Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "WiFi Security", Stewart S. Miller

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKWIFISC.RVW 20030209 WiFi Security , Stewart S. Miller, 2003, 0-07-141073-2, U$49.95/C$78.95/UK#40.00 %A Stewart S. Miller wifi@itmaven.com %C 300
    Message 1 of 1 , Feb 27, 2003
    • 0 Attachment
      BKWIFISC.RVW 20030209

      "WiFi Security", Stewart S. Miller, 2003, 0-07-141073-2,
      %A Stewart S. Miller wifi@...
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2003
      %G 0-07-141073-2
      %I McGraw-Hill Ryerson/Osborne
      %O U$49.95/C$78.95/UK#40.00 800-565-5758 fax: 905-430-5020
      %O http://www.amazon.com/exec/obidos/ASIN/0071410732/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0071410732/robsladesin03-20
      %P 309 p.
      %T "WiFi Security"

      When a book starts out with a preface that is basically an advertising
      pitch for the author's consulting services, one can be forgiven for
      doubting the author's dedication to the task of informing the
      audience. This work is yet another attempt to jump on a hot topic

      Supposedly chapter one introduces us to the standards for wireless LAN
      security. Instead, the material meanders through an unstructured
      collection of security and wireless topics. The material is limited,
      random, and not particularly informative. Even when dealing with
      strictly technical areas, such as the various types of spread spectrum
      technologies, the text seems to have been lifted wholesale from
      marketing brochures, and fails to explain much of anything. There
      isn't much "Technology Comparison" in chapter two unless we are
      comparing apples and oranges: again there is a haphazard compilation
      of topics, with Bluetooth getting the lion's share of the ink.
      Instead of considering security factors, chapter three lists some
      basic attacks against systems in general. The "issues in wireless
      security" are a little more on topic in chapter four.

      Chapter five mentions a few terms related to the 802.11 family of
      standards. There isn't much about the promised 802.11 security
      infrastructure in chapter six: instead we have another amalgam of
      security problems. Miller demonstrates his limited understanding of
      the technology, in chapter seven, with common mistakes such as the
      comparison of "40" and "128" bit WEP (Wired Equivalent Privacy) keys
      (WEP keys are composed of either 40 or 104 bit base keys concatenated
      with 24 bit initialization vectors, for total lengths of 64 or 128
      bits respectively), so it is no surprise that the analysis of the
      weaknesses of WEP is only half a page long, and misses all the
      fundamental problems.

      Chapter eight is a generic warning that people might snoop on you.
      The authentication topics jump around so much that it is impossible to
      say what chapter nine is really talking about. A number of
      technologies are mentioned, but those discussed together frequently
      come from completely separate protocols or functions. Similarly,
      chapter ten is entitled "Direct Sequence Spread Spectrum," but doesn't
      explain anything about DSSS at all, and isn't even consistent in terms
      of the subject area under discussion. Chapter eleven does stick to
      the topic of equipment issues, but does not provide any useful
      direction to the reader. Cross-platform issues are rather confused,
      in chapter twelve, although there is a reasonable discussion of the
      WEP initialization vector reuse problem--which should have been
      covered in chapter seven. The vulnerabilities listed in chapter
      thirteen constitute another grab bag: since we have been discussing
      wireless LANs throughout the book, why do we now bring up the topic of
      the "WAP (Wireless Access Protocol) gap," which only affects Internet
      enabled cell phones? Chapter fourteen and fifteen mostly duplicate
      content from nine, with a few minor additions. Chapter sixteen
      repeats a lot of other material, adding a tiny bit on risk assessment.
      PDA security issues are reviewed in chapter seventeen. Chapter
      eighteen collects another random assortment of duplicated topics for a
      supposed look to the future.

      This is an arbitrary and disorganized conflation of subjects, with
      very little of value to anyone. There are a few salient and helpful
      facts, which, if brought together, might fill a few pages. However,
      these tidbits are buried in a deluge of impenetrable verbiage,
      designed more to impress the naive reader than to inform anyone.

      copyright, Robert M. Slade, 2003 BKWIFISC.RVW 20030209

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Once, when Sir Isaac Newton was asked how he made all of his
      discoveries, he replied `If I have seen further than others, it
      is by standing on the shoulders of giants.' Today, in the
      programming field, we mostly stand on each other's feet.
      - Richard Wesley Hamming
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.