book

WIRELESS & MOBILE DEVICE SECURITY Third Edition, 3rd Edition

Name: WIRELESS & MOBILE DEVICE SECURITY Third Edition, 3rd Edition
Author: Jim Doherty
ISBN: 9781284317862

by Jim Doherty

March 2026

Intermediate to advanced

400 pages

15h 45m

English

Jones & Bartlett Learning

Read now

Unlock full access

Cover
Title Page
Copyright Page
Dedication
Brief Contents
Contents
Preface
Acknowledgments
About the Authors
Chapter 1 The Evolution of Data and Wireless Networks

The Dawn of Data Communication
Early Data NetworksThe Internet RevolutionAdvances in Personal Computers
Networking and the Open Systems Interconnection Reference Model
The Seven Layers of the OSI Reference ModelCommunicating over a NetworkIP AddressingData Link LayerPhysical Layer
From Wired to Wireless
Business Challenges Addressed by Wireless Networking
The Economic Impact of Wireless NetworkingWireless Networking and the Way People Work
The Wi-Fi Market
IP Mobility
The Internet of Things
Chapter Summary
Key Concepts and Terms
Chapter 1 Assessment
Chapter 2 The Mobile Revolution
Introduction to Cellular (Mobile Communication)
Cellular Coverage MapsCellular Handoff
The Evolution of Mobile Networks
AMPS 1GGSM and CDMA 2GGPRS and EDGE 2G+3G Technology4G and LTE5G
The BlackBerry Effect and the BYOD Revolution
The Economic Impact of Mobile IP
The Business Impact of Mobility
Business Use Cases
Chapter Summary
Key Concepts and Terms
Chapter 2 Assessment
Chapter 3 Anywhere, Anytime, on Anything: “There’s an App for That!”
Anywhere, Anytime, on Anything
Convenience Trumps SecurityAlways Connected, Always On
The Rise of the Mobile Workforce
From Castle-and-Moat toward Zero Trust
The Mobile Cloud
Mobile Cloud ComputingCloud Apps versus Native Mobile Apps
Deploying Wireless: Different Strokes for Different Folks
The Industrial Internet of Things
IoT Wireless Technologies
Wireless Communication Technologies
IEEE 802.15.4Zigbee IPThreadMatterBluetooth Low EnergyZ-WaveRFIDNFC
Cloud VPNs, WANs, and Interconnects
Free Space OpticsWiMAXvSATSD-WAN
WAN Technologies for IoT
SigfoxLoRaWANLow-Power Wi-Fi (HaLow)Millimeter Radio
Private LTE Networks
Wireless Network Security
Lingering Security Issues
Mobile IP Security
IoT Security
Chapter Summary
Key Concepts and Terms
Chapter 3 Assessment
Chapter 4 Security Threats Overview: Wired, Wireless, and Mobile
What to Protect?
General Threat Categories
ConfidentialityIntegrityAvailabilityAccountabilityNonrepudiation
Threats to Wireless and Mobile Devices
Data Theft ThreatsDevice Control ThreatsSystem Access Threats
Risk Mitigation
Mitigating the Risk of BYODBYOD for Small-to-Medium Businesses
Defense in Depth
Authorization and Access Control
AAA
Information Security Standards
ISO/IEC 27001:2022ISO/IEC 27002:2022NIST SP 800-53NIST SP 800-171/CMMC
Regulatory Compliance
The Sarbanes–Oxley ActThe Gramm–Leach–Bliley ActThe Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health ActThe Payment Card Industry Data Security StandardGDPR & CCPADetrimental Effects of Regulations
Chapter Summary
Key Concepts and Terms
Chapter 4 Assessment
Chapter 5 How Do WLANs Work?
WLAN Topologies
802.11 Unlicensed BandsISM Unlicensed SpectrumU-NII Unlicensed Spectrum
WLAN Anatomy
Distributed Coordination Function (DCF)Wireless Client Devices802.11 Service Sets
Modulation Techniques
Analog ModulationPulse ModulationSpread SpectrumDigital ModulationMultiple Input Multiple Output (MIMO)
The 802.11 Standards
New Wi-Fi Alliance Naming System
Access Points
ConsumerProsumerEnterpriseWLAN Controller Architectures
How Wireless Connections Are Established
Selecting a Channel802.11 Frame TypesHighlights of the Connection Process:
Wireless Antennas
Omnidirectional AntennasSemi-Directional AntennasHighly Directional AntennasDetermining Coverage Area
Site Surveys
Capacity PlanningPredictive Site SurveysPassive Site SurveysActive Site SurveysSpectrum and Protocol Analysis
Chapter Summary
Key Concepts and Terms
Chapter 5 Assessment
Chapter 6 WLAN and IP Networking Threat and Vulnerability Analysis
Types of Attackers
Skilled vs. Unskilled AttackersInsiders vs. Outsiders
Targets of Opportunity versus Specific Targets
Scouting for a Targeted Attack
Physical Security and Wireless Networks
Social Engineering
Wardriving
Rogue Access Points
Rogue Access Point Vulnerabilities
Evil Twins
Bluetooth Versions and Architecture
Bluetooth VersionsRevisions ComparedBluetooth Architecture
Bluetooth BR/EDR Pairing and Security
BR/EDR Legacy PairingBR/EDR Secure Simple PairingBR/EDR Secure Connections
Bluetooth BLE Pairing and Security
BLE Legacy PairingLE Secure Connections
Is Bluetooth Vulnerable?
Packet Analysis
Wireless Networks and Information Theft
Malicious Data Insertion on Wireless Networks
Denial of Service Attacks
Peer-to-Peer Hacking over Ad-Hoc Networks
When an Attacker Gains Unauthorized Control
Chapter Summary
Key Concepts and Terms
Chapter 6 Assessment
Chapter 7 Basic WLAN Security Measures
Risk Assessment
Data Protection
Robust Security Network (RSN)WPA2Operational drawback to PSKWPA3
Basic Security Best Practices
Recommended Wi-Fi Data ProtectionAuthenticationGuest accessGood Wi-Fi coverageAccess Control
Ongoing Management Security Considerations
Firmware UpgradesPhysical SecurityPeriodic InventoryIdentifying Rogue WLANs/Wireless Access Points
Chapter Summary
Key Concepts and Terms
Chapter 7 Assessment
Chapter 8 Advanced WLAN Security Measures
Establishing and Enforcing a Comprehensive Security Policy
Compliance ConsiderationsPerimeter Security PoliciesZero Trust ArchitectureEmployee Access PoliciesGuest Access PoliciesRemote Access PoliciesEmployee Training and Education
Implementing Authentication and Authorization
802.1XRemote Authentication Dial-In User ServiceExtensible Authentication Protocol
Data Protection
WPA2 EnterpriseWPA3 Enterprise
User Segmentation
Virtual Local Area NetworksGuest Access and PasswordsQuarantiningTunneling or Local Break-outVirtual Private Networks
Ongoing Management Security Considerations
Intrusion Detection Systems and Intrusion Prevention SystemsMalware and Application SecurityURL Filtering
Managing Network and User Devices
Simple Network Management Protocol Version 3 (SNMP)Discovery ProtocolsIP ServicesCoverage Area and Wi-Fi RoamingHard Drive EncryptionWi-Fi as a Service
Chapter Summary
Key Concepts and Terms
Chapter 8 Assessment
Chapter 9 WLAN Auditing Tools
WLAN Discovery Tools
Enterprise Wi-Fi Audit Tools
Penetration Testing Tools
Metasploit
Password-Capture and Decryption Tools
Network Enumerators
Network Management and Control Tools
Wireless Protocol AnalyzersNetwork Management System
WLAN Hardware Audit Tools and Antennas
Hardware Audit ToolsAntennas
Attack Tools and Techniques
Radio Frequency JammingDenial of ServiceHijacking DevicesHijacking a Session
Network Utilities
Chapter Summary
Key Concepts and Terms
Chapter 9 Assessment
Chapter 10 WLAN and IP Network Risk Assessment
Risk Assessment
Risk Assessment on WLANsOther Types of Risk Assessment
IT Security Management
MethodologyLegal RequirementsOther Justifications for Risk Assessments
Security Risk Assessment Stages
PlanningInformation GatheringRisk AnalysisIdentifying and Implementing ControlsMonitoring
Security Audits
Chapter Summary
Key Concepts and Terms
Chapter 10 Assessment
Chapter 11 Mobile Communication Security Challenges
Mobile Phone Threats and Vulnerabilities
Exploits, Tools, and Techniques
AdwareRiskwareTrojan HorsesRootkit
Google Android Security Challenges
Android Exploitation ToolsAndroid Security ArchitectureAndroid Application ArchitectureGoogle Play
Apple iOS Security Challenges
Apple iOS ExploitsApple iOS Exploitation ToolsApple iOS ArchitectureThe App Store
Chapter Summary
Key Concepts and Terms
Chapter 11 Assessment
Chapter 12 Mobile Device Security Models
Google Android Security
The Android Security ModelThe Android SandboxFile-System PermissionsAndroid SDK Security FeaturesRooting and Unlocking DevicesAndroid Permission Model
Apple iOS Security
The Apple Security ModelApplication ProvenanceApple’s iOS SandboxSecurity ConcernsPermission-Based AccessEncryptionJailbreaking iOS
Android and iOS Evolution
Android Version EvolutioniOS Version EvolutionSecurity Challenges of Handoff-Type Features
BYOD and Security
Security Using Enterprise Mobility Management
Mobile Device ManagementMobile Application Management
Chapter Summary
Key Concepts and Terms
Chapter 12 Assessment
Chapter 13 Mobile Wireless Attacks and Remediation
Scanning the Corporate Network for Mobile Attacks
Security AwarenessScanning the Network: What to Look ForScanning for Vulnerabilities
The Kali Linux Security Platform
Scanning with Airodump-ng
Client and Infrastructure Exploits
Client-Side Exploits
Other USB Exploits
Network Impersonation
Network Security Protocol Exploits
RADIUS Protocol ExploitsPublic Certificate Authority ExploitsDeveloper Digital CertificatesBrowser Application and Phishing ExploitsDrive-By Browser Exploits
Mobile Software Exploits and Remediation
Improper Credential UsageInadequate Supply Chain SecurityInsecure Authentication/AuthorizationInsufficient Input/Output ValidationInsecure CommunicationInadequate Privacy ControlsInsufficient Binary ProtectionsSecurity MisconfigurationInsecure Data StorageInsufficient Cryptographic Strength
Chapter Summary
Key Concepts and Terms
Chapter 13 Assessment
Chapter 14 Fingerprinting Mobile Devices
Is Fingerprinting Good or Bad?
Types of Fingerprinting
Network Access Control and Endpoint FingerprintingNetwork Scanning and Proximity FingerprintingOnline or Remote Fingerprinting
Cookies
Cross-Site Profiling
Fingerprinting Methods
Passive FingerprintingExamining TCP/IP HeadersApplication IdentificationActive Fingerprinting
Unique Device Identification
Apple iOSAndroidHTTP Headers
New Methods of Mobile Fingerprinting
JavaScript
Fingerprinting Users
Fingerprinting Users via Biometrics
Spyware for Mobile Devices
Spy SoftwareSpy Cells: Stingray
Fingerprinting on Modern Cellular Networks
Mobile Network Mapping (MNmap)Man-in-the-Middle Attack
Chapter Summary
Key Concepts and Terms
Chapter 14 Assessment
Chapter 15 Mobile Malware and Application-Based Threats
The Mobile Threat Landscape
Software FragmentationFragmentation within fragmentation
Madware
Excessive Application PermissionsBanning ApplicationsMalware on Android DevicesMalware on Apple iOS DevicesMobile Malware Delivery MethodsMalware as a Service
Mobile Malware and Social Engineering
Malware and AIDrive-By Attacks
Mitigating Mobile Browser Attacks
Mobile Application Attacks
Mobile Malware Defense
Mobile Device Management
Penetration Testing and Smartphones
Chapter Summary
Key Concepts and Terms
Chapter 15 Assessment
Appendix A Answer Key
Appendix B Standard Acronyms
Glossary of Key Terms
References
Index

Content preview from WIRELESS & MOBILE DEVICE SECURITY Third Edition, 3rd Edition

Security Audits

A security audit follows many of the same steps as a risk assessment. The difference is that a security audit looks for proof that best practices and procedures were followed. In many cases, these audits are internal. However, the same person or team who performed the risk assessment should not carry out a security audit.

An auditor conducting a security audit for WLAN security vulnerabilities should look at the following points (in addition to those items examined on a wired network):

The potential for unauthorized access to the WLAN
Radio frequency (RF) leakage beyond the physical perimeter
The use of weak encryption protocols, such as WEP or WPA
The existence of rogue access points
If preshared keys are used, how widely the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Attack Vectors: The History of Cybersecurity

Publisher Resources

ISBN: 9781284317862

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

WIRELESS & MOBILE DEVICE SECURITY Third Edition, 3rd Edition

by Jim Doherty

Security Audits

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Attack Vectors: The History of Cybersecurity

Digital Forensics, Investigation, and Response 5E, 5th Edition

CompTIA® SecurityX® CAS-005 Certification Guide - Second Edition

Three Essentials for Agentic AI Security

Publisher Resources