دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش: [1 ed.]
نویسندگان: Jennifer Minella
سری:
ISBN (شابک) : 1119883059, 9781119883050
ناشر: Wiley
سال نشر: 2022
تعداد صفحات: 624
زبان: English
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 40 Mb
در صورت تبدیل فایل کتاب Wireless Security Architecture: Designing and Maintaining Secure Wireless for Enterprise به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب معماری امنیتی بی سیم: طراحی و حفظ امنیت بی سیم برای سازمانی نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
کاهش خطر امنیت سایبری سازمانی و ایجاد راهحلهای امنیتی جامع WiFi، تلفن همراه خصوصی و IOT
معماری امنیت بیسیم: طراحی و حفظ امنیت بیسیم برای سازمان یک راهنمای ضروری برای برنامه ریزی، طراحی و حفظ زیرساخت های بی سیم امن به خوانندگان ارائه می دهد. این طرحی برای یک معماری انعطافپذیر و سازگار است که به الزامات نظارتی پاسخ میدهد، ریسک سازمانی را کاهش میدهد و با بهترین شیوههای صنعت مطابقت دارد. این کتاب بر امنیت WiFi و همچنین راهنمایی در مورد امنیت تلفن همراه خصوصی و اینترنت اشیا تاکید دارد.
خوانندگان متوجه خواهند شد که چگونه میتوانند از گواهینامههای فنی مجزا و آموزش فروشندگان فراتر رفته و شبکهای منسجم ایجاد کنند که به خطرات امنیتی معاصر پاسخ میدهد. این پوشش بهروز - از جمله دادههایی که برای اولین بار منتشر میشود - از امنیت جدید WPA3، Wi-Fi 6E، چارچوبهای بدون اعتماد و سایر روندهای نوظهور را ارائه میدهد. همچنین شامل موارد زیر است:
Reduce organizational cybersecurity risk and build comprehensive WiFi, private cellular, and IOT security solutions
Wireless Security Architecture: Designing and Maintaining Secure Wireless for Enterprise offers readers an essential guide to planning, designing, and preserving secure wireless infrastructures. It is a blueprint to a resilient and compliant architecture that responds to regulatory requirements, reduces organizational risk, and conforms to industry best practices. This book emphasizes WiFi security, as well as guidance on private cellular and Internet of Things security.
Readers will discover how to move beyond isolated technical certifications and vendor training and put together a coherent network that responds to contemporary security risks. It offers up-to-date coverage―including data published for the first time―of new WPA3 security, Wi-Fi 6E, zero-trust frameworks, and other emerging trends. It also includes:
Perfect for network, wireless, and enterprise security architects, Wireless Security Architecture belongs in the libraries of technical leaders in firms of all sizes and in any industry seeking to build a secure wireless network.
Cover Title Page Copyright Page About the Author About the Technical Editor Acknowledgments Contents at a Glance Contents Foreword Preface Who This Book Is For Distinctive Features Introduction Overview of the Book and Technology How This Book Is Organized Why Read This Book What’s on the Website Congratulations Part I Technical Foundations Chapter 1 Introduction to Concepts and Relationships Roles and Responsibilities Network and Wireless Architects Security, Risk, and Compliance Roles Risk and Compliance Roles Chief Information Security Officer Roles Security Operations and Analyst Roles Identity and Access Management Roles Operations and Help Desk Roles Network Operations Teams Help Desk and End-User Support Roles External and Third Parties Technology Manufacturers and Integrators Vendor Management and Supply Chain Security Considerations Security Concepts for Wireless Architecture Security and IAC Triad in Wireless Integrity in Secure Wireless Architecture Availability in Secure Wireless Architecture Confidentiality in Secure Wireless Architecture Using the IAC Triad to Your Advantage Aligning Wireless Architecture Security to Organizational Risk Identifying Risk Tolerance Factors Influencing Risk Tolerance Assigning a Risk Tolerance Level Considering Compliance and Regulatory Requirements Compliance Regulations, Frameworks, and Audits The Role of Policies, Standards, and Procedures Policies Standards Procedures Example with Wireless Security Segmentation Concepts Why and When to Segment Traffic Methods to Enforce Segmentation Authentication Concepts Authentication of Users Authentication of Devices Authentication of Administrative Users Authentication of the Servers (for Captive Portals and/or 802.1X RADIUS) Authentication of the Wireless Infrastructure Components Cryptography Concepts Cryptographic Keys, Key Exchanges, and Key Rotation Cryptographic Algorithms and Hashes Tying It All Together Wireless Concepts for Secure Wireless Architecture Wireless Standards and Protocols Wireless Standards and Technologies Generations of 802.11 WLANs NAC and IEEE 802.1X in Wireless SSID Security Profiles Open Wi-Fi Security Personal (Passphrase) Wi-FiSecurity Enterprise (802.1X) Wi-FiSecurity Endpoint Devices Form Factors User-basedvs. Headless RF Capabilities Security Capabilities Ownership Network Topology and Distribution of Users Campus Environments Remote Branch Environments Remote Worker Environments The Issue of Connectivity Summary Chapter 2 Understanding Technical Elements Understanding Wireless Infrastructure and Operations Management vs. Control vs. Data Planes Management Plane Control Plane Data Plane Cloud-Managed Wi-Fi and Gateways Today’s Cloud-Managed Benefits for Enterprise Architectures with Cloud Management The Role of Gateway Appliances with Cloud-Managed APs Controller Managed Wi-Fi Local Cluster Managed Wi-Fi Remote APs Summary Understanding Data Paths Tunneled Bridged Considerations of Bridging Client Traffic Hybrid and Other Data Path Models Filtering and Segmentation of Traffic The Role of ACLs and VLANs in Segmentation Filtering Traffic within Wireless and Wired Infrastructures Filtering with Inter-Station Blocking on Wireless Filtering with SSIDs/VLANs on Wireless Filtering with ACLs on Wireless Controlling Guest Portals with DNS on Wireless Filtering with VLANs on Switches Filtering with ACLs on Routing Devices Filtering with Policies on Firewalls Filtering with Network Virtualization Overlay on Wired Infrastructure Summary Understanding Security Profiles for SSIDs Understanding the Term Personal Networks WPA2 and WPA3 Overview Security Benefits of Protected Management Frames Transition Modes and Migration Strategies for Preserving Security Enterprise Mode (802.1X) Planning Enterprise (802.1X) Secured SSIDs Untangling the Enterprise (802.1X) SSID Security Options Enhancements with WPA3-Enterprise WPA3-Enterprise192-bit Mode Deciphering the Acronyms of 192-bit Mode WPA2 to WPA3-Enterprise Migration Recommendations Personal Mode (Passphrase with PSK/SAE) Planning Personal/Passphrase-Secured SSIDs Enhancements with WPA3-Personal WPA2 to WPA3-Personal Migration Recommendations Open Authentication Networks Legacy Open Authentication Networks Wi-Fi Enhanced Open Networks Summary Chapter 3 Understanding Authentication and Authorization The IEEE 802.1X Standard Terminology in 802.1X High-Level 802.1X Process in Wi-Fi Authentication 802.1X as the Iron Gate RADIUS Servers, RADIUS Attributes, and VSAs RADIUS Servers RADIUS Servers and NAC Products Relationship of RADIUS, EAP, and Infrastructure Devices RADIUS Attributes Common RADIUS Attributes RADIUS Attributes for Dynamic VLANs RADIUS Vendor-Specific Attributes RADIUS Policies RADIUS Servers, Clients and Shared Secrets Specifying RADIUS Clients RADIUS Shared Secrets Other Requirements User Directories Server Certificate Logging/Accounting Additional Notes on RADIUS Accounting Change of Authorization and Disconnect Messages EAP Methods for Authentication Outer EAP Tunnels EAP-PEAP EAP-TTLS EAP-FAST EAP-TEAP Securing Tunneled EAP Inner Authentication Methods EAP-TLS EAP-MSCHAPv2 EAP-GTC EAP-POTP Legacy and Unsecured EAP Methods Recommended EAP Methods for Secure Wi-Fi MAC-Based Authentications MAC Authentication Bypass with RADIUS Overview of Typical MAB Operations Vendor Variations of MAC Operations Security Considerations for MAB Recommendations when Using MAB MAC Authentication Without RADIUS MAC Filtering and Denylisting Certificates for Authentication and Captive Portals RADIUS Server Certificates for 802.1X Endpoint Device Certificates for 802.1X Best Practices for Using Certificates for 802.1X Never Use Wildcard Certificates Never Use Self-SignedCertificates Always Validate Server Certificates Most Often, Use Domain-Issued Certificates for RADIUS Servers Use Revocation Lists, Especially for Endpoint Certificates Captive Portal Server Certificates Best Practices for Using Certificates for Captive Portals In Most Cases, Use a Public Root CA Signed Server Certificate Understand the Impact of MAC Randomization on Captive Portals Captive Portal Certificate Best Practices Recap Summary Captive Portal Security Captive Portals for User or Guest Registration Guest Self-RegistrationWithout Verification Guest Self-Registrationwith Verification Guest Sponsored Registration Guest Pre-Approved Registration Guest Bulk Registration Captive Portals for Acceptable Use Policies Captive Portals for BYOD Captive Portals for Payment Gateways Security on Open vs. Enhanced Open Networks Access Control for Captive Portal Processes LDAP Authentication for Wi-Fi The 4-Way Handshake in Wi-Fi The 4-Way Handshake Operation The 4-Way Handshake with WPA2-Personal and WPA3-Personal The 4-Way Handshake with WPA2-Enterprise and WPA3-Enterprise Summary Chapter 4 Understanding Domain and Wi-Fi Design Impacts Understanding Network Services for Wi-Fi Time Sync Services Time Sync Services and Servers Time Sync Uses in Wi-Fi DNS Services DNS for Wi-Fi Clients and Captive Portals DNS for AP Provisioning DNS Security DHCP Services DHCP for Wi-Fi Clients Planning DHCP for Wi-Fi Clients DHCP for AP Provisioning Certificates Understanding Wi-Fi Design Impacts on Security Roaming Protocols’ Impact on Security Roaming Impact on Latency-Sensitive Applications Roaming and Key Exchanges on WPA-Personal Networks Roaming and Key Exchanges on WPA-Enterprise Networks Fast Roaming Technologies Fast Reconnect PMK Caching (Roam-back) Opportunistic Key Caching Fast BSS Transition Summary of Fast Roaming Protocols Support for Fast Transition and Other Roaming Changes in Roaming Facilitation with WPA3 and Enhanced Open Networks Recommendations for Fast Roaming in Secure Wi-Fi System Availability and Resiliency Uptime, High Availability, and Scheduled Downtime Scheduled Maintenance and Testing AP Port Uplink Redundancy RF Design Elements AP Placement, Channel, and Power Settings Wi-Fi6E Rate Limiting Wi-Fi Other Networking, Discovery, and Routing Elements Discovery Protocols Loop Protection Dynamic Routing Protocols Layer 3 Roaming Mobility Domains Summary Part II Putting It All Together Chapter 5 Planning and Design for Secure Wireless Planning and Design Methodology Discover Stage Phase 1: Define Phase 2: Characterize Architect Stage Phase 3: Design Iterate Stage Phase 4: Optimize Phase 5: Validate Planning and Design Inputs (Define and Characterize) Scope of Work/Project Teams Involved CISO, Risk, or Compliance Officer Security Analyst or SOC Identity and Access Management Team Network Architect and Network Operations Team Domain Administrators Help Desk Other System or Application Owners Vendors, Integrators, and Other Contractors Organizational Security Requirements Current Security Policies Endpoints Wireless Connection Type Form Factor Operating System Ownership Management Location User-Attachedor Not Roaming Capabilities Security Capabilities Quantities Classification or Group Users System Security Requirements Applications Process Constraints Wireless Management Architecture and Products Planning and Design Outputs (Design, Optimize, and Validate) Wireless Connectivity Technology Endpoint Capability Requirements Wireless Management Model and Products RF Design and AP Placement Authentication Data Paths Wired Infrastructure Requirements Domain and Network Services Wireless Networks (SSIDs) System Availability Additional Software or Tools Processes and Policy Updates Infrastructure Hardening Correlating Inputs to Outputs Planning Processes and Templates Requirements Discovery Template (Define and Characterize) Sample Enterprise Requirements Discovery Template Sample Healthcare Requirements Discovery Template Defining BYOD in Your Organization Sample Network Planning Template (SSID Planner) Sample Access Rights Planning Templates Sample Access Rights Planner for NAC Sample Access Rights Planner for NAC in Higher Education Sample Simplified Access Rights Planner Notes for Technical and Executive Leadership Planning and Budgeting for Wireless Projects Involve Wireless Architects Early to Save Time and Money Collaboration Is King for Zero Trust and Advanced Security Programs Stop Planning 1:1 Replacements of APs Penny Pinching on AP Quantities Sacrifices Security Always Include Annual Budget for Training and Tools Consultants and Third Parties Can Be Invaluable Selecting Wireless Products and Technologies Wi-Fi Isn’t the Only Wireless Technology The Product Your Peer Organization Uses May Not Work for You Don’t Buy Into Vendor or Analyst Hype Interoperability Is More Important Now than Ever Expectations for Wireless Security Consider PSK Networks to Be the “New WEP” You’re Not as Secure as You Think Get Control of Privileged Access, Especially Remote Make Sure You’ve Addressed BYOD Summary Chapter 6 Hardening the Wireless Infrastructure Securing Management Access Enforcing Encrypted Management Protocols Generating Keys and Certificates for Encrypted Management Enabling HTTPS vs. HTTP Enabling SSH vs. Telnet Enabling Secure File Transfers Enabling SNMPv3 vs. SNMPv2c Eliminating Default Credentials and Passwords Changing Default Credentials on Wireless Management Changing Default Credentials on APs Removing Default SNMP Strings Controlling Administrative Access and Authentication Enforcing User-BasedLogons Creating a Management VLAN Defining Allowed Management Networks Securing Shared Credentials and Keys Addressing Privileged Access Securing Privileged Accounts and Credentials Privileged Access Management Privileged Remote Access Additional Secure Management Considerations Designing for Integrity of the Infrastructure Managing Configurations, Change Management, and Backups Configuration Change Management Configuration Baselines Configuration Backups and Rollback Support Monitoring and Alerting for Unauthorized Changes Configuring Logging, Reporting, Alerting, and Automated Responses Verifying Software Integrity for Upgrades and Patches Verifying Software Integrity Upgrades and Security Patches Working with 802.11w Protected Management Frames Wi-FiManagement Frames Unprotected Frame Types Protected Frame Types Validated vs. Encrypted WPA3, Transition Modes, and 802.11w Caveats and Considerations for 802.11w Provisioning and Securing APs to Manager Approving or Allowlisting APs Using Certificates for APs Enabling Secure Tunnels from APs to Controller or Tunnel Gateway Addressing Default AP Behavior Adding Wired Infrastructure Integrity Authenticating APs to the Edge Switch Specifying Edge Port VLANs Planning Physical Security Securing Access to Network Closets Securing Access to APs and Edge Ports Locking Front Panel and Console Access on Infrastructure Devices Disabling Unused Protocols Controlling Peer-to-Peer and Bridged Communications A Note on Consumer Products in the Enterprise Blocking Ad-Hoc Networks Blocking Wireless Bridging on Clients Filtering Inter-Station Traffic, Multicast, and mDNS SSID Inter-StationBlocking Peer-Based Zero Configuration Networking Disabling and Filtering Bonjour and mDNS Protocols Disabling and Filtering UPnP Protocols A Message on mDNS and Zeroconf from a Pen Tester Recommendations for Securing Against Zeroconf Networking Best Practices for Tiered Hardening Additional Security Configurations Security Monitoring, Rogue Detection, and WIPS Considerations for Hiding or Cloaking SSIDs Requiring DHCP for Clients Addressing Client Credential Sharing and Porting Summary Part III Ongoing Maintenance and Beyond Chapter 7 Monitoring and Maintenance of Wireless Networks Security Testing and Assessments of Wireless Networks Security Audits Vulnerability Assessments Internal Vulnerability Assessment External Vulnerability Assessment Security Assessments Penetration Testing Ongoing Monitoring and Testing Security Monitoring and Tools for Wireless Wireless Intrusion Prevention Systems WIDS vs. WIPS vs. Wired IPS Requirements for WIPS Integrated vs. Overlay vs. Dedicated Attacks WIPS Can Detect and Prevent Wireless Rogues and Neighbors WIPS Mitigation and Containment Legal Considerations of Over-the-Air Mitigation Spectrum Analyzers and Special-Purpose Monitoring Recommendations for WIPS Synthetic Testing and Performance Monitoring Security Logging and Analysis Security Event Logging Security Event Correlation and Analysis Wireless-Specific Tools Handheld Testers RF Design and Survey Software Network Protocol Analyzers Testing and Troubleshooting Applications Logging, Alerting, and Reporting Best Practices Events to Log for Forensics or Correlation Secure Management Access Infrastructure Integrity Client Security and Other WIPS Events to Alert on for Immediate Action Secure Management Access Infrastructure Integrity Client Security and Other WIPS Events to Report on for Analysis and Trending Secure Management Access Infrastructure Integrity Client Security and Other WIPS Troubleshooting Wi-Fi Security Troubleshooting 802.1X/EAP and RADIUS Things to Remember Things to Troubleshoot Troubleshooting MAC-based Authentication MAC Address Formatting MAC Authentication Bypass AAA Settings Settings on the RADIUS and Directory Servers Troubleshooting Portals, Onboarding, and Registration Troubleshooting with Protected Management Frames Enabled Training and Other Resources Technology Training Courses and Providers Wi-Fi Training and Certification IoT Wireless Training and Certification Network and Cyber Security Training Vendor-Specific Training and Resources Conferences and Community Summary Chapter 8 Emergent Trends and Non-Wi-Fi Wireless Emergent Trends Impacting Wireless Cloud-Managed Edge Architectures Remote Workforce Challenges Supporting Work from Home and Remote Users Balancing Additional Work and the Tech Talent Shortage Process Changes to Address Remote Work Recommendations for Navigating a Remote Workforce Bring Your Own Device Stats on BYOD and Policies Other Models for Ownership, Management, and Use Further Defining BYOD in Your Organization Legal Considerations for BYOD Technical Considerations for Securing BYOD Recommendations for Securing BYOD Zero Trust Strategies The Current State of Zero Trust Zero Trust Language Types of Zero Trust Products Segmentation Enforcement Models Zero Trust Strategy’s Impact on Wireless Internet of Things LAN-based IoT Protocol-Translated IoT Protocol-Routed IoT Enterprise IoT Technologies and Non-802.11 Wireless IoT Considerations Technologies and Protocols by Use Case LAN-based IoT Bluetooth and BLE Smart Building and Home Automation Public Cellular for IoT Private Cellular and Cellular LANs Private WANs Industrial Automation Features and Characteristics Impact on Security Physical Layer and RF Spectrums Coverage Edge IP Protocols Topology and Connectivity Other Considerations for Secure IoT Architecture Final Thoughts from the Book Appendix A Notes on Configuring 802.1X with Microsoft NPS Wi-Fi Infrastructure That Supports Enterprise (802.1X) SSID Security Profiles Endpoints That Support 802.1X/EAP A Way to Configure the Endpoints for the Specified Connectivity An Authentication Server That Supports RADIUS Appendix B Additional Resources IETF RFCs Navigating and Reading RFCs Helpful RFCs and Links IEEE Standards and Documents Navigating and Reading IEEE Standards Helpful Links IEEE 802.11 Standard Wi-Fi Alliance Blog, Consulting, and Book Materials Compliance and Mappings NIST SP 800-53 and ISO 27001 PCI Data Security Standards Cyber Insurance and Network Security Appendix C Sample Architectures Architectures for Internal Access Networks Managed User with Managed Device Security Considerations High-Security Architecture Medium-Security Architecture Low-Security Architecture Headless/Non-User-Based Devices Security Considerations High-Security Architecture Medium-Security Architecture Low-Security Architecture Contractors and Third Parties Security Considerations High-Security Architecture Medium-Security Architecture Low-Security Architecture BYOD/Personal Devices with Internal Access Security Considerations High-Security Architecture Medium-Security Architecture Low-Security Architecture Guidance on WPA2-Enterprise and WPA3-Enterprise Migrating from WPA2-Enterpriseto WPA3-Enterprise Supporting WPA2-Enterprisewith WPA3-Enterprise Guidance on when to Separate SSIDs Architectures for Guest/Internet-only Networks Guest Networks Security Considerations High-Security Architecture Medium-Security Architecture Low-Security Architecture BYOD/Personal Devices with Internet-Only Access Security Considerations High-Security Architecture Medium-Security Architecture Low-Security Architecture Determining Length of a WPA3-Personal Passphrase Why Passphrase Length Matters Considerations for Passphrase Length Recommendations for Passphrase Lengths Appendix D Parting Thoughts and Call to Action The Future of Cellular and Wi-Fi Cellular Carrier Use of Unlicensed Spectrum Cellular Neutral Host Networks MAC Randomization The Purpose of MAC Randomization How MAC Randomization Works The Future of Networking with MAC Randomization Security, Industry, and The Great Compromise Index EULA