[ISN] REVIEW: "Building Secure Wireless Networks with 802.11", Jahanzeb Khan/Anis Khwaja

From: InfoSec News (isnat_private)
Date: Wed Feb 26 2003 - 00:08:44 PST

  • Next message: InfoSec News: "[ISN] Firing Leaflets and Electrons, U.S. Wages Information War"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    
    BKBSWNW8.RVW   20030208
    
    "Building Secure Wireless Networks with 802.11", Jahanzeb Khan/Anis
    Khwaja, 2003, 0-471-23715-9, U$40.00/C$62.95/UK#29.95
    %A   Jahanzeb Khan
    %A   Anis Khwaja
    %C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
    %D   2003
    %G   0-471-23715-9
    %I   John Wiley & Sons, Inc.
    %O   U$40.00/C$62.95/UK#29.95 416-236-4433 fax: 416-236-4448
    %O  http://www.amazon.com/exec/obidos/ASIN/0471237159/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0471237159/robsladesinte-21
    %O   http://www.amazon.ca/exec/obidos/ASIN/0471237159/robsladesin03-20
    %P   330 p.
    %T   "Building Secure Wireless Networks with 802.11"
    
    As with any hot topic, there are lots of people willing (eager!) to
    tell you about the security of wireless local area networks, without
    first making sure that they really know the subject.
    
    Part one is an introduction to wireless LANs.  Chapter one is a
    history of networks, an outline of topologies (concentrating on
    cabling, interestingly enough), and a review of the TCP/IP (actually
    OSI, [Open Systems Interconnection] protocol stack.  The last page
    gives too little information for an exercise in setting up a home LAN. 
    Terms in regard to wireless technology are listed in chapter two, but
    the material is verbose without being informative.  The explanations
    given for spectrum multiplexing are unclear, and seem to be delivered
    by rote without any understanding.  The discussion does not build on
    that from chapter one to, for example, point out that ad hoc wireless
    networks are similar to bus topologies, while infrastructure networks
    are more akin to stars.  The various IEEE (Institute of Electrical and
    Electronics Engineers) 802.11 standards are listed in chapter three. 
    However, there is a great deal of material repeated from prior text
    (the discussion of spectrum is reprised almost word for word), and,
    other than some frequency and maximum bandwidth information, there is
    little additional detail.  (Repetition and duplication is rife
    throughout the book, as well as a good deal of space wasted with
    pointless figures and graphics.  On page 125 we are told that "The 40-
    bit shared key is concatenated with a 24-bit long initialization
    vector" and referred to figure 6.1.  Figure 6.1 tells us
    "Concatenated-Key = Shared-Key + IV."  Not very helpful.)  Chapter
    four is supposed to help you decide whether a wireless LAN is right
    for you, but only has some vague opining, a little content on wireless
    ISPs (Internet Service Providers: hardly suitable for LAN
    discussions), and almost no analysis or details.
    
    Part two purports to emphasize secure wireless LANs.  Chapter five has
    random topics regarding network security.  Most of it is irrelevant to
    the specific needs of wireless situations or is not discussed in terms
    of the particular needs of wireless networks.  (Physically securing
    the components of a wireless LAN has some importance in overall
    security, but may be pointless if someone driving by can take over the
    network).  Securing the IEEE 802.11 wireless LAN is not reviewed well
    in chapter six.  There is more duplication of content, few details
    about WEP (Wired Equivalent Privacy), and some clear evidence of
    misunderstanding of the base technologies.  (If you are going to talk
    about 40 bit keys at the low level, higher level security should be
    104, rather than 128, bit.  And a 128 bit key is *not* equivalent to
    64 characters, in anybody's representation.)  When security aspects
    are discussed, often they relate to issues that are beyond the control
    of the user, such as moderation of signal strength.
    
    Part three collects topics related to the building of secure wireless
    LANs.  Chapter seven is a simplistic overview of generic LAN planning. 
    Shopping for the right equipment is important, but the list of product
    specifications in chapter eight fails to address vital areas, such as
    driver availability, default key length, and the existence of default
    accounts.  More space is devoted to where you can buy equipment than
    how to evaluate it.  The installation instructions, in chapter nine,
    pretty much ignore security considerations.  Chapter ten supposedly
    deals with advanced wireless LANs, including security, but has little
    new material aside from screenshots of Microsoft Windows utilities
    with some relationship to VPNs (Virtual Private Networks).
    
    Part four covers troubleshooting and maintenance.  Chapter eleven
    touches on a number of possibly wireless connectivity problems.  A
    collection of text repeated from prior chapters is in chapter twelve.
    
    There is a glossary included with the book.  It is quite limited, and,
    in particular, does not deal well with acronyms.  In fact, the book is
    full of TLAs (Three Letter Acronyms) and other abbreviations that get
    used before they are defined, and do not appear in either the glossary
    or the index.  This can be quite aggravating, particularly in cases
    where the acronyms aren't standard.  (The authors use "PHY" to refer
    to the physical layer of the OSI model, which is not commonly so
    represented in either communications or security literature.)
    
    The text of the book is excessively padded with useless verbiage and
    irrelevant material.  The actual content pertinent to the security of
    wireless LANs is barely enough to fill a decent magazine article. 
    Overall, the book is poorly structured, limited in detail, and bloated
    with meaningless or repetitious content.
    
    copyright, Robert M. Slade, 2003   BKBSWNW8.RVW   20030208
    
    -- 
    ======================
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
              March 31, 2003           Indianapolis, IN
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Feb 26 2003 - 02:42:43 PST