Wireless Security Architecture - Designing and Maintaining Secure Wireless for Enterprise

Mehr lesen

Reduce organizational cybersecurity risk and build comprehensive WiFi, private cellular, and IOT security solutions
 
Wireless Security Architecture: Designing and Maintaining Secure Wireless for Enterprise offers readers an essential guide to planning, designing, and preserving secure wireless infrastructures. It is a blueprint to a resilient and compliant architecture that responds to regulatory requirements, reduces organizational risk, and conforms to industry best practices. This book emphasizes WiFi security, as well as guidance on private cellular and Internet of Things security.
 
Readers will discover how to move beyond isolated technical certifications and vendor training and put together a coherent network that responds to contemporary security risks. It offers up-to-date coverage--including data published for the first time--of new WPA3 security, Wi-Fi 6E, zero-trust frameworks, and other emerging trends. It also includes:
* Concrete strategies suitable for organizations of all sizes, from large government agencies to small public and private companies
* Effective technical resources and real-world sample architectures
* Explorations of the relationships between security, wireless, and network elements
* Practical planning templates, guides, and real-world case studies demonstrating application of the included concepts
 
Perfect for network, wireless, and enterprise security architects, Wireless Security Architecture belongs in the libraries of technical leaders in firms of all sizes and in any industry seeking to build a secure wireless network.

Inhaltsverzeichnis

Foreword xxix
 
Preface xxxi
 
Introduction xxxv
 
Part I Technical Foundations 1
 
Chapter 1 Introduction to Concepts and Relationships 3
 
Roles and Responsibilities 4
 
Network and Wireless Architects 4
 
Security, Risk, and Compliance Roles 5
 
Operations and Help Desk Roles 8
 
Support Roles 9
 
External and Third Parties 9
 
Security Concepts for Wireless Architecture 11
 
Security and IAC Triad in Wireless 11
 
Aligning Wireless Architecture Security to Organizational Risk 14
 
Factors Influencing Risk Tolerance 15
 
Assigning a Risk Tolerance Level 15
 
Considering Compliance and Regulatory Requirements 17
 
Compliance Regulations, Frameworks, and Audits 17
 
The Role of Policies, Standards, and Procedures 19
 
Segmentation Concepts 22
 
Authentication Concepts 23
 
Cryptography Concepts 27
 
Wireless Concepts for Secure Wireless Architecture 30
 
NAC and IEEE 802.1X in Wireless 33
 
SSID Security Profiles 34
 
Security 35
 
Endpoint Devices 35
 
Network Topology and Distribution of Users 37
 
Summary 43
 
Chapter 2 Understanding Technical Elements 45
 
Understanding Wireless Infrastructure and Operations 45
 
Management vs. Control vs. Data Planes 46
 
Cloud-Managed Wi-Fi and Gateways 48
 
Controller Managed Wi-Fi 52
 
Local Cluster Managed Wi-Fi 53
 
Remote APs 55
 
Summary 55
 
Understanding Data Paths 56
 
Tunneled 58
 
Bridged 59
 
Considerations of Bridging Client Traffic 59
 
Hybrid and Other Data Path Models 61
 
Filtering and Segmentation of Traffic 62
 
Summary 71
 
Understanding Security Profiles for SSIDs 72
 
WPA2 and WPA3 Overview 73
 
Transition Modes and Migration Strategies for Preserving Security 76
 
Enterprise Mode (802.1X) 77
 
Personal Mode (Passphrase with PSK/SAE) 87
 
Open Authentication Networks 94
 
Chapter 3 Understanding Authentication and Authorization 101
 
The IEEE 802.1X Standard 102
 
Terminology in 802.1X 103
 
High-Level 802.1X Process in Wi-Fi Authentication 105
 
RADIUS Servers, RADIUS Attributes, and VSAs 107
 
RADIUS Servers 107
 
RADIUS Servers and NAC Products 108
 
Relationship of RADIUS, EAP, and Infrastructure Devices 110
 
RADIUS Attributes 111
 
RADIUS Vendor-Specific Attributes 115
 
RADIUS Policies 116
 
RADIUS Servers, Clients and Shared Secrets 118
 
Other Requirements 121
 
Additional Notes on RADIUS Accounting 122
 
Change of Authorization and Disconnect Messages 123
 
EAP Methods for Authentication 127
 
Outer EAP Tunnels 129
 
Securing Tunneled EAP 132
 
Inner Authentication Methods 133
 
Legacy and Unsecured EAP Methods 137
 
Recommended EAP Methods for Secure Wi-Fi 138
 
MAC-Based Authentications 140
 
MAC Authentication Bypass with RADIUS 140
 
MAC Authentication Without RADIUS 147
 
MAC Filtering and Denylisting 147
 
Certificates for Authentication and Captive Portals 148
 
RADIUS Server Certificates for 802.1X 148
 
Endpoint Device Certificates for 802.1X 151
 
Best Practices for Using Certificates for 802.1X 152
 
Captive Portal Server Certificates 158
 
Best Practices for Using Certificates for Captive Portals 159
 
In Most Cases, Use a Public Root CA Signed Server Certificate 159

Über den Autor / die Autorin

JENNIFER (JJ) MINELLA is an internationally recognized authority on network and wireless security, author, and public speaker. She is an advisory CISO and information security leader with over fifteen years' experience working with organizations creating network security and leadership strategies. She is Founder and Principal Advisor of Viszen Security.

Zusammenfassung

Reduce organizational cybersecurity risk and build comprehensive WiFi, private cellular, and IOT security solutions

Wireless Security Architecture: Designing and Maintaining Secure Wireless for Enterprise offers readers an essential guide to planning, designing, and preserving secure wireless infrastructures. It is a blueprint to a resilient and compliant architecture that responds to regulatory requirements, reduces organizational risk, and conforms to industry best practices. This book emphasizes WiFi security, as well as guidance on private cellular and Internet of Things security.

Readers will discover how to move beyond isolated technical certifications and vendor training and put together a coherent network that responds to contemporary security risks. It offers up-to-date coverage--including data published for the first time--of new WPA3 security, Wi-Fi 6E, zero-trust frameworks, and other emerging trends. It also includes:
* Concrete strategies suitable for organizations of all sizes, from large government agencies to small public and private companies
* Effective technical resources and real-world sample architectures
* Explorations of the relationships between security, wireless, and network elements
* Practical planning templates, guides, and real-world case studies demonstrating application of the included concepts

Perfect for network, wireless, and enterprise security architects, Wireless Security Architecture belongs in the libraries of technical leaders in firms of all sizes and in any industry seeking to build a secure wireless network.