Building Secure Wireless Networks with 802.11
Authors: Jahanzeb Khan and Anis Khwaja
As you can see, we have yet another wireless review on Help Net Security. As more and more people are migrating their wired networks into wire-free environment, wireless security is becoming one of the most talked about IT topics. What is this book all about? Read on.
About the authors
Jahanzeb Khan is Principal Engineer with RSA Security, Inc., where he is responsible for the research and development of encryption, Public Key Infrastructure, and wireless LAN Security standards. He is active in the 802.11b community and is a member of IEEE International.
Anis Khwaja works in the IT department of a leading financial services firm. Khwaja has more than fifteen years of experience in networking and is currently involved in deployment of 802.11b (WiFi) networks
Inside the book
On September 11, 1940, George Steblitz used a Teletype machine at Dartmouth College in New Hampshire to transmit a problem to his Complex Number Calculator in New York and received the results of the calculation on his Teletype terminal. This transfer of data is considered the first example of a computer network. Fast forward 60 years where computers networks are connected over the air.
The book doesn’t start with an overview of WLAN basics, but with a historical view on computer networks from day one, to the modern Ethernet networks and Internet. As general network knowledge is needed to understand and setup a wireless network, early chapters present the information on different network types, standards and protocols. What follows next is a similar chapter which is focused on wireless networks. Here the readers stumble across all the WiFi and WLAN basics, including standards and operating modes.
Besides all the good things wireless networks provide, there is a number of technological and security issues that should be closely considered. Some of the possible pros/cons can be found in the following chapter titled “Is Wireless LAN right for you?”
Following the idea on explaining wireless networks with having the “usual” wired networks on mind, the authors divide the part on secure wireless LANs to two chapters, each dealing with security issues and concepts of one of these network types. The security aspects of wired networks receive 10 more pages than their wireless counterparts, which is normal, as wired networks are much older and are used much more than wireless ones.
After talking a look at both basics and security issues of wireless LANs, authors now dedicate several chapters on building and securing WLANs. Here, the first time implementers will learn how to deploy wireless networks through seven logical steps. The steps are varying from understanding the wireless needs to the product consideration and ROI (return of investment). All of the steps are practically shown through a non-existing Bonanza Corporation wireless LAN installation.
From the advanced user’s point of view, authors provide a chapter on 802.1X authentication mechanism, which is presented through a semi-visual guide on setting up 802.1X with Microsoft Windows XP and Cisco 350 series AP. Besides this setup, there is a nice scope on using a Virtual Private Network to secure wireless communications.
The ast part of the book takes care of methods related to troubleshooting and maintaining secure operations in your WLAN. In a brief overview manner, authors give the future administrators tips on the things that can go wrong. A nice addition to this chapter is a sample security policy that can be easily modified for usage in different environments.
The book contains two interesting appendixes. The first contains several actual mini case studies, where the readers can take a look at several different wireless deployment scenarios. All of these wire free setups (home, small corporation, campus wide and wireless ISP) are presented through the same template detailing on each network’s background, problem, solution and the final result. These examples aren’t so in-depth, but provide a good read on several possible WLAN installations.
If you are interested in wireless LAN technologies, you probably realized that a number of book publications and articles, reference some of the Orinoco hardware. The most talked about wireless adapters, especially when taking a look at Wardriving and similar activities, are surely Orinoco Gold and Silver PC cards. The authors carry on the Orinoco fame, with an appendix detailing Orinoco PC card on a number of operating systems, including Windows 98/ME/2000/NT, MacOS and Linux.
As I’m an owner of Orinoco Residential Gateway (RG 1000) access point, it was nice to see that the authors use this AP for a sample LAN setup. For those who don’t know, RG1000 is like a clam-shell – when you open it you will find a pearl in the way of the ever useful Orinoco Silver PC (pcmcia) card.
Information security experts Khan and Kwaja combined their WiFi knowledge and created this step-by-step guide covering all the major aspects of 802.11 networks. They cover the whole circle, from initial network and product considerations, over installation and security, to troubleshooting the existing network.
“Bulding Secure Wireless Networks with 802.11” is easy to read, informative and deals with a number of WiFi security facts. The difference between this and other WiFi security publications is that the book is intended to be an implementers guide into building a secure wireless Local Area Network. I should note that the book is strictly Windows related, so, besides the Orinoco guide, don’t expect any implementation methods for other operating systems.
From the implementer’s perspective, the book should be suitable to novice and inter mediate readers, because the topics surrounding actual implementations and advanced techniques are covered in a less technical way. Don’t get me wrong, there are technicalities inside the book, but not so deep enough to be of interest to advanced users familiar with WLANs. Yet another fact that proves that the book is more novice user suited is that software installations are started with “Insert CD”, click “setup.exe” etc.