<< 1 >>
Rating: 
Summary: Security for wireless, wireless for security
Review: The best way to describe this excellent book is "security for wireless
people, wireless for security people". Being of the latter category
and not having been in close touch with wireless security issues, I
appreciated an intro into wireless technologies. In addition, the
intro highlighted security issues of each of the major wireless
technologies, quickly gaining ground in today's enterprise: 802.11*,
WAP, GPRS, Bluetooth. The book also covers how those technologies are
implemented in hardware, such as cell phones, PDAs and PC wireless
network cards.The book also cover many principles of security design, that will
probably be very useful for wireless technologists. The distinctive
feature of the book is extensive coverage of the I-ADD process:
[I]dentify targets and roles, [A]nalyze attacks and countermeasures,
then [D]efine a strategy and [D]esign your secure system. The process
is run for the wireless system design in great detail. Another advantage of the book is its breadth of coverage. It is indeed
achieved at the cost of depth, but the book's purpose is to
familiarize the reader with wireless security (not to make an expert!)
and the book does fulfill this goal beautifully. The book boasts easy to follow writing style. Its not a "must have"
unless you are starting to get involved with wireless security, but
simply a good book to have for every security professional. Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major
information security company. In his spare time he maintains his
security portal info-secure.org.
Rating:
Summary: Security for wireless, wireless for security
Review: The best way to describe this excellent book is "security for wireless
people, wireless for security people". Being of the latter category
and not having been in close touch with wireless security issues, I
appreciated an intro into wireless technologies. In addition, the
intro highlighted security issues of each of the major wireless
technologies, quickly gaining ground in today's enterprise: 802.11*,
WAP, GPRS, Bluetooth. The book also covers how those technologies are
implemented in hardware, such as cell phones, PDAs and PC wireless
network cards. The book also cover many principles of security design, that will
probably be very useful for wireless technologists. The distinctive
feature of the book is extensive coverage of the I-ADD process:
[I]dentify targets and roles, [A]nalyze attacks and countermeasures,
then [D]efine a strategy and [D]esign your secure system. The process
is run for the wireless system design in great detail. Another advantage of the book is its breadth of coverage. It is indeed
achieved at the cost of depth, but the book's purpose is to
familiarize the reader with wireless security (not to make an expert!)
and the book does fulfill this goal beautifully. The book boasts easy to follow writing style. Its not a "must have"
unless you are starting to get involved with wireless security, but
simply a good book to have for every security professional. Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major
information security company. In his spare time he maintains his
security portal info-secure.org.
Rating:
Summary: Very good at providing the tools you need.
Review: The book provides the tools and process to analyze your own system, and gives you the right questions to ask of others. I found it very informative. The technical details are already becoming outdated and some of the lists get pretty long, but the process and basic information is very useful and the lists show that this can get fairly complicated if you do not take a structured approach. I recommend it to anyone interested in wireless security, privacey, or security in general.
Rating:
Summary: Great Book
Review: The book was easy to read, and covered a lot of ground. I think it would be great for developers, security personnel, and managers alike. I would like to see another book further detailing the I-ADD process, I think it would have wide applicability in other areas as well.
Rating: 
Summary: Needs To Focus On Wireless Issues
Review: The title of a book needs to be a contract the authors make with the reader. This book is an introduction to wireless with a general coverage of security and a privacy chapter glommed on dressed up as a wireless book. Wireless is such a complex and important issue, that is just wrong to do. The afterword, the future of wireless is essentially content free. The book is well written, well researched, uses layout and illustrations well and if you are a novice to information security is probably worth hauling on the plane to read. However, even then beware, one of the major topics appears to be invented by the authors and is passed on as security craft. The I-ADD section is a feature of the book. I had never heard of I-ADD and I do not have a life, all I do is information security. I tried to look it up with google, no results at least through the 3rd page. I wrote ten of my friends in the field, no hits. I tried to look it up in the "bible", Dr. Matt Bishop's 1,000 page, five years in the making, Computer Security Art and Science. I went through Wireless Security and Privacy's bibliography and while there might be a reference I missed, it certainly is not supported to the degree it should be to be so strongly featured in the book. I completely agree that we need thought models to help understand the complex issues of information security, but it would be much more appropriate to use something standard such as Plan Do Check Act (PDCA) from BS7799/ISO-17799. If you are in the risk management business, the targets and roles that are enumerated in chapter 9 could be worth the price of the book for your trade. In general, if you are interested in wireless, I would pass on this one, but there is another book by the same major publisher, Pearson Press, How Secure Is Your Wireless Network? by Lee Barkin that is worth a look.
Rating:
Summary: Needs To Focus On Wireless Issues
Review: The title of a book needs to be a contract the authors make with the reader. This book is an introduction to wireless with a general coverage of security and a privacy chapter glommed on dressed up as a wireless book. Wireless is such a complex and important issue, that is just wrong to do. The afterword, the future of wireless is essentially content free. The book is well written, well researched, uses layout and illustrations well and if you are a novice to information security is probably worth hauling on the plane to read. However, even then beware, one of the major topics appears to be invented by the authors and is passed on as security craft. The I-ADD section is a feature of the book. I had never heard of I-ADD and I do not have a life, all I do is information security. I tried to look it up with google, no results at least through the 3rd page. I wrote ten of my friends in the field, no hits. I tried to look it up in the "bible", Dr. Matt Bishop's 1,000 page, five years in the making, Computer Security Art and Science. I went through Wireless Security and Privacy's bibliography and while there might be a reference I missed, it certainly is not supported to the degree it should be to be so strongly featured in the book. I completely agree that we need thought models to help understand the complex issues of information security, but it would be much more appropriate to use something standard such as Plan Do Check Act (PDCA) from BS7799/ISO-17799. If you are in the risk management business, the targets and roles that are enumerated in chapter 9 could be worth the price of the book for your trade. In general, if you are interested in wireless, I would pass on this one, but there is another book by the same major publisher, Pearson Press, How Secure Is Your Wireless Network? by Lee Barkin that is worth a look.
<< 1 >>
| 
