Jim Doherty - Wireless and Mobile Device Security

ISSA

INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES

Wireless and Mobile Device Security

SECOND EDITION

Jim Doherty

JONES & BARTLETT
LEARNING

World Headquarters

Jones & Bartlett Learning

25 Mall Road

Burlington, MA 01803

978-443-5000

www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .

Copyright 2022 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Wireless and Mobile Device Security, 2ndEdition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious, but are used for instructional purposes only.

Production Credits

Director of Product Management: Laura Pagluica

Product Manager: Edward Hinman

Content Strategist: Melissa Duffy

Content Coordinator: Paula-Yuan Gregory

Manager, Project Management: Jessica deMartin

Project Specialist: Allie Koo

Senior Digital Project Specialist: Angela Dooley

Digital Project Specialist: Rachel DiMaggio

Marketing Manager: Michael Sullivan

Product Fulfillment Manager: Wendy Kilborn

Technical Editor: Justin Hensley

Composition: S4Carlisle Publishing Services

Project Management: S4Carlisle Publishing Services

Cover Design: Briana Yates

Text Design: Briana Yates

Media Development Editor: Faith Brosnan

Rights Specialist: James Fortney

Cover Image (Title Page, Part Opener, Chapter Opener): Cherezoff/Shutterstock

Printing and Binding: Gasch Printing

Library of Congress Cataloging-in-Publication Data

Names: Doherty, Jim, 1968- author.

Title: Wireless and mobile device security / Jim Doherty, Professor

Description: Second edition. | Burlington, Massachusetts : Jones & Bartlett Learning, [2022] | Series: Issa | Includes bibliographical references and index.

Identifiers: LCCN 2020043841 | ISBN 9781284211726 (paperback)

Subjects: LCSH: Wireless communication systems--Security measures. | Mobile communication systems--Security measures. | Wireless LANs--Security

measures. | Mobile computing--Security measures.

Classification: LCC TK5105.78 .D64 2022 | DDC 005.8--dc23

LC record available at https://lccn.loc.gov/2020043841

6048

Printed in the United States of America

25 24 23 22 21 10 9 8 7 6 5 4 3 2

To Katie, Samantha, and Conor

Cherezoff/Shutterstock

Cherezoff/Shutterstock

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curriculums in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information security principles packed with real-world applications and examples. Authored by professionals experienced in information systems security, they deliver comprehensive information on all aspects of the topic. Reviewed word for word by leading technical experts in the field, these books are not just current but forward-thinkingputting you in the position to solve current cybersecurity challenges and future ones, as well.

Part I of the text reviews the history of wireless and mobile networks and the evolution of wired and wireless networkingfrom Alexander Graham Bell to the present bring-your-own-device (BYOD) phenomenon. Youll read about the mobile revolution that took users from clunky analog phones to smart devices people cant live without and about the implications of the always on, ever-present aspect of these devices. Although most people view the resulting changes as a net positive, both wireless and mobile networking have introduced significant security vulnerabilities to networking in general. Youll get an overview of network security threats and considerations, with a particular emphasis on wireless and mobile devices.

Part II focuses on wireless local area network (WLAN) security. Youll read about WLAN design and the operation and behavior of wireless in general, particularly on 802.11 WLANs. Youll review the threats and vulnerabilities directly associated with 802.11 wireless networks, their various topologies, and devices. The text will discuss basic security measures that satisfy the needs of small office/home office (SOHO) networks, as well as more advanced concepts in wireless security unique to the needs of larger organizations. Youll learn about the need to audit and monitor a WLAN and the tools available for doing so. Finally, youll review risk assessment procedures as applied to WLAN and Internet Protocol mobility.

Part III discusses security solutions to the risks and vulnerabilities of wireless networks and mobile devices. Youll read about the three major mobile operating systems and the vulnerabilities of each. Then youll review the security models of these operating systems and explore how IT organizations manage the security and control of smart devices on a large scale. The text will look at the risks mobile clients present to corporate networks, as well as the tools and techniques used to mitigate these risks. Youll also learn about the issues surrounding fingerprinting of mobile devices. Finally, youll review the mobile malware landscape and mitigation strategies to prevent malware from finding its way into an organizations information security resources.