Wireless and Mobile Device Security, 2nd Edition

Release Date: 2021/03/01

ISBN: 9781284211733

Topic:

26
Chapters

0-1
Hours read

0k
Total Words

    Start Reading Now    
       Add to Wishlist       
View table of contents

Table of Contents

1. Cover
2. Title Page
3. Copyright Page
4. Dedication
5. Contents
6. Preface
7. Acknowledgments
8. About the Author
9. CHAPTER 1 The Evolution of Data and Wireless Networks
   1. The Dawn of Data Communication
   2. Early Data Networks
   3. The Internet Revolution
   4. Advances in Personal Computers
   5. Networking and the Open Systems Interconnection Reference Model
   6. The Seven Layers of the OSI Reference Model
   7. Communicating over a Network
   8. IP Addressing
   9. Data Link Layer
   10. Physical Layer
   11. From Wired to Wireless
   12. Business Challenges Addressed by Wireless Networking
   13. The Economic Impact of Wireless Networking
   14. Wireless Networking and the Way People Work
   15. The Wi-Fi Market
   16. IP Mobility
   17. The Internet of Things
   18. CHAPTER SUMMARY
   19. KEY CONCEPTS AND TERMS
   20. CHAPTER 1 ASSESSMENT
10. CHAPTER 2 The Mobile Revolution
    1. Introduction to Cellular (Mobile Communication)
    2. Cellular Coverage Maps
    3. Cellular Handoff
    4. The Evolution of Mobile Networks
    5. AMPS 1G
    6. GSM and CDMA 2G
    7. GPRS and Edge 2G+
    8. 3G Technology
    9. 4G and LTE
    10. 5G
    11. The BlackBerry Effect and the BYOD Revolution
    12. The Economic Impact of Mobile IP
    13. The Business Impact of Mobility
    14. Business Use Cases
    15. CHAPTER SUMMARY
    16. KEY CONCEPTS AND TERMS
    17. CHAPTER 2 ASSESSMENT
11. CHAPTER 3 Anywhere, Anytime, on Anything: “There’s an App for That!”
    1. Anywhere, Anytime, on Anything
    2. Convenience Trumps Security
    3. Always Connected, Always On
    4. The Rise of the Mobile Workforce
    5. From Castle-and-Moat toward Zero Trust
    6. The Mobile Cloud
    7. Mobile Cloud Computing
    8. Cloud Apps versus Native Mobile Apps
    9. Deploying Wireless: Different Strokes for Different Folks
    10. The Industrial Internet of Things
    11. IoT Wireless Technologies
    12. Wireless Communication Technologies
    13. Bluetooth Low Energy
    14. Zigbee IP
    15. Z-Wave
    16. RFID
    17. NFC
    18. Thread
    19. 6LoWPAN
    20. Cloud VPNS, WANs, and Interconnects
    21. Free Space Optics
    22. WiMAX
    23. vSAT
    24. SD-WAN
    25. WAN Technologies for IoT
    26. Sigfox
    27. LoRaWAN
    28. Low-Power Wi-Fi (HaLow)
    29. Millimeter Radio
    30. Private LTE Networks
    31. Wireless Network Security
    32. Lingering Security Issues
    33. Mobile IP Security
    34. CHAPTER SUMMARY
    35. KEY CONCEPTS AND TERMS
    36. CHAPTER 3 ASSESSMENT
12. CHAPTER 4 Security Threats Overview: Wired, Wireless, and Mobile
    1. What to Protect?
    2. General Threat Categories
    3. Confidentiality
    4. Integrity
    5. Availability
    6. Accountability
    7. Nonrepudiation
    8. Threats to Wireless and Mobile Devices
    9. Data Theft Threats
    10. Device Control Threats
    11. System Access Threats
    12. Risk Mitigation
    13. Mitigating the Risk of BYOD
    14. BYOD for Small-to-Medium Businesses
    15. Defense in Depth
    16. Authorization and Access Control
    17. AAA
    18. Information Security Standards
    19. ISO/IEC 27001:2013
    20. ISO/IEC 27002:2013
    21. NIST SP 800-53
    22. Regulatory Compliance
    23. The Sarbanes–Oxley Act
    24. The Gramm–Leach–Bliley Act
    25. The Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act
    26. The Payment Card Industry Data Security Standard
    27. GDPR & CCPA
    28. Detrimental Effects of Regulations
    29. CHAPTER SUMMARY
    30. KEY CONCEPTS AND TERMS
    31. CHAPTER 4 ASSESSMENT
13. CHAPTER 5 How Do WLANs Work?
    1. WLAN Topologies
    2. ISM Unlicensed Spectrum
    3. WLAN Anatomy
    4. Wireless Client Devices
    5. 802.11 Service Sets
    6. The 802.11 Standards
    7. New Wi-Fi Alliance Naming System
    8. 802.11 Unlicensed Bands
    9. Narrowband and Spread Spectrum
    10. Multipath
    11. Frequency Hopping Spread Spectrum
    12. Direct Sequence Spread Spectrum
    13. Wireless Access Points
    14. How Does a WAP Work?
    15. WAP Architecture
    16. Wireless Bridges
    17. Wireless Workgroup Bridges
    18. Residential Gateways
    19. Enterprise Gateways
    20. Wireless Antennas
    21. Omnidirectional Antennas
    22. Semi-Directional Antennas
    23. Highly Directional Antennas
    24. MIMO Antennas
    25. Determining Coverage Area
    26. Site Surveys
    27. Spectrum and Protocol Analysis
    28. CHAPTER SUMMARY
    29. KEY CONCEPTS AND TERMS
    30. CHAPTER 5 ASSESSMENT
14. CHAPTER 6 WLAN and IP Networking Threat and Vulnerability Analysis
    1. Types of Attackers
    2. Skilled versus Unskilled Attackers
    3. Insiders versus Outsiders
    4. Targets of Opportunity versus Specific Targets
    5. Scouting for a Targeted Attack
    6. Physical Security and Wireless Networks
    7. Social Engineering
    8. Wardriving
    9. Rogue Access Points
    10. Rogue Access Point Vulnerabilities
    11. Evil Twins
    12. Bluetooth Vulnerabilities and Threats
    13. Bluetooth Versions
    14. Revisions Compared
    15. Bluetooth Pairing
    16. Bluejacking
    17. Bluesnarfing
    18. Bluebugging
    19. Is Bluetooth Vulnerable?
    20. Packet Analysis
    21. Wireless Networks and Information Theft
    22. Malicious Data Insertion on Wireless Networks
    23. Denial of Service Attacks
    24. Peer-to-Peer Hacking over Ad Hoc Networks
    25. When an Attacker Gains Unauthorized Control
    26. CHAPTER SUMMARY
    27. KEY CONCEPTS AND TERMS
    28. CHAPTER 6 ASSESSMENT
15. CHAPTER 7 Basic WLAN Security Measures
    1. Design and Implementation Considerations for Basic Security
    2. Radio Frequency Design
    3. Equipment Configuration and Placement
    4. Interoperability and Layering
    5. Security Management
    6. Basic Security Best Practices
    7. Authentication and Access Restriction
    8. SSID Obfuscation
    9. MAC Filters
    10. Authentication and Association
    11. VPN over Wireless
    12. Virtual Local Area Networks
    13. Data Protection
    14. Wired Equivalent Privacy
    15. Wi-Fi Protected Access
    16. Wi-Fi Protected Access 2
    17. WPA2 with AES
    18. WPA2 with CCMP
    19. Order of Preference for Wi-Fi Data Protection
    20. WPA3
    21. Ongoing Management Security Considerations
    22. Firmware Upgrades
    23. Physical Security
    24. Periodic Inventory
    25. Identifying Rogue WLANs/Wireless Access Points
    26. CHAPTER SUMMARY
    27. KEY CONCEPTS AND TERMS
    28. CHAPTER 7 ASSESSMENT
16. CHAPTER 8 Advanced WLAN Security Measures
    1. Establishing and Enforcing a Comprehensive Security Policy
    2. Centralized versus Distributed Design and Management
    3. Remote Access Policies
    4. Guest Policies
    5. Quarantining
    6. Compliance Considerations
    7. Employee Training and Education
    8. Implementing Authentication and Access Control
    9. Extensible Authentication Protocol
    10. Remote Authentication Dial-In User Service
    11. Intrusion Detection Systems and Intrusion Prevention Systems
    12. Protocol Filtering
    13. Authenticated Dynamic Host Configuration Protocol
    14. Data Protection
    15. WPA2 Personal and Enterprise Modes
    16. WPA3
    17. Internet Protocol Security
    18. Virtual Private Networks
    19. Malware and Application Security
    20. User Segmentation
    21. Virtual Local Area Networks
    22. Guest Access and Passwords
    23. Demilitarized Zone Segmentation
    24. Managing Network and User Devices
    25. Simple Network Management Protocol Version 3
    26. Discovery Protocols
    27. IP Services
    28. Coverage Area and Wi-Fi Roaming
    29. Client Security Outside the Perimeter
    30. Device Management and User Logons
    31. Hard Drive Encryption
    32. Quarantining
    33. Wi-Fi as a Service
    34. CHAPTER SUMMARY
    35. KEY CONCEPTS AND TERMS
    36. CHAPTER 8 ASSESSMENT
17. CHAPTER 9 WLAN Auditing Tools
    1. WLAN Discovery Tools
    2. Enterprise Wi-Fi Audit Tools
    3. HeatMapper
    4. Penetration Testing Tools
    5. Metasploit
    6. Security Auditor’s Research Assistant
    7. Password-Capture and Decryption Tools
    8. Network Enumerators
    9. Network Management and Control Tools
    10. Wireless Protocol Analyzers
    11. Aircrack-ng
    12. Airshark
    13. Network Management System
    14. WLAN Hardware Audit Tools and Antennas
    15. Hardware Audit Tools
    16. Antennas
    17. Attack Tools and Techniques
    18. Radio Frequency Jamming
    19. Denial of Service
    20. Hijacking Devices
    21. Hijacking a Session
    22. Network Utilities
    23. CHAPTER SUMMARY
    24. KEY CONCEPTS AND TERMS
    25. CHAPTER 9 ASSESSMENT
18. CHAPTER 10 WLAN and IP Network Risk Assessment
    1. Risk Assessment
    2. Risk Assessment on WLANs
    3. Other Types of Risk Assessment
    4. IT Security Management
    5. Methodology
    6. Legal Requirements
    7. Other Justifications for Risk Assessments
    8. Security Risk Assessment Stages
    9. Planning
    10. Information Gathering
    11. Risk Analysis
    12. Identifying and Implementing Controls
    13. Monitoring
    14. Security Audits
    15. CHAPTER SUMMARY
    16. KEY CONCEPTS AND TERMS
    17. CHAPTER 10 ASSESSMENT
19. CHAPTER 11 Mobile Communication Security Challenges
    1. Mobile Phone Threats and Vulnerabilities
    2. Exploits, Tools, and Techniques
    3. Google Android Security Challenges
    4. Criticism of Android
    5. Android Exploitation Tools
    6. Android Security Architecture
    7. Android Application Architecture
    8. Google Play
    9. Apple iOS Security Challenges
    10. Apple iOS Exploits
    11. Apple iOS Architecture
    12. The App Store
    13. Windows Phone Security Challenges
    14. Windows Phone OS Exploits
    15. Windows Phone Security Architecture
    16. Windows Phone Architecture
    17. Windows Store
    18. CHAPTER SUMMARY
    19. KEY CONCEPTS AND TERMS
    20. CHAPTER 11 ASSESSMENT
20. CHAPTER 12 Mobile Device Security Models
    1. Google Android Security
    2. The Android Security Model
    3. The Android Sandbox
    4. File-System Permissions
    5. Android SDK Security Features
    6. Rooting and Unlocking Devices
    7. Android Permission Model
    8. Apple iOS Security
    9. The Apple Security Model
    10. Application Provenance
    11. iOS Sandbox
    12. Security Concerns
    13. Permission-Based Access
    14. Encryption
    15. Jailbreaking iOS
    16. Windows Phone 8 Security
    17. Platform Application Security
    18. Security Features
    19. iOS and Android Evolution
    20. Android Version Evolution
    21. Apple iOS
    22. Security Challenges of Handoff-Type Features
    23. BYOD and Security
    24. Security Using Enterprise Mobility Management
    25. Mobile Device Management
    26. Mobile Application Management
    27. CHAPTER SUMMARY
    28. KEY CONCEPTS AND TERMS
    29. CHAPTER 12 ASSESSMENT
21. CHAPTER 13 Mobile Wireless Attacks and Remediation
    1. Scanning the Corporate Network for Mobile Attacks
    2. Security Awareness
    3. Scanning the Network: What to Look For
    4. Scanning for Vulnerabilities
    5. The Kali Linux Security Platform
    6. Scanning with Airodump-ng
    7. Client and Infrastructure Exploits
    8. Client-Side Exploits
    9. Other USB Exploits
    10. Network Impersonation
    11. Network Security Protocol Exploits
    12. RADIUS Impersonation
    13. Public Certificate Authority Exploits
    14. Developer Digital Certificates
    15. Browser Application and Phishing Exploits
    16. Drive-By Browser Exploits
    17. Mobile Software Exploits and Remediation
    18. Weak Server-Side Security
    19. Unsecure Data Storage
    20. Insufficient Transport Layer Protection
    21. Data Leakage
    22. Poor Authorization and Authentication
    23. Broken Cryptography
    24. Client-Side Injection
    25. Security Decisions via Untrusted Inputs
    26. Improper Session Handling
    27. Lack of Binary Protections
    28. CHAPTER SUMMARY
    29. KEY CONCEPTS AND TERMS
    30. CHAPTER 13 ASSESSMENT
22. CHAPTER 14 Fingerprinting Mobile Devices
    1. Is Fingerprinting a Bad or a Good Thing?
    2. Types of Fingerprinting
    3. Network Access Control and Endpoint Fingerprinting
    4. Network Scanning and Proximity Fingerprinting
    5. Online or Remote Fingerprinting
    6. Cookies
    7. Cross-Site Profiling
    8. Fingerprinting Methods
    9. Passive Fingerprinting
    10. Examining TCP/IP Headers
    11. Application Identification
    12. Active Fingerprinting
    13. Unique Device Identification
    14. Apple iOS
    15. Android
    16. HTTP Headers
    17. New Methods of Mobile Fingerprinting
    18. JavaScript
    19. Fingerprinting Users
    20. Fingerprinting Users via Biometrics
    21. Spyware for Mobile Devices
    22. Spy Software
    23. Spy Cells: Stingray
    24. Fingerprinting on Modern Cellular Networks
    25. MNmap
    26. Man-in-the-Middle Attack
    27. CHAPTER SUMMARY
    28. KEY CONCEPTS AND TERMS
    29. CHAPTER 14 ASSESSMENT
23. CHAPTER 15 Mobile Malware and Application-Based Threats
    1. Malware on Android Devices
    2. Software Fragmentation
    3. Criminal and Developer Collaboration
    4. Madware
    5. Excessive Application Permissions
    6. Malware on Apple iOS Devices
    7. Mobile Malware Delivery Methods
    8. Mobile Malware and Social Engineering
    9. Captive Portals
    10. Drive-By Attacks
    11. Clickjacking
    12. Likejacking
    13. Plug-and-Play Scripts
    14. Mitigating Mobile Browser Attacks
    15. Mobile Application Attacks
    16. Mobile Malware Defense
    17. Mobile Device Management
    18. Penetration Testing and Smartphones
    19. CHAPTER SUMMARY
    20. KEY CONCEPTS AND TERMS
    21. CHAPTER 15 ASSESSMENT
24. APPENDIX A Answer Key
25. APPENDIX B Standard Acronyms
26. Glossary of Key Terms
27. References
28. Index