Before wireless commerce, or even wireless access to the corporate network can really take off, organizations are going to have to improve their efforts in wireless security. Wireless Security and Privacy presents a complete methodology for security professionals and wireless developers to coordinate their efforts, establish wireless security best practices, and establish security measures that keep pace with development. The material shows how to develop a risk model, and shows how to implement it through the lifecycle of a system. Coverage includes the essentials on cryptography and privacy issues. In order to design appropriate security applications, the authors teach the limitations inherent in wireless devices as well as best methods for developing secure software for them. The authors combine the right amount of technological background in conjunction with a defined process for assessing wireless security.
Sprache
Verlagsort
Verlagsgruppe
Zielgruppe
Für höhere Schule und Studium
Maße
Höhe: 235 mm
Breite: 187 mm
Dicke: 18 mm
Gewicht
ISBN-13
978-0-201-76034-7 (9780201760347)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Klassifikation
Tara M. Swaminatha is an information security administrator for the International Finance Corporation, a part of the World Bank Group. Tara is responsible for educating the IFC about information security, conducting technical product evaluations, offering security classes to employees, and assisting with the definition and implementation of plans for security best practices and technologies. Previously Tara was a software security consultant with Cigital's Software Security Group (SSG). The SSG provides software security risk analysis for a broad range of clients. Tara also worked for PEC Solutions on a team that developed software and infrastructure for agencies within the U.S. Department of Justice. She implemented configuration control practices, maintained integrity of the development and production environments, and performed software, hardware, and multi-system integration. Tara holds both a B.A. in sociology and an M.T. in special education from the University of Virginia, where she graduated with high distinction. While working at the IFC, Tara is also pursuing her J.D. at Georgetown University.
Charles R. Elden is an independent security consultant. He worked most recently at Cigital, where he was a manager and software security consultant with Cigital's Software Security Group. He has experience performing communication and software systems risk analysis and risk management. Previously he worked for the Central Intelligence Agency for 12 years and has worked for more than 11 years in the Directorate of Science and Technology's Office of Technical Services. Charles has extensive experience designing, developing, deploying, and exploiting secure and covert computing and communication systems. He received his M.S. in computer science from George Mason University and his B.S. in computer science/computer engineering from Michigan State University.
0201760347AB08232002
Foreword.
Preface.
About the Authors.
Acknowledgments.
I. ESTABLISH A FOUNDATION.
1. Wireless Technologies.
An Introduction to Wireless Architecture.
Usage Models.
Internet Bridge.
Conference.
Multipurpose Phone.
Synchronizer.
Devices.
Cell Phones and Personal Digital Assistants (PDAs).
Wireless Laptops.
Consumer Issues.
Technical Issues.
Network Arrangements and Technologies.
802.11b.
The Wireless Application Protocol (WAP).
Wireless Wide Area Networks.
Local Area Networks.
Personal Area Networks and Bluetooth.
Wireless LAN Appeal.
Case Studies.
The Hospital.
The Office Complex.
The University Campus.
The Home.
2. Security Principles.
Security Principles.
Authentication.
Access Control and Authorization.
Nonrepudiation.
Privacy and Confidentiality.
Integrity.
Auditing.
Development and Operation Principles.
Functionality.
Utility.
Usability.
Efficiency.
Maintainability.
Scalability.
Testability.
Management Principles.
Schedule.
Cost.
Marketability.
Margin.
The Security Analysis Process-I-ADD.
Identify.
Analyze.
Define.
Design.
Repeat.
The Foundation.
II. KNOW YOUR SYSTEM.
3. Technologies.
802.11 and 802.11b.
802.11 System Components.
802.11 Architecture Modes.
802.11b Physical Layer.
802.11 Media Access Control Layer.
802.11b Security and Wired Equivalent Privacy (WEP).
Bluetooth.
Bluetooth Physical Layer.
Bluetooth Protocol Architecture.
Bluetooth Profiles.
Bluetooth Security.
WAP.
WAP Overview.
Wireless Application Environment (WAE).
WAP Security.
4. Devices.
Personal Digital Assistants.
Palm OS Devices.
Palm Security.
Palm OS 4.0.
Pocket PC Devices.
BlackBerry (RIM 950 and 957).
BlackBerry APIs.
BlackBerry Security.
5 Languages.
Wireless Application Protocol (WAP).
WAP Browsers.
Wireless Markup Language (WML).
WMLScript.
J2ME.
The Future of J2ME.
III. PROTECT YOUR SYSTEM.
6. Cryptography.
Applied Cryptography Overview.
The Office Complex Case Study.
Primitives and Protocols.
Symmetric and Asymmetric Algorithms.
Cryptographic Attacks.
Symmetric Cryptography.
Symmetric Primitives.
Symmetric Protocols.
Asymmetric Cryptography.
Asymmetric Primitives.
Asymmetric Protocols.
Common Problems.
Cryptography by Itself.
Proprietary Cryptographic Protocols.
Common Misuses.
Choices.
Performance.
Effectiveness.
Decision Trade-Offs.
Key Points.
7. COTS.
COTS versus Custom Software.
Custom Software.
Virtual Private Network (VPN).
Hardware-Based VPNs.
Firewall-Based VPNs.
Software-Based VPNs.
Tunneling.
The Seven-Layer OSI Model.
PPTP.
L2TP.
IPSec.
SmartCards.
Biometric Authentication.
8. Privacy.
The Online Privacy Debate in the Wired World.
Privacy in the Wireless World.
The Players.
Related Privacy Legislation and Policy.
The Communications Assistance for Law Enforcement Act (CALEA).
E-911.
The Wireless Communications and Public Safety Act of 1999.
The U.S.A. Patriot Act of 2001.
Location-Based Marketing and Services and GPS.
The Middle Ground Answer.
Progress in the Wired World.
IV. I-ADD.
9. Identify Targets and Roles.
Identify Targets.
The Wireless Device.
The Service Provider.
Identify Roles.
Malicious Users.
Mapping Roles to Targets.
10. Analyze Attacks and Vulnerabilities.
Known Attacks.
Device Theft.
The Man in the Middle.
War Driving.
Denial of Service.
The DoCoMo E-Mail Virus.
Vulnerabilities and Theoretical Attacks.
Vulnerabilities of the Wireless Device.
Vulnerabilities of the Service Provider.
Vulnerabilities of the Gateway.
Vulnerabilities of the Web Server and the Backend Server.
11. Analyze Mitigations and Protections.
Protecting the Wireless Device.
Limiting the Vulnerability to Loss.
Limiting the Vulnerability to Theft.
Protecting the Physical Interface.
Protecting Access to the User Interface.
Protecting Personal Data on the PDA.
Protecting Corporate or Third-Party Information.
Protecting Access to Network and Online Services.
Protecting the Transceiver.
Protecting Vulnerabilities of the Service Provider.
Protecting the Transceiver Services.
Protecting Access to Its Subscribers.
Protecting the Transceiver.
Protecting the Administrative Server.
Protecting User-Specific Data.
Protecting the Network Server.
Protecting Corporate Proprietary Data and Resources.
Protecting Vulnerabilities of the Gateway.
Prioritizing.
Building Trust-Application Security.
12. Define and Design.
The Case Studies Revisited.
The Hospital.
The Office Complex.
The University Campus.
The Home.
Case Studies Conclusion.
Just the Beginning.
Afterword: The Future of Wireless Security.
Bibliography.
Index. 0201760347T08232002
