BKWIFISC.RVW 20030209 "WiFi Security", Stewart S. Miller, 2003, 0-07-141073-2, U$49.95/C$78.95/UK#40.00 %A Stewart S. Miller wifi@itmaven.com %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 2003 %G 0-07-141073-2 %I McGraw-Hill Ryerson/Osborne %O U$49.95/C$78.95/UK#40.00 800-565-5758 fax: 905-430-5020 %O http://www.amazon.com/exec/obidos/ASIN/0071410732/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0071410732/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0071410732/robsladesin03-20 %P 309 p. %T "WiFi Security" When a book starts out with a preface that is basically an advertising pitch for the author's consulting services, one can be forgiven for doubting the author's dedication to the task of informing the audience. This work is yet another attempt to jump on a hot topic bandwagon. Supposedly chapter one introduces us to the standards for wireless LAN security. Instead, the material meanders through an unstructured collection of security and wireless topics. The material is limited, random, and not particularly informative. Even when dealing with strictly technical areas, such as the various types of spread spectrum technologies, the text seems to have been lifted wholesale from marketing brochures, and fails to explain much of anything. There isn't much "Technology Comparison" in chapter two unless we are comparing apples and oranges: again there is a haphazard compilation of topics, with Bluetooth getting the lion's share of the ink. Instead of considering security factors, chapter three lists some basic attacks against systems in general. The "issues in wireless security" are a little more on topic in chapter four. Chapter five mentions a few terms related to the 802.11 family of standards. There isn't much about the promised 802.11 security infrastructure in chapter six: instead we have another amalgam of security problems. Miller demonstrates his limited understanding of the technology, in chapter seven, with common mistakes such as the comparison of "40" and "128" bit WEP (Wired Equivalent Privacy) keys (WEP keys are composed of either 40 or 104 bit base keys concatenated with 24 bit initialization vectors, for total lengths of 64 or 128 bits respectively), so it is no surprise that the analysis of the weaknesses of WEP is only half a page long, and misses all the fundamental problems. Chapter eight is a generic warning that people might snoop on you. The authentication topics jump around so much that it is impossible to say what chapter nine is really talking about. A number of technologies are mentioned, but those discussed together frequently come from completely separate protocols or functions. Similarly, chapter ten is entitled "Direct Sequence Spread Spectrum," but doesn't explain anything about DSSS at all, and isn't even consistent in terms of the subject area under discussion. Chapter eleven does stick to the topic of equipment issues, but does not provide any useful direction to the reader. Cross-platform issues are rather confused, in chapter twelve, although there is a reasonable discussion of the WEP initialization vector reuse problem--which should have been covered in chapter seven. The vulnerabilities listed in chapter thirteen constitute another grab bag: since we have been discussing wireless LANs throughout the book, why do we now bring up the topic of the "WAP (Wireless Access Protocol) gap," which only affects Internet enabled cell phones? Chapter fourteen and fifteen mostly duplicate content from nine, with a few minor additions. Chapter sixteen repeats a lot of other material, adding a tiny bit on risk assessment. PDA security issues are reviewed in chapter seventeen. Chapter eighteen collects another random assortment of duplicated topics for a supposed look to the future. This is an arbitrary and disorganized conflation of subjects, with very little of value to anyone. There are a few salient and helpful facts, which, if brought together, might fill a few pages. However, these tidbits are buried in a deluge of impenetrable verbiage, designed more to impress the naive reader than to inform anyone. copyright, Robert M. Slade, 2003 BKWIFISC.RVW 20030209