Il libro è suddiviso in quattro sezioni, “Establish a Foundation”, “Know your System”, “Protect Your System”, ed infine “I-ADD (Identify, Analize, Define and Design)”

La prima parte si occupa dei principi della tecnologia wireless, e l’importanza dell’implementazione di alcuni sistemi di sicurezza , spiegando in generale di additare alcune misure come un corretto sistema di accesso e di autenticazione.

La seconda parte invece, fa conoscere la tecnologia wireless illustrando alcuni sviluppi come lo standard 802.11b, o il bluetooth illustrandone anche i device wireless che potrebbero o utilizzano questo tipo di tecnologia.

La terza e quarta parte affrontano la security nelle wireless lan a 360°, illustrando innanzitutto quali sistemi potremmo adottare e quali benefici possiamo trarne dalla scelta dell’uno piuttosto che l’altro. Quali sono i problemi reali delle wireless lan? Cosa ha che non va il WEP?
Queste ultime due parti affrontato proprio questo tema, e vengono spiegati come ovviare alle pecche del Wep, utilizzando la crittografia, Vpn ed altro.
Altro tema affrontato, ed a mio avviso d’obbligo per tutti coloro che decidono di installare una wireless lan, e capire quali sono i buchi della nostra implementazione semplicemente comportandoci come se fossimo degli “hacker” eseguendo un vero e proprio pentest verso noi stessi.

Per acquistare il libro:

Wireless Security and Privacy

Table of Contents

I. ESTABLISH A FOUNDATION.

1. Wireless Technologies.

An Introduction to Wireless Architecture.
Usage Models.

Internet Bridge.

Conference.
Multipurpose Phone.
Synchronizer.
Devices.

Cell Phones and Personal Digital Assistants (PDAs).

Wireless Laptops.
Consumer Issues.
Technical Issues.
Network Arrangements and Technologies.

802.11b.

The Wireless Application Protocol (WAP).
Wireless Wide Area Networks.
Local Area Networks.
Personal Area Networks and Bluetooth.
Wireless LAN Appeal.
Case Studies.

The Hospital.

The Office Complex.
The University Campus.
The Home.

2. Security Principles.

Security Principles.

Authentication.

Access Control and Authorization.
Nonrepudiation.
Privacy and Confidentiality.
Integrity.
Auditing.
Development and Operation Principles.

Functionality.

Utility.
Usability.
Efficiency.
Maintainability.
Scalability.
Testability.
Management Principles.

Schedule.

Cost.
Marketability.
Margin.
The Security Analysis Process-I-ADD.

Identify.

Analyze.
Define.
Design.
Repeat.
The Foundation.

II. KNOW YOUR SYSTEM.

3. Technologies.

802.11 and 802.11b.

802.11 System Components.

802.11 Architecture Modes.
802.11b Physical Layer.
802.11 Media Access Control Layer.
802.11b Security and Wired Equivalent Privacy (WEP).
Bluetooth.

Bluetooth Physical Layer.

Bluetooth Protocol Architecture.
Bluetooth Profiles.
Bluetooth Security.
WAP.

WAP Overview.

Wireless Application Environment (WAE).
WAP Security.

4. Devices.

Personal Digital Assistants.
Palm OS Devices.

Palm Security.

Palm OS 4.0.
Pocket PC Devices.
BlackBerry (RIM 950 and 957).

BlackBerry APIs.

BlackBerry Security.

5 Languages.

Wireless Application Protocol (WAP).

WAP Browsers.

Wireless Markup Language (WML).
WMLScript.
J2ME.

The Future of J2ME.

III. PROTECT YOUR SYSTEM.

6. Cryptography.

Applied Cryptography Overview.

The Office Complex Case Study.

Primitives and Protocols.
Symmetric and Asymmetric Algorithms.
Cryptographic Attacks.
Symmetric Cryptography.

Symmetric Primitives.

Symmetric Protocols.
Asymmetric Cryptography.

Asymmetric Primitives.

Asymmetric Protocols.
Common Problems.

Cryptography by Itself.

Proprietary Cryptographic Protocols.
Common Misuses.
Choices.

Performance.

Effectiveness.
Decision Trade-Offs.
Key Points.

7. COTS.

COTS versus Custom Software.
Custom Software.
Virtual Private Network (VPN).

Hardware-Based VPNs.

Firewall-Based VPNs.
Software-Based VPNs.
Tunneling.

The Seven-Layer OSI Model.

PPTP.
L2TP.
IPSec.
SmartCards.
Biometric Authentication.

8. Privacy.

The Online Privacy Debate in the Wired World.
Privacy in the Wireless World.
The Players.
Related Privacy Legislation and Policy.

The Communications Assistance for Law Enforcement Act (CALEA).

E-911.
The Wireless Communications and Public Safety Act of 1999.
The U.S.A. Patriot Act of 2001.
Location-Based Marketing and Services and GPS.
The Middle Ground Answer.
Progress in the Wired World.

IV. I-ADD.

9. Identify Targets and Roles.

Identify Targets.

The Wireless Device.

The Service Provider.
Identify Roles.

Malicious Users.

Mapping Roles to Targets.

10. Analyze Attacks and Vulnerabilities.

Known Attacks.

Device Theft.

The Man in the Middle.
War Driving.
Denial of Service.
The DoCoMo E-Mail Virus.
Vulnerabilities and Theoretical Attacks.

Vulnerabilities of the Wireless Device.

Vulnerabilities of the Service Provider.
Vulnerabilities of the Gateway.
Vulnerabilities of the Web Server and the Backend Server.

11. Analyze Mitigations and Protections.

Protecting the Wireless Device.

Limiting the Vulnerability to Loss.

Limiting the Vulnerability to Theft.
Protecting the Physical Interface.

Protecting Access to the User Interface.

Protecting Personal Data on the PDA.
Protecting Corporate or Third-Party Information.
Protecting Access to Network and Online Services.
Protecting the Transceiver.
Protecting Vulnerabilities of the Service Provider.
Protecting the Transceiver Services.
Protecting Access to Its Subscribers.
Protecting the Transceiver.
Protecting the Administrative Server.
Protecting User-Specific Data.
Protecting the Network Server.
Protecting Corporate Proprietary Data and Resources.
Protecting Vulnerabilities of the Gateway.
Prioritizing.
Building Trust-Application Security.

12. Define and Design.

The Case Studies Revisited.

The Hospital.

The Office Complex.
The University Campus.
The Home.
Case Studies Conclusion.
Just the Beginning.

Afterword: The Future of Wireless Security.