Table of Contents

Foreword

Chapter 1 The Wireless Challenge

Introduction

Wireless Technology Overview

Defining Cellular-based Wireless

Defining the Wireless LAN

The Convergence of Wireless Technologies

Trends and Statistics

Understanding the Promise of Wireless

Wireless Networking

Understanding the Benefits of Wireless

Convenience

Affordability

Speed

Aesthetics

Productivity

Facing the Reality of Wireless Today

Standards Conflicts

Commercial Conflicts

Market Adoption Challenges

The Limitations of “Radio”

The Limitations of Wireless Security

Examining the Wireless Standards

Cellular-based Wireless Networks

Wireless LAN Networks

Understanding Public Key Infrastructures and Wireless Networking

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 A Security Primer

Introduction

Understanding Security Fundamentals and Principles of Protection

Ensuring Confidentiality

Ensuring Integrity

Ensuring Availability

Ensuring Privacy

Ensuring Authentication

Ensuring Authorization

Ensuring Non-repudiation

Accounting and Audit Trails

Using Encryption

Reviewing the Role of Policy

Identifying Resources

Understanding Classification Criteria

Implementing Policy

Recognizing Accepted Security and Privacy Standards

Reviewing Security Standards

Reviewing Privacy Standards and Regulations

Addressing Common Risks and Threats

Experiencing Loss of Data

Experiencing Denial and Disruption of Service

Eavesdropping

Preempting the Consequences of an Organization’s Loss

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Wireless Network

Architecture and Design

Introduction

Fixed Wireless Technologies

Multichannel Multipoint Distribution Service

Local Multipoint Distribution Services

Wireless Local Loop

Point-to-Point Microwave

Wireless Local Area Networks

Why the Need for a Wireless LAN Standard?

Developing WLANs through the 802.11 Architecture

The Basic Service Set

The Extended Service Set

The CSMA-CA Mechanism

Configuring Fragmentation

Using Power Management Options

Multicell Roaming

Security in the WLAN

Developing WPANs through the 802.15 Architecture

Bluetooth

HomeRF

High Performance Radio LAN

Mobile Wireless Technologies

First Generation Technologies

Second Generation Technologies

2.5G Technology

Third Generation Technologies

Wireless Application Protocol

Global System for Mobile Communications

General Packet Radio Service

Short Message Service

Optical Wireless Technologies

Exploring the Design Process

Conducting the Preliminary Investigation

Performing Analysis of the Existing Environment

Creating a Preliminary Design

Finalizing the Detailed Design

Executing the Implementation

Capturing the Documentation

Creating the Design Methodology

Creating the Network Plan

Developing the Network Architecture

Reviewing and Validating the Planning Phase

Creating a High-Level Topology

Creating a Collocation Architecture

Defining the High-Level Services

Formalizing the Detailed Design Phase

Understanding Wireless Network Attributes from a Design Perspective

Application Support

Physical Landscape

Network Topology

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 Common Attacks and Vulnerabilities

Introduction

The Weaknesses in WEP

Criticisms of the Overall Design

Weaknesses in the Encryption Algorithm

Weaknesses in Key Management

Weaknesses in User Behavior

Conducting Reconnaissance

Finding a Target

Finding Weaknesses in a Target

Exploiting Those Weaknesses

Sniffing, Interception, and Eavesdropping

Defining Sniffing

Sample Sniffing Tools

Sniffing Case Scenario

Protecting Against Sniffing and Eavesdropping

Spoofing and Unauthorized Access

Defining Spoofing

Sample Spoofing Tools

Spoofing Case Scenario

Protecting Against Spoofing and Unauthorized Attacks

Network Hijacking and Modification

Defining Hijacking

Sample Hijacking Tools

Hijacking Case Scenario

Protection against Network Hijacking and Modification

Denial of Service and Flooding Attacks

Defining DoS and Flooding

Sample DoS Tools

DoS and Flooding Case Scenario

Protecting Against DoS and Flooding Attacks

The Introduction of Malware

Stealing User Devices

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 Wireless Security Countermeasures

Introduction

Revisiting Policy

Addressing the Issues with Policy

Analyzing the Threat

Threat Equals Risk Plus Vulnerability

Designing and Deploying a Secure Network

Implementing WEP

Defining WEP

Creating Privacy with WEP

The WEP Authentication Process

WEP Benefits and Advantages

WEP Disadvantages

The Security Implications of Using WEP

Implementing WEP on the Aironet

Implementing WEP on the ORiNOCO AP-1000

Securing a WLAN with WEP: A Case Scenario

Filtering MACs

Defining MAC Filtering

MAC Benefits and Advantages

MAC Disadvantages

Security Implications of MAC Filtering

Implementing MAC Filters on the AP-1000

Implementing MAC Filters on the Aironet 340

Filtering MAC Addresses: A Case Scenario

Filtering Protocols

Defining Protocol Filters

Protocol Filter Benefits and Advantages

Protocol Filter Disadvantages

Security Implications of Using Protocol Filters

Using Closed Systems and Networks

Defining a Closed System

Closed System Benefits and Advantages

Closed System Disadvantages

Security Implications of Using a Closed System

A Closed Environment on a Cisco Aironet Series AP

A Closed Environment on an ORiNOCO AP-1000

Implementing a Closed System: A Case Scenario

Enabling WEP on the ORiNOCO Client

Allotting IPs

Defining IP Allocation on the WLAN

Deploying IP over the WLAN: Benefits and Advantages

Deploying IP over the WLAN: Disadvantages

Security Implications of Deploying IP over the WLAN

Deploying IP over the WLAN: A Case Scenario

Using VPNs

VPN Benefits and Advantages

VPN Disadvantages

Security Implications of Using a VPN

Layering Your Protection Using a VPN

Utilizing a VPN:A Case Scenario

Securing Users

End User Security Benefits and Advantages

End User Security Disadvantages

User Security: A Case Scenario

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6 Circumventing Security Measures

Introduction

Planning and Preparations

Finding a Target

Detecting an Open System

Detecting a Closed System

Exploiting WEP

Security of 64-bit versus 128-bit Keys

Acquiring a WEP Key

War Driving

What Threat Do These “Open Networks” Pose to Network Security?

Stealing User Devices

What Are the Benefits of Device Theft?

MAC Filtering

Determining MAC Filtering Is Enabled

MAC Spoofing

Bypassing Advanced Security Mechanisms

Firewalls

What Happens Now?

Exploiting Insiders

Installing Rogue Access Points

Where Is the Best Location for a Rogue AP?

Configuring the Rogue AP

Risks Created by a Rogue AP

Are Rogue APs Detectable?

Exploiting VPNs

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7 Monitoring and Intrusion Detection

Introduction

Designing for Detection

Starting with a Closed Network

Ruling Out Environmental Obstacles

Ruling Out Interference

Defensive Monitoring Considerations

Availability and Connectivity

Monitoring for Performance

Intrusion Detection Strategies

Integrated Security Monitoring

Popular Monitoring Products

Conducting Vulnerability Assessments

Incident Response and Handling

Policies and Procedures

Reactive Measures

Reporting

Cleanup

Prevention

Conducting Site Surveys for Rogue Access Points

The Rogue Placement

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8 Auditing

Introduction

Designing and Planning a Successful Audit

Types of Audits

When to Perform an Audit

Auditing Activities

Auditing Tools

Critical Auditing Success Factors

Defining Standards

Standards

Guidelines

Best Practices

Policies

Procedures

Auditing, Security Standards, and Best Practices

Corporate Security Policies

Auditing Charters and Irregularities

Establishing the Audit Scope

Establishing the Documentation Process

Performing the Audit

Auditors and Technologists

Obtaining Support from IS/IT Departments

Gathering Data

Analyzing Audit Data

Matrix Analysis

Recommendations Reports

Generating Audit Reports

The Importance of Audit Report Quality

Writing the Audit Report

Final Thoughts on Auditing

Sample Audit Reports

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 9 Case Scenarios

Introduction

Implementing a Non-secure Wireless Network

Implementing an Ultra-secure Wireless LAN

Physical Location and Access

Configuring the AP

Designing Securely

Securing by Policy

Taking a War Drive

Scouting Your Location

Installing in Difficult Situations

Developing a Wireless Security Checklist

Minimum Security

Moderate Security

Optimal Security

Summary

Solutions Fast Track

Frequently Asked Questions

Appendix: Hack Proofing Your Wireless Network Fast Track

Index