Wireless networks are becoming an increasingly important part of the communication infrastructure, enabling mission critical applications, and transmitting crucial payloads. As the role of wireless networks grows, the issue of security begins to get a lot of attention. This book is one of those books that will be welcomed by security professionals who are interested in a coherent picture of security in wireless and fixed networks. The book grew out of a lecture course that the author has taught since 2000. It pays equal attention to the security of data transmission and communication infrastructure, the basics necessary to understand the subject, and advanced material. The book contains 17 chapters, in three parts (foundations of data security, network security, and mobile security), moving from the fundamentals of security (typology of threats, cryptography, and access control) to network security protocols, and on to applications, such as firewalls. The concluding part addresses wireless security issues in local area networks (LANs) and wide area networks (WANs), and also provides details on such important topics as mobile authentication.

The first part begins with the introduction, which lays out the structure of the book, and discusses the threats that security technologies need to combat. From the definition to types of threats viewed from different points of view, the author guides us to an understanding of the formidable task that security practitioners have to face. The chapter concludes with the typology of the attacks, and the controls that need to be in place to protect an organization. The introduction is written in simple terms, and will be understandable to beginners, but it will also be useful to seasoned technologists, because it will allow them to organize the elements of knowledge and best practices into a consistent picture.

Chapter 2 describes the basics of cryptology. It starts with an explanation of terms necessary to understand the material, and talks about the essence of key management, then moves beyond the fundamentals, addressing, again in simple terms, more advanced issues such as cryptographic analysis. Chapter 3 focuses on symmetric cryptography. It concentrates on block ciphers, and explains the most common algorithms used in practice: data encryption standard (DES), Rivest cipher 4 (RC4), and advanced encryption standard (AES). Chapter 4 moves to asymmetric cryptography, focusing on its basic idea and mathematical principles, and covering the RSA, Diffie-Hellman, and El Gamal algorithms. As with the previous chapters, the material is appropriate for a beginner, but quite useful for an experienced reader because of the very clever structure of the book in general: it contains fundamental information about the topic, alongside more sophisticated chapters that demonstrate applications of the material described.

Chapter 5 addresses cryptographic check value, an important topic that is rarely covered in detail in books on security basics. The chapter discusses message authentication codes (MACs) and modification detection codes (MDCs), and provides a thorough explanation of the hash functions. It includes information on secure hash algorithm 1 (SHA1), message-digest algorithm 5 (MD5), and hybrid schemes, based on both MDCs and MACs. It also touches upon possible attacks on MDCs. Chapter 6 explains various aspects of random number generation, such as random number generation algorithms, and statistical tests for random numbers. Since generation of a random number is a requirement for several security-related protocols, it is an important issue that is frequently overlooked in security textbooks. Chapter 7 talks about some cryptographic protocols. After explaining the concept of a protocol, the author covers Needham-Schroeder, X.509, and kerberos in more detail. The chapter also contains a few sections focusing on validation methods for cryptographic protocols. Chapter 8 is about access control, and contains information about access control policies and access control mechanisms, such as access control list (ACL) or role-based access control. It is an unusual and interesting way to speak about this topic. This chapter concludes the first part of the book.

Part 2, on network security, starts with a chapter on integrating security services into communication architectures. The author contends that a good plan is necessary to define pragmatic architectures linking application and network security. The placement of security services can vary, depending on the goals of the administrators and specific vulnerabilities; they can be integrated into low-level protocols, or end system, or any intermediary point in between. Chapter 10 discusses link layer protocols. The term is currently used to denote the second Open Systems Interconnect (OSI) layer, but this approach does not reflect current communication architecture, and the author provides a broader view of the subject. The chapter discusses several currently used protocols: IEEE 802.1x, describing access control; serial line Internet protocol (SLIP) and point-to-point protocol (PPP), used for point-to-point connectivity; point-to-point tunneling protocol (PPTP) for tunneling; and, in a general way, virtual private network (VPN). PPP receives the most attention, since the author provides a detailed description of the authentication and encryption, as well of as other aspects of the protocol.

Chapter 11 focuses on the Internet protocol security (IPSec) architecture. It starts by defining the place of transmission control protocol/Internet protocol (TCP/IP) within a networked application framework, and then provides a thorough overview of the IPSec architecture, and a good description of transport and tunnel modes. The chapter further explains protocols that are part of the IPSec architecture, such as Internet key exchange, authentication header (AH), and encapsulating security payload (ESP). Chapter 12 analyzes transport layer security protocols: secure sockets layer (SSL); its successor, transport layer security (TLS); and secure shell (SSH). The author gives a lot of attention to the essential components of SSL/TLS, such as authentication and handshake protocols, and processes for the negotiation of the session keys. Component protocols of SSH, such as SSH transport, client, and server authentication, are described in detail. Chapter 13, which concludes Part 2, addresses firewall navigation for the various access modes and protocols described in earlier chapters. The chapter links firewall architectures and the specifics of various kinds of firewalls (such as packet filtering and proxy) with the protocols used for traversal, thus putting the materials studied so far in practical context. However, the types of firewalls, and the specifics of their functionality, are only minimally covered, and readers will need additional resources to understand the implications of this chapter completely.

Part 3 covers secure wireless and mobile communications. Chapter 14 describes the specifics of mobile communication, focusing on security threats and medium-specific ways to achieve protection, such as temporary pseudonyms and communication mixes. This is interesting material, but it will need to be extended via other sources in order to achieve a complete understanding of the topic. Chapter 15 is about wireless local area network (WLAN) security. It starts with an explanation of the IEEE 802.11 standard, proceeds to describe the wireless equivalent privacy (WEP) protocol, and concludes with a brief overview of other measures that could be used to secure IEEE 802.11 environments. Chapter 16 discusses security in wireless WANs, specifically in the global system for mobile communication (GSM) and universal mobile telecommunications service (UMTS) 99 infrastructures. The final chapter addresses security concerns in mobile Internet communications, discussing security issues in mobile IP, specifically about authentication. The book concludes with an extensive bibliography.

This book will be an excellent source of information, for both beginners and experienced network security professionals. For novice audiences, the book will provide a coherent picture of the standards and technologies involved in data and network security. For practitioners, it will be useful in helping them put what they already know into a logical framework, to provide a foundation for further research, or for planning for end-to-end security.