Trusted SF Member
Joined: 26 May 2002
Location: Bi Mon Sci Fi Con
|Posted: Thu Oct 09, 2003 3:45 pm Post subject: Book Review - Wireless Security & Privacy
Wireless Security and Privacy
Best Practices and Design Techniques
Authors: Tara M. Swaminatha and Charles R. Elden
Publisher: Addison Wesley
Read Online: Wireless Security and Privacy
Book Specifications: Softcover, 304 pages
Category: Wireless and security concepts
User Level: Some prior knowledge of wireless technology and/or security concepts would be advantageous
Suggested Publisher Price: 39.99 USD, 62.99 CAN
Amazon.co.uk: Wireless Security and Privacy
Amazon.com: Wireless Security and Privacy
From the back cover: "The trick to sound security is to begin early, know your threats,... design for security, and subject your design to thorough objective risk analyses and testing. This book will help."
Wireless is the new player on the networking block and as such brings a whole new set of security issues. This book tries to bring awareness of the current wireless technologies and security principles to a target audience of wireless and security professionals.
Donít think this is purely about wireless LANs though. Wireless technology stretches from the cellphone in your pocket, through Bluetooth, Blackberry, and 802.11 all of which have their unique attributes and vulnerabilities.
Split into four sections each concentrating on a different area of security, there appears to be a small degree of repetition between some of the underlying chapters but this is easily explained as there is plenty of crossover between sections, and the authors have done well to keep the repetition to a minimum.
Being a small book it doesn't delve too deeply into each section but there is a good broad base of knowledge provided and, as you can see from the layout of the sections, there is a logical progression from establishing principles, through analysis and understanding of the systems involved, to case studies and designing solutions.
Establish a Foundation
Chapter 1 - Wireless Technologies - general principles of modern wireless communication
Chapter 2 - Security Principles - general security practises and concepts
Know your System
Chapter 3 - Technologies - the differring wireless technologies currently available - Bluetooth, WAP, 802.11
Chepter 4 - Devices - the physical and logical aspects of wireless devices - Cellphone, PDA, Blackberry, Laptop
Chapter 5 - Languages - detail of two wireless development languages WAP and J2ME
Protect your System
Chapter 6 - Cryptography - cryptographic principles and techniques - primitives, symetric & assymetric, cryptographic attacks
Chapter 7 - COTS - the pros and cons of Commercial Off The Shelf products - VPN, tunnuelling, authentication systems
Chapter 8 - Privacy - legal and profesional privacy issues from US only legislation
Chapter 9 - Identify Targets and Roles - an exhaustive search for potential targets and identifying the
individuals that may attempt to compromise the identified targets
Chapter 10 - Analyze Attacks and Vulnerabilities - known attacks, vulnerabilities, and theoretical attacks
Chapter 11 - Analyze Mitigations and Protections - how to build security into the system
Chapter 12 - Define and Design - design securesolutions for the case studies
Style and Detail
This is a nice informative book. But given its size it is unable to delve as deeply into some of the topics as I would have preferred, especially the underlying technology of cellular phones (GPRS and GSM were noticeable in their absence). There are many other references available to the reader determined to find out more.
That being said it is well written in a clear easy to understand yet professional style and makes good use of diagrams to highlight areas where a prose description isn't quite adequate. The cryptography chapter is outstanding (covering the crypto basics with some excellent diagrams and some basic math for RSA, discrete logarythms, and elliptic curve) and the sections on best security principles and practises make it a worthy companion book for anyone setting out on the IT security career path even if wireless security is not your field.
I enjoyed reading this book and although it'll never make you an expert in any of the fields covered there is more than enough content to make you aware of the issues involved in deploying any wireless technology securely and give you a solid grounding in best principles and practises of security.
I just wish I had it several months ago when studying for the Security + as the two areas I had to work hardest at were wireless and cryptography.
I rate this 8/10 (the omission of GPRS & GSM cost the book a higher score)
This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.