O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Wireless and Mobile Device Security

Book Description

The world of wireless and mobile devices is evolving day-to-day, with many individuals relying solely on their wireless devices in the workplace and in the home. The growing use of mobile devices demands that organizations become more educated in securing this growing technology and determining how to best protect their assets. Written by an industry expert, Wireless and Mobile Device Security explores the evolution of wired networks to wireless networking and its impact on the corporate world. Using case studies and real-world events, it goes on to discuss risk assessments, threats, and vulnerabilities of wireless networks, as well as the security measures that should be put in place to mitigate breaches. The text closes with a look at the policies and procedures in place and a glimpse ahead at the future of wireless and mobile device security.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Contents
  5. Dedication
  6. Preface
  7. Acknowledgments
  8. Part One Introduction to Wireless and Mobile Networks
    1. Chapter 1 The Evolution of Data Networks
      1. The Dawn of Data Communication
        1. Early Data Networks
        2. The Internet Revolution
        3. Advances in Personal Computers
      2. Mobile Phones and the Creation of the Other New Network
      3. Computers Go Mobile
      4. The Convergence of Mobile and Data Networks
        1. Business Challenges Addressed by Wireless Networking
        2. IP Mobility
      5. The Impact of Bring Your Own Device
        1. Common Operating Environment
        2. BYOD: An IT Perspective and Policy
      6. The Basic Tenets of Network Security
      7. The Evolution of Cybercrime
      8. Wireless Network Security
      9. Mobile IP Security
      10. Chapter Summary
      11. Key Concepts and Terms
      12. Chapter 1 Assessment
    2. Chapter 2 The Evolution of Wired Networking to Wireless Networking
      1. Networking and the Open System Interconnection Reference Model
        1. The Seven Layers of the OSI Reference Model
        2. Communicating over a Network
        3. The Data Link Layer
        4. The Physical Layer
      2. From Wired to Wireless
      3. The Economic Impact of Wireless Networking
      4. Wireless Networking and the Way People Work
        1. Health Care
        2. Warehousing and Logistics
        3. Retail
        4. General Business and Knowledge Workers
      5. The Wi-Fi Market
      6. How Wi-Fi Affects Developing Nations
      7. The Internet of Things
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 2 Assessment
    3. Chapter 3 The Mobile Revolution
      1. Introduction to Cellular or Mobile Communication
        1. Cellular Coverage Maps
        2. Frequency Sharing
        3. Cellular Handoff
      2. The Evolution of Mobile Networks
        1. AMPS 1G
        2. GSM and CDMA 2G
        3. GPRS and EDGE
        4. 3G Technology
        5. 4G and LTE
      3. BYOD and the BlackBerry Effect
      4. The Economic Impact of Mobile IP
      5. The Business Impact of Mobility
      6. Business Use Cases
        1. Any Business Involving the Moving of People or Things
        2. Delivery (Drop Off) Loss Mitigation
        3. Information Dissemination
        4. Enterprise Business Management Applications
      7. Chapter Summary
      8. Key Concepts and Terms
      9. Chapter 3 Assessment
    4. Chapter 4 Security Threats Overview: Wired, Wireless, and Mobile
      1. What to Protect?
      2. General Threat Categories
        1. Confidentiality
        2. Integrity
        3. Availability
        4. Accountability
        5. Nonrepudiation
      3. Threats to Wireless and Mobile Devices
        1. Data Theft Threats
        2. Device Control Threats
        3. System Access Threats
      4. Risk Mitigation
        1. Mitigating the Risk of BYOD
        2. BYOD for Small-to-Medium Businesses
        3. Defense in Depth
      5. Authorization and Access Control
        1. AAA
      6. Information Security Standards
        1. ISO/IEC 27001:2013
        2. ISO/IEC 27002:2013
        3. NIST SP 800-53
      7. Regulatory Compliance
        1. The Sarbanes-Oxley Act
        2. The Gramm-Leach-Bliley Act
        3. The Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act
        4. The Payment Card Industry Data Security Standard
        5. Detrimental Effects of Regulations
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 4 Assessment
  9. Part Two WLAN Security
    1. Chapter 5 How Do WLANs Work?
      1. WLAN Topologies
        1. Wireless Client Devices
        2. 802.11 Service Sets
      2. The 802.11 Standards
      3. 802.11 Unlicensed Bands
        1. Narrowband and Spread Spectrum
        2. Multipath
        3. Frequency Hopping Spread Spectrum
        4. Direct Sequence Spread Spectrum
      4. Wireless Access Points
        1. How Does a WAP Work?
        2. WAP Architecture
      5. Wireless Bridges
        1. Wireless Workgroup Bridges
        2. Residential Gateways
        3. Enterprise Gateways
      6. Wireless Antennas
        1. Omnidirectional Antennas
        2. Semi-Directional Antennas
        3. Highly Directional Antennas
        4. MIMO Antennas
        5. Determining Coverage Area
      7. Site Surveys
        1. Spectrum and Protocol Analysis
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 5 Assessment
    2. Chapter 6 WLAN and IP Networking Threat and Vulnerability Analysis
      1. Types of Attackers
        1. Skilled Versus Unskilled Attackers
        2. Insiders Versus Outsiders
      2. Targets of Opportunity Versus Specific Targets
      3. Scouting for a Targeted Attack
      4. Physical Security and Wireless Networks
      5. Social Engineering
      6. Wardriving
      7. Rogue Access Points
        1. Rogue AP Vulnerabilities
        2. Evil Twins
      8. Bluetooth Vulnerabilities and Threats
        1. Bluejacking
        2. Bluesnarfing
        3. Bluebugging
        4. Is Bluetooth Vulnerable?
      9. Packet Analysis
      10. Wireless Networks and Information Theft
      11. Malicious Data Insertion on Wireless Networks
      12. Denial of Service Attacks
      13. Peer-to-Peer Hacking over Ad Hoc Networks
      14. When an Attacker Gains Unauthorized Control
      15. Chapter Summary
      16. Key Concepts and Terms
      17. Chapter 6 Assessment
    3. Chapter 7 Basic WLAN Security Measures
      1. Design and Implementation Considerations for Basic Security
        1. Radio Frequency Design
        2. Equipment Configuration and Placement
        3. Interoperability and Layering
        4. Security Management
      2. Authentication and Access Restriction
        1. SSID Obfuscation
        2. MAC Filters
        3. Authentication and Association
        4. VPN over Wireless
        5. Virtual Local Area Networks
      3. Data Protection
        1. Wired Equivalent Privacy
        2. Wi-Fi Protected Access
        3. Wi-Fi Protected Access 2
      4. Ongoing Management Security Considerations
        1. Firmware Upgrades
        2. Physical Security
        3. Periodic Inventory
        4. Identifying Rogue WLANs/Wireless Access Points
      5. Chapter Summary
      6. Key Concepts and Terms
      7. Chapter 7 Assessment
    4. Chapter 8 Advanced WLAN Security Measures
      1. Establishing and Enforcing a Comprehensive Security Policy
        1. Centralized Versus Distributed Design and Management
        2. Remote Access Policies
        3. Guest Policies
        4. Quarantining
        5. Compliance Considerations
        6. Employee Training and Education
      2. Implementing Authentication and Access Control
        1. Extensible Authentication Protocol
        2. Remote Authentication Dial-In User Service
        3. Intrusion Detection Systems and Intrusion Prevention Systems
        4. Protocol Filtering
        5. Authenticated Dynamic Host Configuration Protocol
      3. Data Protection
        1. WPA2 Personal and Enterprise Modes
        2. Internet Protocol Security
        3. Virtual Private Networks
        4. Malware and Application Security
      4. User Segmentation
        1. Virtual Local Area Networks
        2. Guest Access and Passwords
        3. Demilitarized Zone Segmentation
      5. Managing Network and User Devices
        1. Simple Network Management Protocol Version 3
        2. Discovery Protocols
        3. IP Services
        4. Coverage Area and Wi-Fi Roaming
        5. Client Security Outside the Perimeter
        6. Device Management and Use Logons
        7. Hard Drive Encryption
        8. Quarantining
      6. Chapter Summary
      7. Key Concepts and Terms
      8. Chapter 8 Assessment
    5. Chapter 9 WLAN Auditing Tools
      1. WLAN Discovery Tools
        1. NetStumbler and InSSIDer
        2. Kismet
        3. HeatMapper
      2. Penetration Testing Tools
        1. Metasploit
        2. Security Auditor’s Research Assistant
      3. Password-Capture and Decryption Tools
        1. Network Enumerators
      4. Network Management and Control Tools
        1. Wireless Protocol Analyzers
        2. Aircrack-ng
        3. Airshark
        4. Network Management System
      5. WLAN Hardware Audit Tools and Antennas
        1. Hardware Audit Tools
        2. Antennas
      6. Attack Tools and Techniques
        1. Radio Frequency Jamming
        2. Denial of Service
        3. Hijacking Devices
        4. Hijacking a Session
      7. Network Utilities
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 9 Assessment
    6. Chapter 10 WLAN and IP Network Risk Assessment
      1. Risk Assessment
        1. Risk Assessment on WLANs
        2. Other Types of Risk Assessment
      2. IT Security Management
        1. Methodology
        2. Legal Requirements
        3. Other Justifications for Risk Assessments
      3. Security Risk Assessment Stages
        1. Planning
        2. Information Gathering
        3. Risk Analysis
        4. Identifying and Implementing Controls
        5. Monitoring
      4. Security Audits
      5. Chapter Summary
      6. Key Concepts and Terms
      7. Chapter 10 Assessment
  10. Part Three Mobile Security
    1. Chapter 11 Mobile Communication Security Challenges
      1. Mobile Phone Threats and Vulnerabilities
      2. Exploits, Tools, and Techniques
      3. Google Android Security Challenges
        1. Criticism of Android
        2. Android Exploitation Tools
        3. Android Security Architecture
        4. Android Application Architecture
        5. Google Play
      4. Apple iOS Security Challenges
        1. Apple iOS Exploits
        2. Apple iOS Architecture
        3. The App Store
      5. Windows Phone Security Challenges
        1. Windows Phone OS Exploits
        2. Windows Phone Security Architecture
        3. Windows Phone Architecture
        4. Windows Store
      6. Chapter Summary
      7. Key Concepts and Terms
      8. Chapter 11 Assessment
    2. Chapter 12 Mobile Device Security Models
      1. Google Android Security
        1. The Android Security Model
        2. The Android Sandbox
        3. File-System Permissions
        4. Android SDK Security Features
        5. Rooting and Unlocking Devices
        6. Android Permission Model
      2. Apple iOS Security
        1. The Apple Security Model
        2. Application Provenance
        3. iOS Sandbox
        4. Security Concerns
        5. Permission-Based Access
        6. Encryption
        7. Jailbreaking iOS
      3. Windows Phone 8 Security
        1. Platform Application Security
        2. Security Features
        3. Secure Boot
        4. System App Integrity
        5. Securing Apps
        6. Windows Phone Security Issues
      4. Security Challenges of Handoff-Type Features
      5. BYOD and Security
      6. Security Using Enterprise Mobility Management
        1. Mobile Device Management
        2. Mobile Application Management
      7. Chapter Summary
      8. Key Concepts and Terms
      9. Chapter 12 Assessment
    3. Chapter 13 Mobile Wireless Attacks and Remediation
      1. Scanning the Corporate Network for Mobile Attacks
        1. Security Awareness
        2. Scanning the Network: What to Look For
        3. Scanning for Vulnerabilities
        4. The Kali Linux Security Platform
        5. Scanning with Airodump-ng
      2. Client and Infrastructure Exploits
        1. Client-Side Exploits
        2. Other USB Exploits
        3. Network Impersonation
      3. Network Security Protocol Exploits
        1. RADIUS Impersonation
        2. Public Certificate Authority Exploits
        3. Developer Digital Certificates
      4. Browser Application and Phishing Exploits
        1. Captive Portals
        2. Drive-By Browser Exploits
      5. Mobile Software Exploits and Remediation
        1. Weak Server-Side Security
        2. Unsecure Data Storage
        3. Insufficient Transport Layer Protection
        4. Unintended Data Leakage
        5. Poor Authorization and Authentication
        6. Broken Cryptography
        7. Client-Side Injection
        8. Security Decisions via Untrusted Inputs
        9. Improper Session Handling
        10. Lack of Binary Protections
      6. Chapter Summary
      7. Key Concepts and Terms
      8. Chapter 13 Assessment
    4. Chapter 14 Fingerprinting Mobile Devices
      1. Is Fingerprinting a Bad or a Good Thing?
      2. Types of Fingerprinting
        1. Network Scanning and Proximity Fingerprinting
        2. Online or Remote Fingerprinting
      3. Fingerprinting Methods
        1. Passive Fingerprinting
        2. Active Fingerprinting
      4. Unique Device Identification
        1. Apple iOS
        2. Android
        3. HTTP Headers
        4. New Methods of Mobile Fingerprinting
      5. Spyware for Mobile Devices
        1. Spy Software
        2. Spy Cells: Stingray
      6. Chapter Summary
      7. Key Concepts and Terms
      8. Chapter 14 Assessment
    5. Chapter 15 Mobile Malware and Application-Based Threats
      1. Malware on Android Devices
        1. Criminal and Developer Collaboration
        2. Madware
        3. Excessive Application Permissions
      2. Malware on Apple iOS Devices
      3. Malware on Windows Phone Devices
      4. Mobile Malware Delivery Methods
        1. Mobile Malware and Social Engineering
        2. Captive Portals
        3. Drive-By Attacks
        4. Clickjacking
        5. Likejacking
        6. Plug-and-Play Scripts
        7. Mitigating Mobile Browser Attacks
      5. Mobile Malware Defense
      6. Mobile Device Management
      7. Penetration Testing and Smartphones
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 15 Assessment
  11. Appendix A Answer Key
  12. Appendix B Standard Acronyms
  13. Glossary of Key Terms
  14. References
  15. Index