Slashdot Mirror
A Field Guide To Wireless LANs for Administrators and Power Users
This book starts out an excellent historical overview of the evolution of local area networks and the migration of TCP/IP technology to a wireless environment. In the process, it provides a definitive reference manual on the 802.11 protocol stack, discussing the evolution and future direction of this standard. The issues associated with reliably transmitting data in the very chaotic wireless world are discussed, but the real meat comes in the book's addressing of the logic behind the radio circuitry in WLANs. Along with these insights that an RF engineer will love, the book is a great guide for anyone with protocol analysis tools looking at wireless traffic, especially given the clear illustrations in the text.
Acknowledging the rapid evolution of 802.11 standards over the last few years, an excellent summary is provided, from the venerable 802.11b standard through the -a and -g standards, and moving into future standards being developed by the 802.11 TGs. Maufer provides some key insights on future directions and capabilities of WLANs, too.
The book covers the principal areas of wireless networking, including security, the hot topic for every LAN administrator. While the book does a great job of addressing the theoretical security issues (and other aspects of wireless LANs operation), it is light on practical recommendations in day-to-day WLAN management. The Guide delves into creating strong passwords for use with WLANs, though, and addresses the strengths and weaknesses of the WEP architecture. It is especially rich in providing insights into the handshake and authentication procedures within WEP. A number of proposed security enhancements are discussed, including the deployment of RADIUS servers to provide authentication in enterprise WLANs. In closing on this section, Thomas provides good insights into WPA, which is becoming the future standard to WLAN security.
For a WLAN component designer, this is probably one of the best reference guides available, and this is also true for power users who really want to get under the hood of today's WLAN systems. However, for a network administrator seeking advice on how to address a herd of WLAN devices, my recommendation would be to seek elsewhere. Maufer offers little information about vendors' product types/models, making the detailed technology discussions independent of real-world products. For the administrator able to glean the technical details of their chosen WLAN products elsewhere, though, this book can be an invaluable guide in deciding the pros and cons of a particular product solution.
Along the way, Maufer provides a series of helpful screenshots, as guides to the technical discussions addressed in the various chapters. He provides a very balanced overview in the use of WLAN technologies for Apple, Linux and Windows platforms.
I recommend this Guide as an excellent text, rich in technical details, and protocol/logic illustrations. A "must read" for understanding WLAN technology in depth. With the rapid advances in WLAN technology, this book represents a excellent benchmark on 802.11 technology, from the perspective of its 2004 timeframe, and a sequel from the author would be an excellent additional resource for WLAN system designers and architects.
You can purchase A Field Guide To Wireless LANs for Administrators and Power Users from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
A definitive and practical guide to implementing a very secure WiFi LAN so I can convince my boss to cut the wire.
It doesn't sound like this is it, or is it?
Until the day when I can surf the net, with relative security. By relative I mean as secure as a dialup. I'll stay wired.
I am Bennett Haselton! I am Bennett Haselton!
Review stolen from here.
One of the most common methods of protecting a WLAN, that I think is ignored by most people and this text, is not protecting it much at all, but restricting the use so that its unusable for anyone other than an authorized user. You turn on WAP or MAC-Address filtering to make it inconvinient to attach (though since both of these are vulnerable, this is not enough security in itself). Then you only allow access from the WLAN to your corporate VPN servers. Most machines (laptops) that make use of this will already be equipped for corporate VPN access, and so you rely on the security of your VPN in an unsecured (or relatively unsecure) network. Why are we working on all sorts of new standards when a simple combination of available standards will do just as well? Its not like using Radius auth (via SecureID or password) to your VPN is any harder for the user than any of the other suggestions coming out. Truthfully, its easier for IT since you don't have to build new security infrastructure, and you don't have to retrain users.
This is an EXCELLENT book for detailed frame analysis, especially if you need the guts of the new security protocols. I read most every wireless LAN book that hits the market, and have written a few of my own. This book is definitely a winner. Thomas does a great job of bringing out hidden and vague areas of the 802.11 standards, and answered several detailed questions that nobody else has been able to answer. Kudos on a job well done.
/30
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
So clever, lichen. Can't wait to get some mod points and go back over some of your previous posts.
Thats ok, at that point you'll be properly online with your spiffy wireless connection, and able to steal the revised eBook edition!
"Slowly back out of the room."
Review stolen from amazon
They're not false, securityworm got them from amazon and did not attribute them to amazon. I am not accusing parent of trolling, only pointing out a fact.
How do you know he didn't read the book and wrote the review on Amazon? Doesn't he have the right to reproduce his own review on Slashdot and Amazon?
I was writing a review on the pc... and it was like 'peepeepeepeepeepeepeepeep'...
And then... like... half of my formatting was gone...
And I was like... 'uhhhnn?'
It.. devoured.. my closing italics tag. It was a really good tag... And then I had to do it again because all of the slashdot readers were like yelling at me about it.
It was kind of...
a bummer.
How do you know that the same guy didn't write the review, and is just re-using it in a couple different places?
Well, considering that you're using it to troll, I'd say I'm pretty accurate.
"Have you wondered about how the magic of wireless networks for PC's happens?"
Duh, it's magic...
Jesus, amazon reposts are becoming more popular than *BSD is dying.
I am half way through reading this book and I have to say it is a very good book! It is well organized and structured. The author spent the first few chapters giving you an intro to networking, what wireless technology is all about, how it is used, all the wireless standards, etc etc. It gets very technical when the author starts talking about the wireless MAC and PHY, but that is sort of expected. The author has written two books before and his style of explaining complicated topics in a fairly easy to understand way is highly appreciated...
In general, I highly recommend this book to anyone interested in learning about wireless technology!!
CMDRTACO CHECK YOUR EMAIL!
Who is getting sloppy with their HTML?
Does it go on forever?
Well there's this plug for the cable(with eight pins instead of 4 for much more speed!), a radio thingy, and lots of little electronical chip things, and they make the wire talk to the air using the antenna. I heard some of them have a little penguin inside to help move the webpages around and deliver my email. Not that complicated, really.
Please help metamoderate.
Its an AC, for crying ou loud. Its not like he is gonna benefit.
Plus you have no proof that its not the original authors posting their own reviews (Slashdotters are supposed to be technically competent.. is it beyond the realm of possiblilties that many of us have read the book and posted reviews on Amazon and want to comment on it here too?).
Get a life.
Really? I read both quickly, I couldn't find the supposed "stolen" review. To be honest, it seems like you're just trying to promote securityworm, especially since you're posting anonymously.
Please help metamoderate.
Its just an AC. Its not going to help his karma.
It is informative - it gives us more info on what the book is.
You people need to get a life. Its not like he is trying to hord karma points to troll or anything. Jesus!
Wow, this review had so many copy/paste trolls it was insane. In any case, remember this: if you can Google up something to copy, we can Google up the original source just as easily. It's not really a good tactic to get karma, they typically get smacked down to -1 before reaching 4.
...
This always makes me curious. Why do some many people feel the need to capitalise MAC (the computer, not an ethernet address) or even APPLE? To be fair I think this is the first instance of the latter I've seen, an apparent extrapolation from wrongly capitalising "Mac". Which in itself shows how widespread and sticky a tendency it is. What gives?
Perhaps the review writer can comment? I find it an interesting bit of characteristic error.
sorry, Daddy....
In tribute to this "Great Book" I submit a great site. Netstumbler.com and Netstumbler.org Forum
I am Bennett Haselton! I am Bennett Haselton!
Most wireless access that I do and my co-workers do is outside the office. Maybe at a Starbucks, at a hotel, or even at home on my couch. The VPN could secure my data going to my office, but what about the data going elsewhere? What about my POP3 password for my personal email account that I just transmitted through the air? A lot of "road warriors" put way too much trust in to their VPN and connect to insecure wireless networks and do very stupid things. A co-worker of mine was confused when he got an email from someone else at his hotel that had his password to his personal pop3 account in it. He asked me "But the VPN was on, how did they get my password?" And personally, I hate the VPN at my office. It's buggy and it's extremely slow. I'd hate to be forced through it if I wanted to go wireless while I was actually sitting inside my office. If VPN was the answer, new standards wouldn't be coming out... but VPN just doesn't cut it for the majority of wireless users.
YHBT YHL HAND, douchebag
do you think the actual purpose is to gain karma? its to fucking create long threads of useless shit to waste your time and waste mod points.
moron
Someone failed to close the i tag in the post for this story.
Rather than succumbing to the hassle of the various emerging authentication schemes, I've had good luck in convincing my clients to deploy their WiFi networks behind a VPN concentrator. (Or in cases where they wanted WiFi internet access for guests, putting the WiFi outside their firewall, and having the corporate users come in through a VPN concentrator.)
This is a far simpler, and equally secure method.
For those that would die defending it, Freedom
has a sweet taste that the protected will never know.
What are you guys using for VPN connectivity?
For those that would die defending it, Freedom
has a sweet taste that the protected will never know.
My belief for securing access points in this day and age is to just make yourself secure enough that the attacker decides that it'd just be easier to look for an unsecured AP. If you have such critical information on your network that you need super-secure wireless access, you probably shouldn't be using wireless in the first place.
Casual war-driving studies have been done in the past, and if I remember correctly, on average 60% of APs that were broadcasting were still in their default out-of-box configuration (no WAP, no MAC filtering, default password for adminstration). If you just enable WAP (please use a good random key generator, folks), and MAC filtering, more than likely it just won't be worth it for somebody to try to break in to access your network.
Also, just in case somebody does break into your AP and does something nasty, this is what the daily logs are for, so enable logging on your AP and back them up to disk regularly. Because, yes, you are responsible what goes through your connection, so you better be able to prove there was unauthorized entry, limiting your liability.
ce n'est pas un Sig.
[...W]e associate our VPN client with a personal firewall, so that when you're VPN-ed in, ALL data flows the VPN to the corporate network before getting out to the internet. So your POP3 password is securely transmitted (over the IPSec tunnel) to the inside, and then goes out from there. Similarly web broswing goes inside, then through our corporate proxy server and then outside.
That's the way to go: Use an encrypted tunnel to work (or home or wherever) and use the site at the other end of the tunnel as your forwarder/proxy for everything.
[...]VPN [rather than other fancy stuff] should [also] be the right answer [for in-building wireless].
Again dead on. In-building wireless doesn't STAY in-building. So treat it like the general internet, put it on the OUTSIDE of your firewall, and secure-tunnel through for access inside.
Option 1: You can treat your APs and the general Internet as TWO separate external nets, both outside your firewall. Then your laptop has to tunnel in and authenticate to make any use of the AP, effectively becoming wired to your lan.
Option 2: You can treat them as ONE outside-the-firewall net, routing packets between them as well as from each to your firewall. Then you become a hot-spot, and visitors (customers, vendors, partners) can also use THEIR laptops to VPN to THEIR private nets (or surf the web B-) ) without having privileges on YOUR local net.
For option 2 you can use WEP as a no-tresspassing sign (post the netname and current password or have them get it from security or their inside contact), set up some other authentication mechanism, or leave your APs open (if you want to do your neighbors a service).
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Nice repost from a story from three days ago.
But in this article it's on topic.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Since this is the textbook for the wireless class I'm taking this semester, it does a good job of explaining things, but sometimes the use of acronyms get in the way. I was advised to read over things more than once in this book. Granted, it's not exactly an advanced class, but I haven't had much trouble with the explanations.
Hi.
It's WEP not WAP. You sound like a wanna be. Just turn off SSID broadcasts, enable WEP (you can get all random if you want but the keys will crack just as easily) do mac filtering with implicit deny. and then put the ap on the other side of a VPN switch or a firewall.
Note, just putting an open AP on the hostile side of firewall or VPN is not good enough as layer 2 net stuff is out in the open and that AP or segment is asking to be hacked.
If you are still worried after checking your logs. (send them to OpenView or you syslog server) Then there are companies willing to charge you alot for wireless intrusion detection systems.
Now. Stop Wapping.
A long time ago I was playing Sega Genesis with my friend. He pointed at the console and said "Do you know how that thing works?" I was in CS at the time, but didn't know the specs of this machine, so I said "No." So he informs me, "There's actually a little computer in there."
word.
Hello Lichen.
Sorry that you're ridiculous copying was found out? Awww too bad.
(If you are not Lichen, then you're fucking blind. Either way, your a tool)
Think nothing is impossible? Try slamming a revolving door.
He had one good point - WEP does have weak keys. So use a keygen that at least checks to make sure you don't have one of the completely trivial weak keys.
It'll make it take longer... still not long enough, but longer.
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
Any book that says "for power users" isn't.
Nathan's blog
Posting this again so peeple will see it: Mods Please delete admin as appropriate.
We noticed a small number of referrals from slashdot and then found this discussion. We often scan our logs for referrals from non-affiliated sites that are not search engines.
As the webmaster for security worm I would just like to make a few points:
A. Amazon Content on Security Worm
Security worms reviews are pulled from Amazon.com with the permission of Amazon. As members of their affliate program, we use their XML technology to integrate the data into our site. Amazon has reviewed our site and not made any complaints.
B. Stolen?
Individuals should not make statements about theft of content without due diligence. In fact content is often legally shared between sites and no acknowledgement is required. The only relevant parties with respect to content relating to the books on our site are Amazon and Security Worm. Accusations of theft by other parties are nothing more than libelous remarks made by uninformed individuals.
C. Plant?
No staff involved with security worm had anything to do with this article on slash dot. If we wanted referrals there are better methods and outlets. For the month to date, the link above has generated a mere 500 referrals to our site or less than 0.2% of the total traffic.
webmaster (at) security (dot) worm