Wireless Security and Privacy: Best Practices and Design Techniques

Overview

As wireless technology emerges into the mainstream of the networking and communications markets, the wireless development community has a unique opportunity to be proactive, rather than reactive, in its approach to security. At this early point in the wireless industry, developers can anticipate future security needs and integrate security considerations into every stage of the development process. Wireless ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (11) from $5.00   
  • New (2) from $74.50   
  • Used (9) from $5.00   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$74.50
Seller since 2014

Feedback rating:

(273)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$105.00
Seller since 2014

Feedback rating:

(164)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

As wireless technology emerges into the mainstream of the networking and communications markets, the wireless development community has a unique opportunity to be proactive, rather than reactive, in its approach to security. At this early point in the wireless industry, developers can anticipate future security needs and integrate security considerations into every stage of the development process. Wireless Security and Privacy shows developers how to take advantage of this exceptional opportunity.

Written for wireless development professionals new to security, as well as security professionals moving into the wireless arena, this book presents the foundation upon which to design and develop secure wireless systems. It looks in depth at the key issues faced by those who develop wireless devices and applications, describes the technology and tools that are now available, and offers a proven methodology for designing a comprehensive wireless risk management solution.

In particular, Wireless Security and Privacy documents the I-ADD process, which offers a standardized, systematic approach for identifying targets, analyzing vulnerabilities, defining strategies, and designing security into the entire development lifecycle of a wireless system.

The book also examines such important topics as:

  • Fundamental wireless and security principles
  • Specific wireless technologies, including 802.11b, Bluetooth, and WAP
  • The security implications of the architecture of PDAs, cell phones, and wireless network cards for laptops
  • The security shortcomings of wireless development languages
  • Development of a riskmodel for a wireless system
  • Cryptography essentials
  • The role of COTS products in a comprehensive security solution
  • Privacy policy and legal issues
  • Analysis of known and theoretical attacks
  • Security, financial, and functionality tradeoffs

Several case studies run throughout the book, illustrating the application of important concepts, techniques, strategies, and models.

In all, this practical guidebook builds a framework for understanding the present and future of wireless security and offers the specific security strategies and methodologies that are critical for success in this fast-moving market.



Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
Everyone loves wireless -- especially hackers. It’s terrifying how insecure many wireless systems are “out of the box.” Fortunately, many of tomorrow’s most important wireless systems haven’t been built yet. It’s not too late to dramatically improve their security. This book will show you how.

The authors go far beyond the reactive “penetrate and patch” cycle that plagues current wired and wireless systems. Instead, they present a complete methodology for identifying potential vulnerabilities, analyzing mitigations and protections, and designing the best solutions into systems upfront, when they can do the most good. Much of this coverage takes the form of “whiteboard exercises” in which you systematically identify exactly what must be protected in each of six high-level wireless system components, and exactly whom it must be protected from.

The book presents security-oriented discussions of each key wireless platform, device, and development language -- including 802.11b, Bluetooth, WAP, PDAs, cell phones, and J2ME. With healthy skepticism, the authors also explore what can and can’t be accomplished with cryptography, or with commercial off-the-shelf solutions such as VPNs and biometrics.

The authors have implemented wireless and wired security for leading financial institutions -- as well as the U.S. Department of Justice and the CIA. Whether you’re a wireless systems developer, a security professional, or a business decision maker who wants to ask the right questions before committing to new wireless technologies, they can help you, too. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

From The Critics
Introduces a method for developing a security analysis process called I-ADD that involves four steps: identify targets and players, analyze attacks and vulnerabilities, define a strategy, and design security in from the start. The book also overviews the wireless application protocol, Bluetooth, types of wireless devices, cryptographic methods, virtual private networks, and tunneling. Annotation c. Book News, Inc., Portland, OR
Read More Show Less

Product Details

  • ISBN-13: 9780201760347
  • Publisher: Pearson Education
  • Publication date: 9/13/2002
  • Pages: 276
  • Product dimensions: 7.36 (w) x 9.24 (h) x 0.73 (d)

Read an Excerpt

"It's not the destination that makes the man, it's the journey."

This book provides wireless and security professionals a foundation upon which to design secure wireless systems. Most security problems are handled reactively rather than proactively; this does not have to be the case for wireless security. Over the past decade, advances in software development have outpaced advances in software security. Wireless technology—still in its infancy—affords the opportunity for proactive security that keeps pace with development.

This book is intended for three types of readers:

  1. Security experts interested in learning about wireless issues;
  2. Wireless experts interested in security issues; and
  3. Business professionals and consumers generally interested in wireless security.

It will focus on the practices and methodology required to establish comprehensive wireless security. Wireless application developers, wireless device users, service providers and security professionals are among those who will benefit from the information and analysis presented.

The message presented in this book differs greatly from those offered by most other security texts, which are typically dedicated to dissecting attacks and retroactively presenting lessons learned. Their message is: "Security should have been a priority from the beginning." In this book, the message is: "It's not too late."

In the wired Internet world, applications are released at breakneck speed while security measures lag far behind. Security is considered an isolated step, taken only when time permits. Wireless or wired,applications are pieces of software. Wireless developers can apply certain lessons the wired development community has learned about software security. Secure software practices are an important first step toward building secure systems. When security is taken into consideration before wireless applications become widely available, the myriad problems that occurred with wired applications may be avoided. Provisions for security must be developed throughout the lifecycles of wireless applications and systems.

Since development teams and businesses have not focused sufficiently on security, software applications, e-business opportunities, revenues and reputations have suffered. It is no accident that phrases such as, "Internet time," have taken hold. The pace with which new technologies are developed is increasing at an exponential rate. Hardware and software capabilities, communications speeds, and pervasiveness within society have changed the face of IT. Developers, architects and industry analysts could not have predicted with any degree of certainty the extent to which the wired industry would develop.

If wireless trends mirror current software trends, it is likely wireless applications and services will become as commonplace as desktop Internet applications. While the world waits for wireless devices and infrastructure to develop and deliver the capabilities of desktop hardware and wired networks, security professionals and wireless architects have a unique opportunity to coordinate their efforts and direct trends in the wireless world. Developers have the responsibility to design secure wireless applications. This can be accomplished only if efforts commence immediately. Software security best practices can help guide the development of effective wireless applications.

It is almost impossible to overestimate the amount of time and money that will be saved if wireless security is set forth as a guiding tenet of wireless architecture. Security will become a best practice that cannot be ignored and a critical element of all application development, with or without wires. Confining security to a single module and considering it only after market (or not considering it at all) should be unthinkable. Security is a process. As such, it must begin in the first stages of design and continue throughout the development cycle. Security must also be constantly re-evaluated, even after an application's release.

When the wired Internet first emerged, its primary uses were research and development. Once applications began appearing on the market, they were intensely popular and mushroomed in scope and number. Application security, unfortunately, did not have an opportunity to keep pace. Wireless Internet on PDAs will not begin in the same fashion. Rather, it will be used in its early stages for delivering service-oriented, timesaving applications. Most existing wireless applications fall into that very category. The most popular versions of applications accessed through desktop browsers will be available in lightweight versions. Research will not be the primary focus, as consumers demand robust, convenient applications on wireless devices.

The message of this book bears repeating: "it's not too late." However, it seems appropriate to conclude the message with its second half: "the time to start is now."

The wireless industry has been afforded a luxury that was unavailable to the wired industry: precedence turned into foresight. The catch? Consumers now share this same foresight. Consumers are increasingly aware of the risks they assume in using wired and wireless applications. They have been burned in the wired world and will not be cavalier in their use of wireless applications. Wireless developers must be able to convincingly sell their products based upon the merits of usability, security, privacy and reliability. Having verifiable security measures built into a product will give it a competitive differentiator. Applications that cannot sufficiently prove their security will quickly become obsolete. Today's wireless application developers must understand that security will soon become a consumer mandate.

Investigation into security practices cannot stop at applications, however. Wireless devices, networks and applications warrant close examination so that problems can be predicted and prevented.

This book is divided into four sections: Introductory Topics, Know your system, Protect your system, Develop a security model. The last three represent the three phases involved in architecting a robust security solution.

Part I: Introductory Topics

Chapter 1 Wireless Essentials

This chapter introduces the general principles governing wireless issues today. Wireless experts may find they do not need this review. If you choose to skim or skip this chapter, however, you should read the case studies at the very end as they are carried throughout the entire text. The chapter presents a high-level overview of wireless issues and technologies with the intent of familiarizing the reader with topics essential in understanding the rest of the book.

Chapter 2 Security Principles

This chapter introduces general security practices. Security experts can skim this if they feel comfortable with its content. The chapter introduces common industry concepts to the extent a reader must grasp in order to follow the rest of the book. These key principles are important for understanding more complex processes introduced later in the text. In this chapter we introduce a method for developing a security analysis process called I-ADD. This process is based on industry practices but standardizes and organizes the approach. I-ADD is fleshed out in Chapter 9.

Part II: Know Your System

After the two introductory chapters, the book will complete its goal of providing the necessary components for developing appropriate security thinking. It is important to be mindful of security throughout an entire development process. There are several standard—but often ignored—security principles that apply to the wired Internet world that hold important implications for the wireless world. The book presents general security principles and their direct applications for wireless concepts.

Know your system presents the first essential step in developing appropriate wireless security practices. This section puts its message into action by introducing the concepts that must be investigated when developing a secure system. Technologies, devices and languages will be discussed so that they may then be woven into a security framework.

Chapter 3 Technologies

Chapter 3 takes the reader through the first phase of our process by presenting detailed information wireless technologies such as 802.11b, Bluetooth and WAP. Each technology falls in a different place on the wireless technology spectrum and has its own security implications. It is important in the initial phases of developing a comprehensive security solution to know the ins and outs of all components. This chapter shows the reader what type of information is important to know about wireless technology by presenting the information necessary to know about certain technologies.

Chapter 4 Devices

Much in the same fashion as Chapter 3, this chapter delves into physical and logical aspects of wireless devices. PDAs, cell phones and laptops with wireless network cards are investigated to a certain extent. As part of the Know Your System section, it teaches the reader what intricacies of devices have impacts on security solutions. Specific devices are investigated and general recommendations are made. Security implementations must investigate the specific devices and client software on the devices that could affect security in any way. This chapter introduces some but pursuant to its goal of teaching a process not just a static solution, it educates the reader on the types of device issues that have to be considered in developing a comprehensive security package.

Chapter 5 Languages

Chapter 5 is more technical than its two predecessors. Project managers using this book to guide a security implementation may want to hand this chapter off to a developer or development team lead. The chapter will not make the reader an expert wireless developer but shows the reader those components of wireless development languages that have effects on security implementations. essential in any wireless project to have a team member designated the language expert. The language expert should know the security implications of the language backwards and forwards. This chapter helps get the language expert on her way. The languages discussed are presented in light of their potential security downfalls. Mitigations are suggested and implementations are not complete without consulting this chapter.

Part III: Protect Your System

Protect your system presents the intermediary step in the security process: developing a risk model. This allows a person with knowledge of a system to decide how best to protect it. By outlining the roles associated with a system, its threats, vulnerabilities and attacks, a robust plan can be developed. The threat model developed will help integrate security throughout a system's development lifecycle.

Protect your system discusses technologies or procedures that impact wireless systems. While these technologies or procedures may not be directly applicable to any particular architecture or system, the information is provided as an indication of the type of issues and add-ons which may be considered in mitigating security risks.

Chapter 6 Cryptography

In many cases, cryptography is erroneously confused with total security. If cryptography is not understood properly, it can be assumed to accomplish far too much or far too little. This chapter serves as an introduction to applied cryptography. Its purpose is to inform the reader of basic cryptographic principles that should be understood in developing a wireless security solution. This chapter is more technical than others but provides an introductory view for the layperson. It is important to be able to use cryptography as a component of a security solution without making the mistake of thinking that simply encrypting wireless network traffic will solve all security problems.

Chapter 7 COTS

Commercial Off The Shelf products are another trap into which we sometimes fall when looking for security. COTS products offer a false sense of security in some cases. They should be used when necessary and can offer a partial security solution but they should be understood first and used with a great deal of care. This chapter investigates some popular wireless industry COTS products and examines how they can fit into protecting a wireless application or system.

Chapter 8 Privacy

No discussion of security is complete without consideration of privacy. Although distinct entities, the two are intertwined in many ways. This chapter will teach the wireless and security professional about the privacy policy and legal issues surrounding wireless technology security at the present time. It is essential to understand the policies under which you are developing a security solution. Furthermore it is good solid business practice to understand the privacy concerns of consumers and be able to accommodate changing needs of a wireless user population.

Part IV: I-ADD

Chapter 9 Identify

The concepts governing wireless security issues are neither new nor distinct from those governing wired issues. In both cases several steps are involved. First, threats must be assessed, second, risk must be determined, third vulnerabilities should be analyzed and finally a plan for designing ac three steps should be developed. The I-ADD process introduced in Chapter 2 is flushed out in this chapter and proceeds as follows:

  • Identify (Roles and Targets)
  • Analyze (Known Attacks, Vulnerabilities, and Theoretical Attacks generating Mitigations and Protections)
  • Define (Strategy for Security mindful of Security/Functionality/Management tradeoffs), and
  • Design (Security in from the start)

Chapter 10 Analyze (Attacks and Vulnerabilities)

Once Roles and Targets have been identified, known attacks, vulnerabilities, and theoretical attacks are analyzed. This analysis examines how these threats affect the resources we want to protect. From this analysis potential mitigation techniques and protections mechanisms are determined.

Chapter 11 Analyze (Mitigations and Protections)

This is where the security plan develops and it's also the culmination of our investigation. Mitigations are implemented against risks and a robust system ensues. Although the most daunting part of the overall picture, developing the security model falls into place once you understand the framework, the threats against it and how to protect it. We systematically proceed through the threat model already developed and discuss how to build security into places where we have found holes.

Chapter 12 Define & Design

Inevitably there are decisions you will have to make; trade-offs that will be difficult. This chapter revisits our case studies, applies a security model to each and discusses what components of a security system are necessary based on what needs to be prot study. We apply all of the concepts taught in the book and come up with solutions for our cases.

After reading this book, readers should have a solid understanding of the technical basics of security and wireless issues. In addition, readers should know the process for developing reliable security models in wireless systems based on a process that includes learning a system, assessing its risks and developing an appropriate security model. Situations will arise in which security and functionality tradeoffs are necessary. Those decision makers armed with a full understanding of the risks involved will have a distinct advantage. Should business requirements dictate that certain vulnerabilities remain unmitigated, appropriate contingency plans may be developed. In the event of a system compromise, business can continue as usual since security was an integral part of the system's development. Uninformed counterparts, however, will likely be busy fighting fires and attempting to force security measures into their existing infrastructures.



Read More Show Less

Table of Contents

Foreword
Preface
About the Authors
Acknowledgments
Pt. I Establish a Foundation
1 Wireless Technologies 3
2 Security Principles 21
Pt. II Know Your System
3 Technologies 39
4 Devices 63
5 Languages 75
Pt. III Protect Your System
6 Cryptography 99
7 COTS 133
8 Privacy 149
Pt. IV I-Add
9 Identify Targets and Roles 165
10 Analyze Attacks and Vulnerabilities 187
11 Analyze Mitigations and Protections 205
12 Define and Design 233
Afterword: The Future of Wireless Security 247
Bibliography 249
Index 257
Read More Show Less

Preface

"It's not the destination that makes the man, it's the journey."

This book provides wireless and security professionals a foundation upon which to design secure wireless systems. Most security problems are handled reactively rather than proactively; this does not have to be the case for wireless security. Over the past decade, advances in software development have outpaced advances in software security. Wireless technology—still in its infancy—affords the opportunity for proactive security that keeps pace with development.

This book is intended for three types of readers:

  1. Security experts interested in learning about wireless issues;
  2. Wireless experts interested in security issues; and
  3. Business professionals and consumers generally interested in wireless security.

It will focus on the practices and methodology required to establish comprehensive wireless security. Wireless application developers, wireless device users, service providers and security professionals are among those who will benefit from the information and analysis presented.

The message presented in this book differs greatly from those offered by most other security texts, which are typically dedicated to dissecting attacks and retroactively presenting lessons learned. Their message is: "Security should have been a priority from the beginning." In this book, the message is: "It's not too late."

In the wired Internet world, applications are released at breakneck speed while security measures lag far behind. Security is considered an isolated step, taken only when time permits. Wireless or wired, applicationsare pieces of software. Wireless developers can apply certain lessons the wired development community has learned about software security. Secure software practices are an important first step toward building secure systems. When security is taken into consideration before wireless applications become widely available, the myriad problems that occurred with wired applications may be avoided. Provisions for security must be developed throughout the lifecycles of wireless applications and systems.

Since development teams and businesses have not focused sufficiently on security, software applications, e-business opportunities, revenues and reputations have suffered. It is no accident that phrases such as, "Internet time," have taken hold. The pace with which new technologies are developed is increasing at an exponential rate. Hardware and software capabilities, communications speeds, and pervasiveness within society have changed the face of IT. Developers, architects and industry analysts could not have predicted with any degree of certainty the extent to which the wired industry would develop.

If wireless trends mirror current software trends, it is likely wireless applications and services will become as commonplace as desktop Internet applications. While the world waits for wireless devices and infrastructure to develop and deliver the capabilities of desktop hardware and wired networks, security professionals and wireless architects have a unique opportunity to coordinate their efforts and direct trends in the wireless world. Developers have the responsibility to design secure wireless applications. This can be accomplished only if efforts commence immediately. Software security best practices can help guide the development of effective wireless applications.

It is almost impossible to overestimate the amount of time and money that will be saved if wireless security is set forth as a guiding tenet of wireless architecture. Security will become a best practice that cannot be ignored and a critical element of all application development, with or without wires. Confining security to a single module and considering it only after market (or not considering it at all) should be unthinkable. Security is a process. As such, it must begin in the first stages of design and continue throughout the development cycle. Security must also be constantly re-evaluated, even after an application's release.

When the wired Internet first emerged, its primary uses were research and development. Once applications began appearing on the market, they were intensely popular and mushroomed in scope and number. Application security, unfortunately, did not have an opportunity to keep pace. Wireless Internet on PDAs will not begin in the same fashion. Rather, it will be used in its early stages for delivering service-oriented, timesaving applications. Most existing wireless applications fall into that very category. The most popular versions of applications accessed through desktop browsers will be available in lightweight versions. Research will not be the primary focus, as consumers demand robust, convenient applications on wireless devices.

The message of this book bears repeating: "it's not too late." However, it seems appropriate to conclude the message with its second half: "the time to start is now."

The wireless industry has been afforded a luxury that was unavailable to the wired industry: precedence turned into foresight. The catch? Consumers now share this same foresight. Consumers are increasingly aware of the risks they assume in using wired and wireless applications. They have been burned in the wired world and will not be cavalier in their use of wireless applications. Wireless developers must be able to convincingly sell their products based upon the merits of usability, security, privacy and reliability. Having verifiable security measures built into a product will give it a competitive differentiator. Applications that cannot sufficiently prove their security will quickly become obsolete. Today's wireless application developers must understand that security will soon become a consumer mandate.

Investigation into security practices cannot stop at applications, however. Wireless devices, networks and applications warrant close examination so that problems can be predicted and prevented.

This book is divided into four sections: Introductory Topics, Know your system, Protect your system, Develop a security model. The last three represent the three phases involved in architecting a robust security solution.

Part I: Introductory Topics

Chapter 1 Wireless Essentials

This chapter introduces the general principles governing wireless issues today. Wireless experts may find they do not need this review. If you choose to skim or skip this chapter, however, you should read the case studies at the very end as they are carried throughout the entire text. The chapter presents a high-level overview of wireless issues and technologies with the intent of familiarizing the reader with topics essential in understanding the rest of book.

Chapter 2 Security Principles

This chapter introduces general security practices. Security experts can skim this if they feel comfortable with its content. The chapter introduces common industry concepts to the extent a reader must grasp in order to follow the rest of the book. These key principles are important for understanding more complex processes introduced later in the text. In this chapter we introduce a method for developing a security analysis process called I-ADD. This process is based on industry practices but standardizes and organizes the approach. I-ADD is fleshed out in Chapter 9.

Part II: Know Your System

After the two introductory chapters, the book will complete its goal of providing the necessary components for developing appropriate security thinking. It is important to be mindful of security throughout an entire development process. There are several standard—but often ignored—security principles that apply to the wired Internet world that hold important implications for the wireless world. The book presents general security principles and their direct applications for wireless concepts.

Know your system presents the first essential step in developing appropriate wireless security practices. This section puts its message into action by introducing the concepts that must be investigated when developing a secure system. Technologies, devices and languages will be discussed so that they may then be woven into a security framework.

Chapter 3 Technologies

Chapter 3 takes the reader through the first phase of our process by presenting detailed information on wireless technologies such as 802.11 and WAP. Each technology falls in a different place on the wireless technology spectrum and has its own security implications. It is important in the initial phases of developing a comprehensive security solution to know the ins and outs of all components. This chapter shows the reader what type of information is important to know about wireless technology by presenting the information necessary to know about certain technologies.

Chapter 4 Devices

Much in the same fashion as Chapter 3, this chapter delves into physical and logical aspects of wireless devices. PDAs, cell phones and laptops with wireless network cards are investigated to a certain extent. As part of the Know Your System section, it teaches the reader what intricacies of devices have impacts on security solutions. Specific devices are investigated and general recommendations are made. Security implementations must investigate the specific devices and client software on the devices that could affect security in any way. This chapter introduces some but pursuant to its goal of teaching a process not just a static solution, it educates the reader on the types of device issues that have to be considered in developing a comprehensive security package.

Chapter 5 Languages

Chapter 5 is more technical than its two predecessors. Project managers using this book to guide a security implementation may want to hand this chapter off to a developer or development team lead. The chapter will not make the reader an expert wireless developer but shows the reader those components of wireless development languages that have effects on security implementations. It is essential in any wireless project to have member designated the language expert. The language expert should know the security implications of the language backwards and forwards. This chapter helps get the language expert on her way. The languages discussed are presented in light of their potential security downfalls. Mitigations are suggested and implementations are not complete without consulting this chapter.

Part III: Protect Your System

Protect your system presents the intermediary step in the security process: developing a risk model. This allows a person with knowledge of a system to decide how best to protect it. By outlining the roles associated with a system, its threats, vulnerabilities and attacks, a robust plan can be developed. The threat model developed will help integrate security throughout a system's development lifecycle.

Protect your system discusses technologies or procedures that impact wireless systems. While these technologies or procedures may not be directly applicable to any particular architecture or system, the information is provided as an indication of the type of issues and add-ons which may be considered in mitigating security risks.

Chapter 6 Cryptography

In many cases, cryptography is erroneously confused with total security. If cryptography is not understood properly, it can be assumed to accomplish far too much or far too little. This chapter serves as an introduction to applied cryptography. Its purpose is to inform the reader of basic cryptographic principles that should be understood in developing a wireless security solution. This chapter is more technical than others but provides an introductory view for the layperson. It is important to be able use cryptography as a component of a security solution without making the mistake of thinking that simply encrypting wireless network traffic will solve all security problems.

Chapter 7 COTS

Commercial Off The Shelf products are another trap into which we sometimes fall when looking for security. COTS products offer a false sense of security in some cases. They should be used when necessary and can offer a partial security solution but they should be understood first and used with a great deal of care. This chapter investigates some popular wireless industry COTS products and examines how they can fit into protecting a wireless application or system.

Chapter 8 Privacy

No discussion of security is complete without consideration of privacy. Although distinct entities, the two are intertwined in many ways. This chapter will teach the wireless and security professional about the privacy policy and legal issues surrounding wireless technology security at the present time. It is essential to understand the policies under which you are developing a security solution. Furthermore it is good solid business practice to understand the privacy concerns of consumers and be able to accommodate changing needs of a wireless user population.

Part IV: I-ADD

Chapter 9 Identify

The concepts governing wireless security issues are neither new nor distinct from those governing wired issues. In both cases several steps are involved. First, threats must be assessed, second, risk must be determined, third vulnerabilities should be analyzed and finally a plan for designing accordingly based on the first three steps should be developed. The I-ADD Chapter 2 is flushed out in this chapter and proceeds as follows:

  • Identify (Roles and Targets)
  • Analyze (Known Attacks, Vulnerabilities, and Theoretical Attacks generating Mitigations and Protections)
  • Define (Strategy for Security mindful of Security/Functionality/Management tradeoffs), and
  • Design (Security in from the start)

Chapter 10 Analyze (Attacks and Vulnerabilities)

Once Roles and Targets have been identified, known attacks, vulnerabilities, and theoretical attacks are analyzed. This analysis examines how these threats affect the resources we want to protect. From this analysis potential mitigation techniques and protections mechanisms are determined.

Chapter 11 Analyze (Mitigations and Protections)

This is where the security plan develops and it's also the culmination of our investigation. Mitigations are implemented against risks and a robust system ensues. Although the most daunting part of the overall picture, developing the security model falls into place once you understand the framework, the threats against it and how to protect it. We systematically proceed through the threat model already developed and discuss how to build security into places where we have found holes.

Chapter 12 Define & Design

Inevitably there are decisions you will have to make; trade-offs that will be difficult. This chapter revisits our case studies, applies a security model to each and discusses what components of a security system are necessary based on what needs to be protected in each case study. We apply all of the concepts taught in solutions for our cases.

After reading this book, readers should have a solid understanding of the technical basics of security and wireless issues. In addition, readers should know the process for developing reliable security models in wireless systems based on a process that includes learning a system, assessing its risks and developing an appropriate security model. Situations will arise in which security and functionality tradeoffs are necessary. Those decision makers armed with a full understanding of the risks involved will have a distinct advantage. Should business requirements dictate that certain vulnerabilities remain unmitigated, appropriate contingency plans may be developed. In the event of a system compromise, business can continue as usual since security was an integral part of the system's development. Uninformed counterparts, however, will likely be busy fighting fires and attempting to force security measures into their existing infrastructures.



Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)