Publisher: Prentice Hall PTR
I thought a lot about how to start this review and I think that a quote by Niels Ferguson, the author of the "Michael" message integrity code algorithm used in TKIP, provides an eye-catching opening - "Using a wireless network for mission-critical data is plain stupid. Using it for life-critical data is criminally negligent". Will this book help you secure your wireless LAN? Read on to find out.
About the author
Lee Barken, CCNA, MCP, CISSP, CPA has been in the IT industry since 1987. He is co-founder of San Diego Wireless Users Group and has authored many articles and speaks at national conferences on the topic of wireless LAN technology and security. Lee teaches the "WLAN Deployment and Security" class for University of California at San Diego Extension and is writing a comprehensive book on wireless security. He was an IT consultant and network security specialist for Ernst & Young's Information Technology Risk Management practice, and KPMG's Risk and Advisory Services practice.
Inside the book
The situation with Wi-Fi security is still in its early stages. We have all heard about WEP vulnerabilities, but as the author cleverly notes, Wireless Equivalent Privacy wasn't meant to be a strong security feature, so it didn't deliver what regular users expected from it. Before the new standards are fully confirmed, we have technologies such as WEP, WPA and 802.1X, each offering a diverse security status.
"One of the great things about Wi-Fi is that it is so easy to implement. One of the bad things about the Wi-Fi is that it is so easy to implement". This is a perfect starting point when discussing the needs and ways to secure your wireless network. After just briefly introducing the readers on the issues that should be considered, when starting a Wi-Fi network, the author goes further in describing the basics of 802.11 networks. Novice readers will be delighted to see that all of the topics, including spread spectrum (FHSS and DSSS), 802.11a/802.11b differences and network topologies are visualized through diagrams and info tables, which helps for better understanding of these topics.
WEP is vulnerable, but it is to many homes and organizations, the only security mechanism they can use. Because of this, the author constructively describes the weak points of WEP (with the appropriate practical examples) and concludes the chapter with some tips on how to use the best out of this flawed mechanism. This is followed by a chapter on wardriving, as seen from the attacker's perspective.
The next two chapters provide the readers with a decent chunk of information on Wi-Fi Protected Access (WPA), Temporary Key Integrity Protocol (TKIP) and 802.1X. Don't expect too much information about these topics, as the author mostly takes care of things that should be of interest to a regular Wi-Fi user and administrator that is a bit skeptical about the near future of Wi-Fi security.
The final few chapters are somewhat the most interesting to the readers keen on practical examples. In the first scenario, the author presents a step-by-step guide through configuring a VPN Server on Windows 2000. As for securing and managing a home environment, Barken goes deeper into open source products such as Linux Embedded Appliance Firewall (LEAF), Bering, Sputnik and ReefEdge Dolphin specialized Linux distributions. Refreshing enough, he provides installation methods and troubleshooting tips for combining these distributions with old hardware, into creating "Access Points on steroids".
The enterprise security sphere is also quite well covered through a 802.1X setup with configuration details on Windows 2000 Server based RADIUS implementation, certification authority and EAP-TLS. I like the way author combines commercial products with enterprise environment and free open source products with home environment. It is a nice touch of reality, as most of the home users don't have $$$ to invest in advanced operating systems and commercial products.
Appendixes, as usual, contain even more interesting information on the subject. Barken here gives a nice overview of RF, which will be of interest to wireless buffs, as it's always nice to know something extra about radio waves, modulations and antennas. Another valuable extra is a two page sheet categorizing 802.11 frames on management, controlled and data frames.
The last portion of the appendixes section provides yet another practical guide, which will surely make the geek in you happy. You heard of cantennas right? Cantennas are costless home made products that are meant to replace the $50-$XXX commercial antennas. They are often made from Pringles or Nescafe cans and with all the right guides and cheap equipment, they will provide all the functionality of the mentioned vendor antennas. If you ever tried to make a cantenna, you surely know that there are several good guides that can be found on the Internet. I read most of those guides and I can say that the Barken's guide, provided in appendix D, is one of the best, if not the most user friendly one. It contains all the needed information, a shopping list with cantenna parts and a number of photos that visually present the cantenna building procedure.
The book copy I reviewed was a late July draft, but I presume there aren't any bigger changes to the written material. It has 240 pages and I'm quite happy to say that Barken managed to use this, for a book relatively short space, to create an extremely good Wi-Fi security guide. The author goes straight to the point and as early, as on page 3, he talks about the detection of rogue access points.
I've read a quite a number of books on wireless security and it is nice to see something as refreshing as this Barken's manuscript. The biggest advantages this book provides over other similar releases are the author's casual writing style combined with a great quantity of information, backed up by diagrams and illustrations. The book can be read by almost anyone, but I think it will suite the best to the newcomers in the wireless security field and to those interested into beefing up the state of their Wi-Fi network.
The book is also written in a user friendly manner with metaphors such as, when he calls access point beacon broadcast a "Wi-Fi mating call" and RF leakage as "RF bleeding". Nothing much, but I personally like when some specific technical parts aren't written in a strict academic way without any funny-type remarks. The content is well categorized and the book can be read within a couple of hours, so you will probably read it in one take.
Another thing that adds to the quality of this book is its release date (August 2003), which means that the author talks about some relatively new (if we can define the word "new" in the Internet era) technologies and happenings related to the Wi-Fi Alliance and especially to the new security initiatives. As you probably understand by now, I really liked the book and I gladly recommend you to take a look at it.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.