Real 802.11 Security: WI-Fi Protected Access and 802.11i [Paperback]

In terms of understanding architecture, and the cryptography behind the security protocols this was my favorite book. My favorite chapter was the how WEP works and why it doesn't. The writing was clear and the explanations were accurate. I also loved chapter 15, that equipped me to explain why wireless networks are dangerous beasts with detail.

It is a tougher read than some of the other books on the subject, the good news is that you understand the cryptography, the bad news is you have to work through the pages with the crytography.

This is a good book and it is well worth the price. Why did I give it 4 stars instead of 5? It could improve in a couple areas. I think it would have been a stronger, more focused work without chapters 2, 3, and 4. Any reader that is willing to wade through the inner workings of TLS, TKIP or WPA doesn't need a security overview. Also, I really wish more effort had been put into chapter 14, Public Wireless Hotspots. It is good, it covers the fundamentals, but I finished the chapter without increasing my understanding of a question every reader of the book will have. Do I dare check my (encrypted) email at a Starbucks or airport hot spot? That said, I think with second edition the authors will have every chance to take the lead in the crowded field of 802.11 books.

Edney and Arbaugh show just how "loose" current wireless systems really are, their vulnerabilities and the most common attack methods used, including man in the middle, WEP cracking and MAC spoofing. They detail the layers of transmittion and how those layers interact in the most common wireless scenarios. They also define the terms and uses of current wireless security including the latest methods under development.

The authors start by making sense of the alphabet soup of wireless security including WEP, RSN, 802.1x, LEAP, PEAP and Radius. They dig down to the actual tools and processes used to hack wireless networks and give excellent summaries of the most commonly used methods. Their examples detail the uses of headers, their encryption and the algorithms used by each security protocol. They then show how each protocol is broken down, how server and client interact and the security holes present.

After a good overview of the current landscape, Edney and Arbaugh go on to show the reader how each protocol stacks up against one another, thus allowing the reader greater flexibility to decide just which type or types of security maybe right for their wireless environment(s). They also give very good examples of the problems inherent to communication and authentication in highly mobile, fast paced environments. The authors go into the details and difficulties of how to strengthen wireless networks thru the understanding and use of algorithms, hardware authentication and transport layer security.

Edney and Arbaugh finalize their book by showing how the protocols are applied and the details of implementing Wi-Fi security in day-to-day actual situations. They use screen shots of actual tools in use making it easier for the novice radio buff to understand the whole process. Any white hat will enjoy the final chapter as the authors proceed to show details on how to craft your own client and server side certificates, construct and harden a RADIUS server using open source software and plan your network.

A must read for all IT professionals running wireless in any sensitive environment. As a learning experience Real 802.11 Security should not be taken lightly by any professional currently designing and implementing wireless solutions.

This was my first book on wireless security and will provide a good basis to move forward to vendor specific security and eventual certification. A great place to start with enough depth to provide a learning opportunity for the more experienced.