Press Release: December 18, 2002
New Book Dispels Myths of Wireless Security: O'Reilly Releases "802.11 Security"
Sebastopol, CA--History is full of otiose attempts at security: the Great Wall of China, impregnable to blows but easily breached by bribe, or the Maginot Line, doomed to failure because its designers didn't grasp the significance of defending against an army that was increasingly mobile. Successful security ultimately depends not only on building a strong defense, but understanding the tactics of those you would defend against. Wireless networks are fraught with new security challenges for users and network administrators alike. The lack of physical security, access to free auditing tools that double as attack tools, and the ability to monitor traffic without being noticed make wireless networks an easy target for malicious users. In O'Reilly's just-released 802.11 Security (US $34.95), authors Bruce Potter and Bob Fleck tackle the issues unique to wireless networking, covering the areas of risk and potential attack and the tools that can be used to successfully defend against them.
"The phrase 'wireless security' is considered by some to be an oxymoron," say Potter and Fleck. "How can a system with no physical security hope to facilitate secure data transport? Well, with careful planning and configuration, a wireless network can protect itself from many types of attacks and become almost as secure as its wired counterpart. 802.11 can be deployed with various security mechanisms to provide robust, mobile, and hardened network infrastructure."
802.11 is a family of four specifications for wireless local area networks, or WLANs, developed as open standards by the IEEE (Institute of Electrical and Electronics Engineers). Among them, 802.11b, or "Wi-Fi," is the wireless standard that most companies are adopting. In "802.11 Security" Potter and Fleck begin by explaining the underlying structure of the 802.11 protocol, the risks associated with deploying and using a wireless network, and how attackers will attempt to exploit inherent weak spots.
Once readers understand the fundamentals, the book discusses the challenges of Wireless Access Points (WAP), bandwidth stealing, and the problematic Wired Equivalent Privacy component of 802.11. The authors detail the technical setup instructions using a "from the edge to the core" concept. This begins with secure access points for client use, moves to secure configuration of the network's IP gateway, then zooms back out for a discussion of security solutions that involves many parts of the network, including end-to-end security. Readers will learn how to configure a wireless client and to set up a WAP using either Linux or FreeBSD. They'll also find thorough information on controlling network access and encrypting client traffic.
Readers will be able to use this book as a roadmap to deploy a wireless network, from the client to the access point to the gateway. The book provides practical solutions for all major components of an 802.11 network, with station security configurations for many operating systems, including Linux, FreeBSD, OpenBSD, Mac OS X, and Windows. Real world networks contain many different operating systems, and this book will give readers the tools to secure whatever is thrown their way.
"802.11 Security" also covers:
- Securing access points
- Gateway security
- SNMP monitoring
- Denial of Service and Man-in-the-Middle attacks
- VPN configuring and 802.1x, an authentication and authorization protocol that will become more important in future wireless network deployments
"802.11 Security" is a book whose time has come. If you are a network, security, or systems engineer, or interested in deploying 802.11b-based systems, you'll want this book beside you every step of the way.
"802.11 Security" is also available on the O'Reilly Network Safari Bookshelf
Chapter 7, Mac OS X Station Security is available free online