling firewalls, intrusion detection systems, cryptography, and security architecture.
Russell Shumway, CISSP, is a Principal Consultant at Guardent. He was previously the Technical Director of Global Integrity Corporation's REACT program, where he provided incident response services for clients worldwide. Russell is the coauthor of Incident Response.
Inside the book
The book starts with an introduction to Wireless networking. Over just a couple of pages, the readers are introduced with the most important facts about WiFi (802.11b), HomeRF, Bluetooth and the ever present protocol with a questionable future - WAP. The current situation with wireless security, or better said wireless insecurity, has an important connection with the non experienced staff and management members, that doesn't understand wireless threats. Because of this authors take a closer look towards the attacks targeted especially against wireless networks. Some of the terms that are closely inspected in this chapter include attacks on integrity and confidentiality, wardriving, LAN jacking, wireless eardropping, WEP cracking and usage of rougue adapters. For better pointing out these risks, every mentioned attack type is followed with a "popularity and risk management" paragraph that will be of use to the beginners in the wireless security field.
While talking about security, the authors also introduce the "dark side" of the Information Technology era - hackers. The book uses the term hacker as a bad guy, but the authors give a clear disclaimer on the different terms used for illegal activities. The authors' knowledge of the hacker culture can be seen from, somewhat, a mini-essay "The Classic Hacker - Myth and Mythology", located somewhere in the third chapter of the "Behind the Threat" part of the book.
"Network security components" is the title of the second part, where the authors discuss various important parts of network security. Before discussing the specific wireless security layouts and issues, Carter and Shumway are walking the reader through various concepts, including network intrusion detection and protection, host based security and virtual private networking. In this especially informative part of the book, we are introduced with both the network security fundamentals that every administrator should at least take a look at and some more complex situations, like exploiting the remote VPN user with a split tunnel and usage of hardware based keylogging device. I'll note that the network security overview is spiced up with some 802.11 situations, so most of the topics include some kind of reference to the wireless environment.
Incident response and analysis is covered within a chapter dealing with Event Correlation or Security Information Management (SIM) systems. Besides just mentioning the system log files and centralized security databases, the chapter briefly describes a couple of the commercial tools such as netForensics, e-Security and Private I.
After the first two book parts acted as an opening on wireless and network security fundamentals, the third one holds a totally wireless concentrated title - "Wireless Security Components". Authors open this section with the best possible way - describing the out-of-the-box security tools built into 802.11b and providing some criteria, where "maybe" the standard security WiFi features would be enough.
Cisco Aironet AP350 wireless access point is taken as an example in a case scenario, where the authors present a sample wireless equipment configuration for small office and home. This graphical guide shows acts like disabling the SSID beacon, changing the default SSID, using MAC address filtering, deploying WEP and setting up logging. All the examples are captured from the web interface of this Cisco device, as the authors note that the Aironet command line interface is "a pain, to put it mildly". As no SOHO would operate without a client user, authors provide a brief description connected to wireless client configuration.
Your organization is using a security policy, right? As wireless networks and communication ways are rather new, they usually don't have any kind of reference in the company' security policy. "Web Security End to End" authors try to help the policy writers with a chapter, where they note the challenges and issues that should be considered while writing the wireless security policy. This is a highly important chapter and should be taken into consideration for any organization that is planning some kind of wireless deployment.
The authors note that wireless security assessments are not unlike the wired security assessments - there are many different types and it is important to know the benefits and drawbacks of each one. The chapter containing the "Preparing for a Wireless Security Survey" is pure gold, as the authors recommend the steps for performing a comprehensive security survey. This is followed with several useful checklists, each targeting different wireless deployment scenarios. Scenarios include: Wireless SOHO, Wireless Enterprise with 802.11x, Wireless Enterprise with IPSEC and Wireless public access. Following the way of hacking your network to test its security, authors give an overview of the most popular security tools you'll need and offer their advice on the preferred hardware.
The last part of the book is somewhat the most interesting, as it deals with advanced wireless implementations. As the foundations of WiFi were found out to be seriously insecure, a number of vendors modified the standard to offer a secure way of connecting wireless users. One of the biggest companies in the IT field, Cisco Systems, offered a solution in the way of Lightweight Extensible Authentication Protocol (LEAP). LEAP is one of the advanced topics the authors focused on and the result is a quite detailed guide on implementing a secure Wireless LAN using this protocol. If you are interested in topics related to wireless security, you probably heard of Funk Software and their products. Their Odyssey Server is used as an example on setting up Wireless LAN authentication and key management with RADIUS.
Most of the wireless security whitepapers suggest that wireless networks should use Internet Protocol Security (IPSec). IPSec is discussed on the couple of spots throughout the book, but in the twentieth chapter, the authors take a practical look on setting up wireless access over this protocol. Two mini scenarios are given here - one for a medium-to-large enterprise and the other for small enterprises. The book is closed with the authors' point of view on setting up secure public access wireless networks and point-to-point connections.
I'm pleasantly surprised how many topics authors covered in just about 300 pages. The book is well organized and provides a great overview on wireless security and beyond. As a small, but notable addition, the first page of the book provides a diagram where the reader is, accordingly to his/her needs, guided to the appropriate chapter for the targeted information.
The authors truly provided an end-to-end guide that should suite both the future wireless administrators (although the book isn't so technical), as well as the members of management interested in deploying wireless communications.