How to Cheat at Securing a Wireless Network (How to Cheat) (How...

Features

• Cover Type: Paperback with 504 pages
• Published by: Syngress July 25, 2006
• Written in: English
• ISBN 10 Number: 1597490873
• ISBN 13 Number: 978-1597490870
• Book Dimensions: 8.7 x 7 x 1.4 inches
• Weighs: 13.6 ounces

Product Description
Wireless connectivity is now a reality in most businesses. Yet by its nature, wireless networks are the most difficult to secure and are often the favorite target of intruders. Some of the primary threats are the result of the following factors:

• Denial of service (DoS) and other network layer attacks
• Unauthorized access across the perimeter and within the organization Application layer intrusions and attacks, both from within and outside the network Extended connectivity through remote access and extranets
• An increase in unmanaged or ill-managed endpoint devices
• New applications like VoIP, instant messaging, and peer-to-peer

This book provides the busy network administrator with best-practice solutions address these threats and to maintain a secure and accessible wireless network. The book endorses the principle that the best strategy is to deploy multiple layers of security, each reinforcing the other. Yet it never strays from its emphasis on the practical; that any tool or methodology that is deployed must work reliably, allow sufficient access, and require a minimal amount of maintenance.

About The Author
Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than ten years of experience performing penetration testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing, ISBN: 19318360305). He has contributed to several other Syngress publications, including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for Hackers at Heart (ISBN: 1597490407). He has a BS from Angelo State University in Computer Science and a whole bunch of certifications to make himself feel important.



Reader Reviews
How to Cheat at Securing a Wireless Network (HTCASAWN) seemed to have a lot of promise. A quick initial look showed discussions of wireless VLANs, WPA, and command syntax for Cisco gear. I thought this would be a good book to read and review, since I try to avoid reading and reviewing books I won't find useful. About halfway through HTCASAWN I made a sad discovery: 7 of 12 chapters are duplicates of chapters from books published in 2001 and 2002, and an eighth chapter largely duplicates a book from 2004. What would probably have been a 4 star review immediately became a tenuous 3 star review, thanks to apparently verbatum reprinting of old material. Here's the good news about HTCASAWN. About one third of the book is well-written and informative. My favorite chapters, 4 and 5, cover 802.1X, wireless VLANs, and broadcast domain segmentation. Various issues are explained using Cisco command syntax, meaning I could try these techniques given the right gear. In Ch 4 the author even avoids duplicating previous material by explicitly referencing details from Ch 2. Internal redundancy is usually a problem when a book offers 9 authors and no editor or lead author. Ch 2 was decent as well, with practical advice on wireless security configuration (although parts come from the 2004 book "Wardriving"). The other non-duplicate chapters, 3 and 12, are decent. The best part of Ch 3 is the description of the wireless attack station positioned outside a client location. Ch 12 is a good overview of some attack vectors. Outside of those chapters, the rest of HTCASAWN is reprinted from older Syngress books -- and I mean OLDER -- namely 2001's Designing a Wireless Network (DAWN) and 2002's Hack Proofing Your Wireless Network (HPYWN). Here's the breakdown: Ch 1 is DAWN Ch 1; Ch 6 is the first half of HPYWN Ch 3; Ch 7 is HPYWN Ch 3; Ch 8 is HPYWN Ch 7; Ch 9 is DAWN Ch 6; Ch ten is DAWN Ch 7; and Ch 11 is DAWN CH 9. What's the problem with reprinting older chapters? When a book is published in 2006 with a completely new title and no reference to older books, I expect it to be original. I understand covering older material, and even incorporating parts that may have appeared previously. I don't expect to read the same chapters again. Worse, security is seldom static. I do not want to read about securing wireless with DES and 64 bit WEP (p 317) or being told I can buy commercial Snort sensors from Silicon Defense (p 277) -- a company that left that business in 2003 and no longer exists! I also don't want to read case studies that recommend running Windows 2000 and Windows 98 (p 365). Books like these are resume-padding for the duplicate chapter authors and they do a disservice to readers. They also tarnish the good original work packaged between the old material. The only way I could see this model working would be to follow these recommendations. First, publish the book with some sort of disclosure regarding its contents, perhaps in the foreword or introduction. Let the reader know this contains the best ideas about older topics. Second, thoroughly review the older material for currency and accuracy. Third, be sure the authors of the old material are involved and agree to the new book's contents. I can't recommend HTCASAWN. Only the third of the material that is new saved it from a two star review. Incidentally, you can read my reviews of HPYWN and Wardriving here at Amazon.