Wi-Fi seems to be an issue that every IT networking manager has to deal with.
In How Secure is Your Wireless Network? Safeguarding your Wi-Fi LAN, Lee Barken includes instructions on “”war driving”” techniques, designed to help IT managers find rogue access points.
War driving is when a person
travels around with an 802.11-equipped notebook or personal digital assistant (PDA) looking for Wi-Fi access points.
Barken, who founded the San Diego Wireless Users Group, is careful to point out that war driving is not the same as hacking, because war drivers do not always attempt to access private Wi-Fi networks. The term “”private”” is used loosely here, and refers to networks that are intended to be private.
Barken notes tools like NetStumbler can be useful to a network manager who wants to figure out whether there are “”rogue”” access points — devices that were brought in by users without the consent of the IT department — on the premises.
This is one reason network managers need to deal with Wi-Fi — whether or not their organizations have actually implemented it. Some users will bring in their own Wi-Fi access points and install them — opening up the network to hackers.
Barken walks the reader through the Wired Equivalent Privacy (WEP) standard and explains its limitations. He doesn’t say WEP is useless, but warns the requirement to distribute keys to every user means, in practice, WEP is useful only to small organizations.
Barken explains, in plain language, the limitations of WEP, and why other practices, such as disabling SSID broadcasts and MAC filtering, are not strong security measures.
In order to address the limitations of WEP, the Institute of Electrical and Electronics Engineers (IEEE) is working on the 802.11i standard. The Wi-Fi Alliance has released an interim standard, dubbed Wi-Fi Protected Access (WPA), which is comprised of several 802.11i components, including Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
Barken goes on to explain how to set up a virtual private network (VPN) for a Wi-Fi environment, and how to set up and configure other security components, such as authentication servers and Linux-based access points.
One major strength of the book is the photos and diagrams. The product photos are black and white, and are unlikely to win any photo awards, while the diagrams and illustrations are quite plain and bland. But this a book about 802.11 security, and the simple diagrams are invaluable in helping the reader understand the concepts. The photos show networking professionals what they’ll actually be working with if they set up a Wi-Fi network.
Some passages, while interesting, are of limited value to the network manager. For example, he devotes an entire appendix to instructions on how to build an antenna made from a Pringles potato chip can while the chapter on WPA is rather short.
Overall, Barken gives an excellent overview of the security issues involved in 802.11 and a guide on how to overcome them. This is recommended for anyone who wants a good understanding of the security issues surrounding 802.11 networks.