Home Page Icon
Home Page
Table of Contents for
Dedication
Close
Dedication
by Doherty
Wireless and Mobile Device Security
Cover
Title Page
Copyright
Contents
Dedication
Preface
Acknowledgments
Part One Introduction to Wireless and Mobile Networks
Chapter 1 The Evolution of Data Networks
The Dawn of Data Communication
Early Data Networks
The Internet Revolution
Advances in Personal Computers
Mobile Phones and the Creation of the Other New Network
Computers Go Mobile
The Convergence of Mobile and Data Networks
Business Challenges Addressed by Wireless Networking
IP Mobility
The Impact of Bring Your Own Device
Common Operating Environment
BYOD: An IT Perspective and Policy
The Basic Tenets of Network Security
The Evolution of Cybercrime
Wireless Network Security
Mobile IP Security
Chapter Summary
Key Concepts and Terms
Chapter 1 Assessment
Chapter 2 The Evolution of Wired Networking to Wireless Networking
Networking and the Open System Interconnection Reference Model
The Seven Layers of the OSI Reference Model
Communicating over a Network
The Data Link Layer
The Physical Layer
From Wired to Wireless
The Economic Impact of Wireless Networking
Wireless Networking and the Way People Work
Health Care
Warehousing and Logistics
Retail
General Business and Knowledge Workers
The Wi-Fi Market
How Wi-Fi Affects Developing Nations
The Internet of Things
Chapter Summary
Key Concepts and Terms
Chapter 2 Assessment
Chapter 3 The Mobile Revolution
Introduction to Cellular or Mobile Communication
Cellular Coverage Maps
Frequency Sharing
Cellular Handoff
The Evolution of Mobile Networks
AMPS 1G
GSM and CDMA 2G
GPRS and EDGE
3G Technology
4G and LTE
BYOD and the BlackBerry Effect
The Economic Impact of Mobile IP
The Business Impact of Mobility
Business Use Cases
Any Business Involving the Moving of People or Things
Delivery (Drop Off) Loss Mitigation
Information Dissemination
Enterprise Business Management Applications
Chapter Summary
Key Concepts and Terms
Chapter 3 Assessment
Chapter 4 Security Threats Overview: Wired, Wireless, and Mobile
What to Protect?
General Threat Categories
Confidentiality
Integrity
Availability
Accountability
Nonrepudiation
Threats to Wireless and Mobile Devices
Data Theft Threats
Device Control Threats
System Access Threats
Risk Mitigation
Mitigating the Risk of BYOD
BYOD for Small-to-Medium Businesses
Defense in Depth
Authorization and Access Control
AAA
Information Security Standards
ISO/IEC 27001:2013
ISO/IEC 27002:2013
NIST SP 800-53
Regulatory Compliance
The Sarbanes-Oxley Act
The Gramm-Leach-Bliley Act
The Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act
The Payment Card Industry Data Security Standard
Detrimental Effects of Regulations
Chapter Summary
Key Concepts and Terms
Chapter 4 Assessment
Part Two WLAN Security
Chapter 5 How Do WLANs Work?
WLAN Topologies
Wireless Client Devices
802.11 Service Sets
The 802.11 Standards
802.11 Unlicensed Bands
Narrowband and Spread Spectrum
Multipath
Frequency Hopping Spread Spectrum
Direct Sequence Spread Spectrum
Wireless Access Points
How Does a WAP Work?
WAP Architecture
Wireless Bridges
Wireless Workgroup Bridges
Residential Gateways
Enterprise Gateways
Wireless Antennas
Omnidirectional Antennas
Semi-Directional Antennas
Highly Directional Antennas
MIMO Antennas
Determining Coverage Area
Site Surveys
Spectrum and Protocol Analysis
Chapter Summary
Key Concepts and Terms
Chapter 5 Assessment
Chapter 6 WLAN and IP Networking Threat and Vulnerability Analysis
Types of Attackers
Skilled Versus Unskilled Attackers
Insiders Versus Outsiders
Targets of Opportunity Versus Specific Targets
Scouting for a Targeted Attack
Physical Security and Wireless Networks
Social Engineering
Wardriving
Rogue Access Points
Rogue AP Vulnerabilities
Evil Twins
Bluetooth Vulnerabilities and Threats
Bluejacking
Bluesnarfing
Bluebugging
Is Bluetooth Vulnerable?
Packet Analysis
Wireless Networks and Information Theft
Malicious Data Insertion on Wireless Networks
Denial of Service Attacks
Peer-to-Peer Hacking over Ad Hoc Networks
When an Attacker Gains Unauthorized Control
Chapter Summary
Key Concepts and Terms
Chapter 6 Assessment
Chapter 7 Basic WLAN Security Measures
Design and Implementation Considerations for Basic Security
Radio Frequency Design
Equipment Configuration and Placement
Interoperability and Layering
Security Management
Authentication and Access Restriction
SSID Obfuscation
MAC Filters
Authentication and Association
VPN over Wireless
Virtual Local Area Networks
Data Protection
Wired Equivalent Privacy
Wi-Fi Protected Access
Wi-Fi Protected Access 2
Ongoing Management Security Considerations
Firmware Upgrades
Physical Security
Periodic Inventory
Identifying Rogue WLANs/Wireless Access Points
Chapter Summary
Key Concepts and Terms
Chapter 7 Assessment
Chapter 8 Advanced WLAN Security Measures
Establishing and Enforcing a Comprehensive Security Policy
Centralized Versus Distributed Design and Management
Remote Access Policies
Guest Policies
Quarantining
Compliance Considerations
Employee Training and Education
Implementing Authentication and Access Control
Extensible Authentication Protocol
Remote Authentication Dial-In User Service
Intrusion Detection Systems and Intrusion Prevention Systems
Protocol Filtering
Authenticated Dynamic Host Configuration Protocol
Data Protection
WPA2 Personal and Enterprise Modes
Internet Protocol Security
Virtual Private Networks
Malware and Application Security
User Segmentation
Virtual Local Area Networks
Guest Access and Passwords
Demilitarized Zone Segmentation
Managing Network and User Devices
Simple Network Management Protocol Version 3
Discovery Protocols
IP Services
Coverage Area and Wi-Fi Roaming
Client Security Outside the Perimeter
Device Management and Use Logons
Hard Drive Encryption
Quarantining
Chapter Summary
Key Concepts and Terms
Chapter 8 Assessment
Chapter 9 WLAN Auditing Tools
WLAN Discovery Tools
NetStumbler and InSSIDer
Kismet
HeatMapper
Penetration Testing Tools
Metasploit
Security Auditor’s Research Assistant
Password-Capture and Decryption Tools
Network Enumerators
Network Management and Control Tools
Wireless Protocol Analyzers
Aircrack-ng
Airshark
Network Management System
WLAN Hardware Audit Tools and Antennas
Hardware Audit Tools
Antennas
Attack Tools and Techniques
Radio Frequency Jamming
Denial of Service
Hijacking Devices
Hijacking a Session
Network Utilities
Chapter Summary
Key Concepts and Terms
Chapter 9 Assessment
Chapter 10 WLAN and IP Network Risk Assessment
Risk Assessment
Risk Assessment on WLANs
Other Types of Risk Assessment
IT Security Management
Methodology
Legal Requirements
Other Justifications for Risk Assessments
Security Risk Assessment Stages
Planning
Information Gathering
Risk Analysis
Identifying and Implementing Controls
Monitoring
Security Audits
Chapter Summary
Key Concepts and Terms
Chapter 10 Assessment
Part Three Mobile Security
Chapter 11 Mobile Communication Security Challenges
Mobile Phone Threats and Vulnerabilities
Exploits, Tools, and Techniques
Google Android Security Challenges
Criticism of Android
Android Exploitation Tools
Android Security Architecture
Android Application Architecture
Google Play
Apple iOS Security Challenges
Apple iOS Exploits
Apple iOS Architecture
The App Store
Windows Phone Security Challenges
Windows Phone OS Exploits
Windows Phone Security Architecture
Windows Phone Architecture
Windows Store
Chapter Summary
Key Concepts and Terms
Chapter 11 Assessment
Chapter 12 Mobile Device Security Models
Google Android Security
The Android Security Model
The Android Sandbox
File-System Permissions
Android SDK Security Features
Rooting and Unlocking Devices
Android Permission Model
Apple iOS Security
The Apple Security Model
Application Provenance
iOS Sandbox
Security Concerns
Permission-Based Access
Encryption
Jailbreaking iOS
Windows Phone 8 Security
Platform Application Security
Security Features
Secure Boot
System App Integrity
Securing Apps
Windows Phone Security Issues
Security Challenges of Handoff-Type Features
BYOD and Security
Security Using Enterprise Mobility Management
Mobile Device Management
Mobile Application Management
Chapter Summary
Key Concepts and Terms
Chapter 12 Assessment
Chapter 13 Mobile Wireless Attacks and Remediation
Scanning the Corporate Network for Mobile Attacks
Security Awareness
Scanning the Network: What to Look For
Scanning for Vulnerabilities
The Kali Linux Security Platform
Scanning with Airodump-ng
Client and Infrastructure Exploits
Client-Side Exploits
Other USB Exploits
Network Impersonation
Network Security Protocol Exploits
RADIUS Impersonation
Public Certificate Authority Exploits
Developer Digital Certificates
Browser Application and Phishing Exploits
Captive Portals
Drive-By Browser Exploits
Mobile Software Exploits and Remediation
Weak Server-Side Security
Unsecure Data Storage
Insufficient Transport Layer Protection
Unintended Data Leakage
Poor Authorization and Authentication
Broken Cryptography
Client-Side Injection
Security Decisions via Untrusted Inputs
Improper Session Handling
Lack of Binary Protections
Chapter Summary
Key Concepts and Terms
Chapter 13 Assessment
Chapter 14 Fingerprinting Mobile Devices
Is Fingerprinting a Bad or a Good Thing?
Types of Fingerprinting
Network Scanning and Proximity Fingerprinting
Online or Remote Fingerprinting
Fingerprinting Methods
Passive Fingerprinting
Active Fingerprinting
Unique Device Identification
Apple iOS
Android
HTTP Headers
New Methods of Mobile Fingerprinting
Spyware for Mobile Devices
Spy Software
Spy Cells: Stingray
Chapter Summary
Key Concepts and Terms
Chapter 14 Assessment
Chapter 15 Mobile Malware and Application-Based Threats
Malware on Android Devices
Criminal and Developer Collaboration
Madware
Excessive Application Permissions
Malware on Apple iOS Devices
Malware on Windows Phone Devices
Mobile Malware Delivery Methods
Mobile Malware and Social Engineering
Captive Portals
Drive-By Attacks
Clickjacking
Likejacking
Plug-and-Play Scripts
Mitigating Mobile Browser Attacks
Mobile Malware Defense
Mobile Device Management
Penetration Testing and Smartphones
Chapter Summary
Key Concepts and Terms
Chapter 15 Assessment
Appendix A Answer Key
Appendix B Standard Acronyms
Glossary of Key Terms
References
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Contents
Next
Next Chapter
Preface
To Katie, Samantha, and Conor
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset