You are previewing 802.11 Security.
O'Reilly logo
802.11 Security

Book Description

Mention wireless networks, and the question of security will soon follow. It's not surprising that in spite of compelling business arguments for going wireless, many companies are holding back because of security concerns. But, while it's true that wireless networks create security issues that don't exist in wired networks, the issues are not insurmountable. 802.11 Security shows how you can plan for and successfully contend with security obstacles in your wireless deployment. This authoritative book not only explains the security issues, but shows you how to design and build a your own secure wireless network. 802.11 Security covers the entire process of building secure 802.11-based wireless networks, in particular, the 802.11b ("Wi-Fi") specification. The authors provide detailed coverage of security issues unique to wireless networking, such as Wireless Access Points (WAP), bandwidth stealing, and the problematic Wired Equivalent Privacy component of 802.11. You'll learn how to configure a wireless client and to set up a WAP using either Linux or Free BSD. You'll also find thorough information on controlling network access and encrypting client traffic. Beginning with an introduction to 802.11b in general, the book gives you a broad basis in theory and practice of wireless security, dispelling some of the myths along the way. In doing so, they provide you with the technical grounding required to think about how the rest of the book applies to your specific needs and situations. Next, the book details the technical setup instructions needed for both the Linux and FreeBSD operating systems. Some of the topics covered include:

  • Station Security for Linux, FreeBSD, Open BSD, Mac OS X and Windows

  • Setting Up Access Point Security

  • Gateway Security, including building Gateways, firewall Rules, Auditing, etc.

  • Authentication and Encryption

  • FreeBSD IPsec client and gateway configuration

  • Linux IPsec client and gateway configuration

  • 802.1x authentication

802.11 Security is a book whose time has come. If you are a network, security, or systems engineer, or anyone interested in deploying 802.11b-based systems, you'll want this book beside you every step of the way.

Table of Contents

  1. 802.11 Security
    1. Preface
      1. Assumptions About the Reader
      2. Scope of the Book
      3. Conventions Used in This Book
      4. Other Sources of Information
        1. Standards and References
        2. Operating-System-Specific Documentation
        3. Mailing Lists
      5. We’d Like to Hear from You
      6. Acknowledgments
        1. From Bruce Potter
        2. From Bob Fleck
    2. I. 802.11 Security Basics
      1. 1. A Wireless World
        1. What Is Wireless?
        2. Radio Transmission
          1. Data Rate
          2. Signal Strength
          3. Antennas
        3. Inherent Insecurity
        4. 802.11
          1. History of 802.11
        5. Structure of 802.11 MAC
          1. BSS and IBSS
        6. WEP
          1. Encryption
          2. Authentication
        7. Problems with WEP
          1. Key Management
          2. Encryption Issues
        8. Is It Hopeless?
      2. 2. Attacks and Risks
        1. An Example Network
        2. Denial-of-Service Attacks
          1. Application (OSI Layer 7)
          2. Transport (OSI Layer 4)
          3. Network (OSI Layer 3)
          4. Data-Link (OSI Layer 2)
          5. Physical (OSI Layer 1)
          6. Wireless DoS Attacks
            1. 802.11b physical attacks
            2. 802.11b data-link DoS attacks
            3. 802.11b network DoS attacks
        3. Man-in-the-Middle Attacks
          1. Eavesdropping
          2. Manipulating
        4. Illicit Use
        5. Wireless Risks
          1. Determining Risk
        6. Knowing Is Half the Battle
    3. II. Station Security
      1. 3. Station Security
        1. Client Security Goals
          1. Prevent Access to the Client
          2. Secure Communication
            1. SSL
            2. SSH
        2. Audit Logging
        3. Security Updates
      2. 4. FreeBSD Station Security
        1. FreeBSD Client Setup
          1. Wireless Kernel Configuration
          2. Security Kernel Configuration
          3. Startup Configuration
          4. Card Configuration
          5. OS Protection
            1. Firewall configuration
            2. Disable unneeded services
            3. Static ARP
            4. Other security concerns
          6. Audit Logging
            1. arpwatch
            2. syslog
            3. swatch
      3. 5. Linux Station Security
        1. Linux Client Setup
        2. Kernel Configuration
          1. Wireless Kernel Configuration
          2. Security Kernel Configuration
          3. Startup Configuration
          4. Card Configuration
          5. Card Utilities
        3. OS Protection
          1. Firewall Configuration
          2. Disable Unneeded Services
          3. Static ARP
          4. Other Security Concerns
        4. Audit Logging
          1. arpwatch
          2. syslog
          3. swatch
        5. Secure Communication
      4. 6. OpenBSD Station Security
        1. OpenBSD Client Setup
        2. Kernel Configuration
          1. Wireless Kernel Configuration
          2. Security Kernel Configuration
          3. Card Configuration
          4. Startup Configuration
        3. OS Protection
          1. Firewall Configuration
          2. Disable Unneeded Services
          3. Static ARP Entries
        4. Audit Logging
      5. 7. Mac OS X Station Security
        1. Mac OS X Setup
          1. Kernel Configuration
          2. Card Configuration
          3. AirPort Access Point Utilities
        2. OS Protection
          1. Disable Unneeded Services
          2. Firewall Configuration
          3. Static ARP Entries
        3. Audit Logging
      6. 8. Windows Station Security
        1. Windows Client Setup
        2. OS Protection
          1. Virus Protection
          2. Firewall
          3. Static ARP
        3. Audit Logging
        4. Secure Communication
    4. III. Access Point Security
      1. 9. Setting Up an Access Point
        1. General Access Point Security
          1. WEP Keys
          2. MAC Address Filtering
          3. Management Interfaces
          4. Log Host
          5. Trap Host
          6. Authentication Methods
          7. SNMP Monitoring
            1. net-snmp
            2. Scotty/tkined
        2. Setting Up a Linux Access Point
          1. Installation of HostAP
        3. Setting Up a FreeBSD Access Point
        4. Setting Up an OpenBSD Access Point
          1. OpenBSD Startup Files
          2. Securing an OpenBSD Access Point
        5. Taking It to the Gateway
    5. IV. Gateway Security
      1. 10. Gateway Security
        1. Gateway Architecture
        2. Secure Installation
        3. Firewall Rule Creation
        4. Audit Logging
      2. 11. Building a Linux Gateway
        1. Laying Out the Network
        2. Building the Gateway
          1. Linux Kernel Configuration
          2. Disabling Unneeded Services
        3. Configuring Network Interfaces
        4. Building the Firewall Rules
        5. MAC Address Filtering
        6. DHCP
        7. DNS
        8. Static ARP
        9. Audit Logging
        10. Wrapping Up
      3. 12. Building a FreeBSD Gateway
        1. Building the Gateway
          1. FreeBSD Kernel Configuration
          2. Disabling Unneeded Services
        2. Building the Firewall Rules
        3. Rate Limiting
        4. DHCP
        5. DNS
        6. Static ARP
        7. Auditing
      4. 13. Building an OpenBSD Gateway
        1. Building the Gateway
          1. OpenBSD Kernel Configuration
          2. Configuring Services
        2. Building the Firewall Rules
          1. Configuring NAT
        3. Rate Limiting
        4. DHCP
        5. DNS
        6. Static ARP
        7. Auditing
      5. 14. Authentication and Encryption
        1. Portals
          1. NoCat
          2. WiCap
        2. IPsec VPN
          1. IPsec in a Nutshell
          2. FreeBSD IPsec Implementation
          3. FreeBSD IPsec Client Configuration
          4. FreeBSD IPsec Gateway Configuration
          5. Linux IPsec Implementation
          6. Linux IPsec Client Configuration
          7. Linux IPsec Gateway Configuration
        3. 802.1x
          1. Structure of 802.1x
          2. Limitations of 802.1x
          3. 802.1x Equipment and Configuration
            1. Authentication server
            2. Authenticator
            3. Supplicant
      6. 15. Putting It All Together
        1. Pieces of a Coherent System
        2. User Knowledge
        3. Looking Ahead
    6. Index
    7. Colophon