Wireless Operational Security
Published on 1. May 2004
468 pages
978-0-08-052119-0 (ISBN)
Description
This comprehensive wireless network book addresses the operational and day-to-day security management requirements of 21st century companies. Wireless networks can easily be reconfigured, are very mobile, allow for potentially nonstop exposure, and require the level of security be scrutinized even more than for wired networks. This includes inherent security flaws in various wireless architectures that result in additional risks to otherwise secure converged wired networks. An even worse scenario is one where an insecure wireless network is connected to a weakly secured or insecure wired network and the wireless subnet is not separated from the wired subnet. There are approximately a dozen popular books that cover components of the architecture, design, theory, issues, challenges, and recommended policies for wireless security, none of which address them in a practical, operationally-oriented and comprehensive way. Wireless Operational Security bridges this gap.*Presents a new "WISDOM" model for Wireless Security Infrastructures*Acts as a critical guide to implementing "Converged Networks" wired/wireless with all necessary security considerations*Rittinghouse's Cybersecurity Operations Handbook is the only security book recommended by the FCC
More details
Other editions
Additional editions
John Rittinghouse PhD CISM | James F. Ransome PhD CISM CISSP
Wireless Operational Security
Book
05/2004
Digital Press
€94.27
Article exhausted; check different version
Persons
John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliabiltiy and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup.James F. Ransome, Ph.D., CISSP, CISM, has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph.D. in information systems specializing in information security and is a member of Upsilon Pi Epsilon (UPE), the International Honor Society for the Computing and Information Disciplines. He is currently Vice President of Integrated Information Security at CH2M HILL in Denver, CO.
Content
- Front Cover
- Wireless Operational Security
- Copyright Page
- Contents
- List of Figures and Tables
- Foreword
- Preface
- Acknowledgments
- Section I: General Network Security
- Chapter 1. Basic Concepts
- 1.1 Threats to personal privacy
- 1.2 Fraud and theft
- 1.3 Internet fraud
- 1.4 Employee sabotage
- 1.5 Infrastructure attacks
- 1.6 Malicious hackers
- 1.7 Malicious coders
- 1.8 Industrial espionage
- 1.9 Social engineering
- 1.10 Privacy standards and regulations
- 1.11 Endnotes
- Chapter 2. Managing Access
- 2.1 Access control
- 2.2 Password management
- 2.3 Endnotes
- Chapter 3. Setting Up Defenses
- 3.1 Foundations of information assurance
- 3.2 Defense-in-Depth strategy
- 3.3 The Common Criteria Model
- 3.4 Security architecture
- 3.5 Operations security
- 3.6 Host-based intrusion detection
- 3.7 Network-based intrusion detection efforts
- 3.8 Endnotes
- Chapter 4. Incident Management
- 4.1 Overview of RFC 2196 (Site Security Handbook)
- 4.2 Incident handling process overview
- 4.3 Endnotes
- Chapter 5. Securing Web Applications
- 5.1 Applications development security
- 5.2 Endnotes
- Chapter 6. Security and the Law
- 6.1 The 1996 National Information Infrastructure Protection Act
- 6.2 President's Executive Order on critical infrastructure protection
- 6.3 The USA Patriot Act of 2001
- 6.4 The Homeland Security Act of 2002
- 6.5 Changes to existing laws
- 6.6 Investigations
- 6.7 Ethics
- 6.8 Endnotes
- Section II: Wireless Network Security
- Chapter 7. Wireless Networking Basics
- 7.1 Wireless local area networks
- 7.2 Mobile security
- 7.3 Encryption schemes in WLANs
- 7.4 Endnotes
- Chapter 8. WLAN Policy and Risk Management
- 8.1 Purpose and goals of WLAN security policies
- 8.2 Basic approach to WLAN security and policy development
- 8.3 WLAN risk management
- 8.4 Risks to wired networks from wireless networks
- 8.5 Security issues for wireless public-access network use
- 8.6 Sample WLAN security checklist
- 8.7 Creating WLANs in public space
- 8.8 Designs for scalable and secure WLAN solutions
- 8.9 Endnotes
- Chapter 9. WLAN Intrusion Process
- 9.1 Pro.ling to select a target or gather information
- 9.2 Social engineering
- 9.3 Searching publicly available resources
- 9.4 War-driving, -walking, -flying, and -chalking
- 9.5 Exploitable WLAN configurations
- 9.6 How intruders obtain network access to a WLAN
- 9.7 Password gathering and cracking software
- 9.8 Share enumerators
- 9.9 Using antennas and WLAN equipment
- 9.10 Denial-of-service attacks and tools
- 9.11 Rogue devices as exploitation tools
- 9.12 Other useful tools and techniques
- 9.13 Use of malicious code or life insertion in WLANs
- 9.14 Security vulnerabilities with public-access wireless networks
- 9.15 Weaknesses in existing security solutions
- 9.16 Endnotes
- Chapter 10. WLAN Risk and Threat Mitigation
- 10.1 Mitigating static WEP risks with TKIP
- 10.2 Using dynamic WEP (802.1x and EAP) to address
- 10.3 VPNs in a WLAN environment
- 10.4 Enhancing WLAN security
- 10.5 Other WLAN security issues
- 10.6 Conclusion
- 10.7 Endnotes
- Chapter 11. Additional WLAN Security Solutions
- 11.1 Intrusion detection systems
- 11.2 Security advantages of thin clients in a wireless environment
- 11.3 Using DHCP services for authentication
- 11.4 Baselining
- 11.5 Using Kerberos, RADIUS, and LDAP for WLAN authentication
- 11.6 Multifactor authentication
- 11.7 802.11i and WiFi protected access
- 11.8 Conclusion
- 11.9 Endnotes
- Chapter 12. WISDOM for WLAN Practitioners
- 12.1 Risk assessments revisited
- 12.2 Costs of securing WLANs
- 12.3 WLAN threat and impact analysis
- 12.4 WLAN security management considerations
- 12.5 Applying WISDOM to WLAN security
- 12.6 Conclusion
- 12.7 Endnotes
- Glossary
- A Wireless Policy Essentials
- A.1 Wireless position statement
- A.2 ABC Inc. InfoSec Risk Assessment Policy
- A.3 ABC Inc. InfoSec Audit Policy
- A.4 ABC Inc. InfoSec Acceptable Use Policy
- A.5 ABC Inc. InfoSec Network Policy
- A.6 ABC Inc. InfoSec De-Militarized Zone (DMZ) Policy
- A.7 ABC Inc. InfoSec Router Policy
- A.8 ABC Inc. InfoSec Extranet Policy
- A.9 ABC Inc. InfoSec Remote Access Policy
- A.10 ABC Inc. InfoSec Dial-In Access Policy
- A.11 ABC Inc. InfoSec VPN Communication Policy
- A.12 ABC Inc. InfoSec Wireless Communication Policy
- A.13 ABC Inc. InfoSec Server Policy
- A.14 ABC Inc. InfoSec Password Policy
- A.15 ABC Inc. InfoSec Application Password Policy
- A.16 ABC Inc. InfoSec Anti-Virus Policy
- A.17 ABC Inc. InfoSec Policy Exception Form
- B Wireless-related Legislative Links
- C Additional WLAN References
- C.1 Other WLAN Interest Items
- C.2 Security Risks and Legal Protections Recap
- C.3 Endnotes
- Index
