Wireless Networking technology is now one of most popular networking and convenient technology but still the security issue is big concern for this technology. This research assignment will explore the wireless networking focusing on its security protocols and its development.
Overview of wireless networking
Computer users are getting more and more interested in accessing the Internet wirelessly because of its convenience and mobility. Nowadays, business travellers use wireless laptops to stay in touch with the home office; vacationers beam snapshots to friends while still on holiday; and shoppers place orders from the comfort of their couches. A wireless network can connect computers in different parts of your home or business without a tangle of cords and enable you to work on a laptop anywhere within the network’s range.
Going wireless generally requires a broadband Internet connection into home, called an “access point,” like a cable or DSL line that runs into a modem. To set up the wireless network, connect the access point to a wireless router that broadcasts a signal through the air, sometimes as far as several hundred feet. Any computer within range that’s equipped with a wireless client card can pull the signal from the air and gain access to the Internet.
The wireless networks are based on the IEEE standards belonging to the 802 family – which include the much-beloved Ethernet (802.3) that is common today in homes and offices. Although the development of the 802.11 technology and standards have been ongoing since the late 1990s, grassroots adoption of “wireless Ethernet” only began in the 2000-2001 time frame when access point (AP) devices became cheap enough for the home user to obtain.
(Security in Wireless LANs and MANs: Thomas Hardnono, Lakshminath R. Dondeti: Page1)
Following list is a simple overview of the 802.11 family:
o Most widespread
o 11Mb maximum, 2.4 GHZ band
o Next generation
o 54MB maximum, 5GHZ band
o 54MB maximum, 2.4 GHZ band
o Compatible with 802.11b
o Uses Extensible Authentication Protocol (EAP)
o Supports RADIUS
The downside of a wireless network is that, unless anyone takes certain precautions, any person with a wireless-ready computer can use your network. That means the neighborhoods, or even hackers lurking nearby, could “piggyback” on the network, or even access the information on your computer. And if an unauthorized person uses your network to commit a crime or send spam, the activity can be traced back to your account.
The 802.11 standard is, in its operating principles, not that much different from Ethernet. It uses a traditional “one can talk, others listen” media access control scheme, the only difference being that instead of a pair of wires, the carrier of the signal is now just a designated radio frequency. Which bring us tho 802.11’s first problem.
In May 2004, the Queensland University of Technology’s Information Security Research Centre (ISRC) announced it findings that any 802.11 network in any enterprise could be brought to a grinding halt in a matter of seconds simply by transmitting a signal that inhibits other parties from trying to talk. Naturally, the same is true for Ethernet, except that you must be able to connect to a network plug first, which of course makes the attacker much easier to track and the problem easier to solve. You can simply check the switch then follow the cable. This attack is not exactly a surprise, but it’s not what business adopters expected either.
That’s not where the problem ends. Where the 802.11 standard attempted to thwart carrier-level attacks, it actually failed miserably. The Wired Equivalent Privacy (WEP) mechanism was designed for wireless networks to provide a level of protection against eavesdropping on network sessions by external parties, thus providing security roughly comparable to traditional LANs. However, a number of design flaws in the WEP scheme were found in 2001 by researchers from the University of California and Zero Knowledge Systems, which proved the scheme grossly inappropriate. Regrettably, even by that time wi-fi had been deployed widely enough to make necessary modifications difficult to implement.
To add insult to injury, use of WEP is optional, and most wireless network devices have WEP turned of; they’re ready to accept and relay any traffic they receive. Although this is generally acceptable with wired networks, where and additional layer of security is provided on the physical level, wireless networks are open to any random person within range.
In 2002, Tracy Reed of Copilot Consulting decided to fly around San Diego and vicinity with a wireless scanner. Cruising at 1,500feet, he managed to find nearly 400 access points with default caonfiguratins and likely free network access to the Internet of internal corporate networks for any person nearby. Only 23 percent of the devices scanned were protected by WEP (which is in general, easy to crack anyway) or better mechanisms.
Following picture is another wireless vulnerability example which shows there are lot of open access points in our surroundings
Why Wi-Fi security is too vulnerable?
Easy to Access
Wireless LANs are easy to find. Strictly speaking, this is not a security threat. All wireless networks need to announce their existence so potential clients can link up and use the services provided by the network. 802.11 requires that networks periodically announce their existence to the world with special frames called Beacons.
However, the information needed to join a network is also the information needed to launch an attack on a network. Beacon frames are not processed by any privacy functions, which means that your 802.11 network and its parameters are available for anybody with an 802.11 card. “War drivers” have used high-gain antennas and software to log the appearance of Beacon frames and associate them with a geographic location using GPS.
Short of moving into heavily-shielded office space that does not allow RF signals to escape, there is no solution for this problem. The best anyone can do is to mitigate the risk by using strong access control and encryption solutions to prevent a wireless network from being used as an easy entry point into the network. Deploy access points outside firewalls, and protect sensitive traffic with VPNs.
“Rogue” Access Points
Easy access to wireless LANs is coupled with easy deployment. When combined, these two characteristics can cause headaches for network administrators. Any user can run to a nearby computer store, purchase an access point, and connect it to the corporate network without authorization. Many access points are now priced well within the signing authority of even the most junior managers. Departments may also be able to roll out their own wireless LANs without authorization from the powers that be.
“Rogue” access points deployed by end users pose great security risks. End users are not security experts, and may not be aware of the risks posed by wireless LANs. Most existing small deployments mapped by war drivers do not enable the security features on products, and many access points have had only minimal changes made to the default settings. It is hard to believe that end users within a large corporation will do much better. Unfortunately, no good solution exists to this concern. Tools like NetStumbler allow network administrators to wander their building looking for unauthorized access points, but it is expensive to devote time to wandering the building looking for new access points.
Unauthorized Use of Service
Several war drivers have published results indicating that a clear majority of access points are put in service with only minimal modifications to their default configuration. Nearly all of the access points running with default configurations have not activated WEP (Wired Equivalent Privacy) or have a default key used by all the vendor’s products out of the box. Without WEP, network access is usually there for the taking.
Two problems can result from such open access. In addition to bandwidth charges for unauthorized use, legal problems may result. Unauthorized users may not necessarily obey your service provider’s terms of service, and it may take only one spammer to cause your ISP to revoke the connectivity.
MAC Spoofing and Session Hijacking
802.11 networks do not authenticate frames. Every frame has a source address, but there is no guarantee that the station sending the frame actually put the frame “in the air.” Just as on traditional Ethernet networks, there is no protection against forgery of frame source addresses.
Attackers can use spoofed frames to redirect traffic and corrupt ARP tables. At a much simpler level, attackers can observe the MAC addresses of stations in use on the network and adopt those addresses for malicious transmissions.
Traffic Analysis and Eavesdropping
802.11 provides no protection against attacks that passively observe traffic. The main risk is that 802.11 does not provide a way to secure data in transit against eavesdropping. Frame headers are always “in the clear” and are visible to anybody with a wireless network analyzer. Security against eavesdropping was supposed to be provided by the much-maligned Wired Equivalent Privacy specification.
A great deal has been written about the flaws in WEP. It protects only the initial association with the network and user data frames. Management and control frames are not encrypted or authenticated by WEP, leaving an attacker wide latitude to disrupt transmissions with spoofed frames.
Protocols to secure wireless network
WEP (Wired Equivalent Privacy)
WEP is a protocol that adds security to wireless local area networks (WLANs) based on the 802.11 Wi-Fi standard. WEP is an OSI Data Link layer (Layer 2) security technology that can be turned “on” or “off.” WEP was designed to give wireless networks the equivalent level of privacy protection as a comparable wired network.
WEP is based on a security scheme called RC4 that utilizes a combination of secret user keys and system-generated values. The original implementations of WEP supported so-called 40-bit encryption, having a key of length 40 bits and 24 additional bits of system-generated data (64 bits total). Research has shown that 40-bit WEP encryption is too easy to decode, and consequently product vendors today employ 128-bit encryption (having a key length of 104 bits, not 128 bits) or better (including 152-bit and 256-bit WEP systems).
When communicating over the wire, wireless network equipment uses WEP keys to encrypt the data stream. The keys themselves are not sent over the network but rather are generally stored on the wireless adapter or in the Windows Registry.
Regardless of how it is implemented on a wireless LAN, WEP represents just one element of an overall WLAN security strategy.
The 802.11 standard describes the communication that occurs in wireless local area networks (LANs). The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network; this function is not an explicit goal in the 802.11 standard, but it is frequently considered to be a feature of WEP.
WEP relies on a secret key that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (ie. a base station). The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit. The standard does not discuss how the shared key is established. In practice, most installations use a single key that is shared between all mobile stations and access points.
Basic WEP Encryption
WEP uses the RC4 encryption algorithm, which is known as a stream cipher. A stream cipher operates by expanding a short key into an infinite pseudo-random key stream. The sender XORs the key stream with the plaintext to produce ciphertext . The receiver has a copy of the same key, and uses it to generate identical key stream. XORing the key stream with the ciphertext yields the original plaintext.
RC4 Keystream XORed with Plaintext
This mode of operation makes stream ciphers vulnerable to several attacks. If an attacker flips a bit in the ciphertext, then upon decryption, the corresponding bit in the plaintext will be flipped. Also, if an eavesdropper intercepts two ciphertexts encrypted with the same key stream, it is possible to obtain the XOR of the two plaintexts. Knowledge of this XOR can enable statistical attacks to recover the plaintexts. The statistical attacks become increasingly practical as more ciphertexts that use the same key stream are known. Once one of the plaintexts becomes known, it is trivial to recover all of the others.
WEP has defenses against both of these attacks. To ensure that a packet has not been modified in transit, it uses an Integrity Check (IC) field in the packet. To avoid encrypting two ciphertexts with the same key stream, an Initialization Vector (IV) is used to augment the shared secret key and produce a different RC4 key for each packet. The IV is also included in the packet. However, both of these measures are implemented incorrectly, resulting in poor security.
The integrity check field is implemented as a CRC-32 checksum, which is part of the encrypted payload of the packet. However, CRC-32 is linear, which means that it is possible to compute the bit difference of two CRCs based on the bit difference of the messages over which they are taken. In other words, flipping bit n in the message results in a deterministic set of bits in the CRC that must be flipped to produce a correct checksum on the modified message. Because flipping bits carries through after an RC4 decryption, this allows the attacker to flip arbitrary bits in an encrypted message and correctly adjust the checksum so that the resulting message appears valid.
The initialization vector in WEP is a 24-bit field, which is sent in the cleartext part of a message. Such a small space of initialization vectors guarantees the reuse of the same key stream. A busy access point, which constantly sends 1500 byte packets at 11Mbps, will exhaust the space of IVs after 1500*8/(11*10^6)*2^24 = ~18000 seconds, or 5 hours. (The amount of time may be even smaller, since many packets are smaller than 1500 bytes.) This allows an attacker to collect two ciphertexts that are encrypted with the same key stream and perform statistical attacks to recover the plaintext. Worse, when the same key is used by all mobile stations, there are even more chances of IV collision. For example, a common wireless card from Lucent resets the IV to 0 each time a card is initialized, and increments the IV by 1 with each packet. This means that two cards inserted at roughly the same time will provide an abundance of IV collisions for an attacker. (Worse still, the 802.11 standard specifies that changing the IV with each packet is optional!)
Improvement of WEP
A stopgap enhancement to WEP, implementable on some (not all) hardware not able to handle WPA/WPA2, based on:
ïƒ¼ Enlarged IV value
ïƒ¼ Enforced 128-bit encryption
However, WEP2 remains vulnerable to known WEP attacks — at most it will just slow an attacker down a bit — and thus shouldn’t really be considered more secure than WEP. 
Also known as WEP+. A proprietary enhancement to WEP by Agere Systems (formerly a subsidiary of Lucent Technologies) that enhances WEP security by avoiding “weak IVs”. It is only completely effective when WEPplus is used at both ends of the wireless connection. As this cannot easily be enforced, it remains serious limitation. It is possible that successful attacks against WEPplus will eventually be found. It also does not necessarily prevent replay attacks. 
WPA (Wi-Fi Protected Access)
WPA is a security technology for wireless networks. WPA improves on the authentication and encryption features of WEP (Wired Equivalent Privacy). In fact, WPA was developed by the networking industry in response to the shortcomings of WEP.
One of the key technologies behind WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the encryption weaknesses of WEP. Another key component of WPA is built-in authentication that WEP does not offer. With this feature, WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.
One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short. WPA-PSK is a simplified but still powerful form of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or “passphrase” as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them.
More secure wireless networking using WPA2
WPA2 (Wi-Fi Protected Access 2) gives wireless networks both confidentiality and data integrity, two terms not previously associated with Wi-Fi.
Security, of course, has long been the trade-off with Wi-Fi. Early wireless networks leaned heavily on VPNs to provide Layer 3 security, which-aside from the additional overhead of encapsulation and the challenges of roaming, quality of service, client support and scalability-left the IP network vulnerable to attacks. The Layer 2-based WPA2 better protects the network.
But WPA2 alone can’t provide enterprise security: Combining WPA2 with the IEEE 802.IX port-based authentication protocol for access control should eliminate most security worries. This won’t protect you from rogues, denial-of-service attacks or interference, but it will ensure secure wireless communication.
The Wi-Fi Alliance’s WPA2 security spec is a major improvement over WEP (Wired Equivalent Privacy), the security standard in IEEE’s original 802.11. WEP was susceptible to attacks and poorly implemented by vendors, and never took off in the enterprise. WEP’s weaknesses and the ease with which they’ve been exploited led to the 802.Hi standard, which was approved and published in 2004. The Wi-Fi Alliance created WPA, a subset of the draft version 802.Hi, and later, WPA2, which provided stronger security than the first version of WPA.
WPA came with support for TKIP (Temporal Key Integrity Protocol), which uses the RC4 cipher, and it can be implemented in software with just a driver or firmware update. Keys are rotated frequently, and the packet counter prevents packet replay or packet re-injection attacks. WPA provides integrity checking using MIC (Message Integrity Code), sometimes nicknamed “Michael.” Although this checksum method can be attacked with brute-force methods, network traffic is halted automatically for a minute and the session keys reset if a WPA-based access point detects more than one TKIP MIC failure within 60 seconds, so the risks are minimal.
WPA2, meanwhile, uses a new encryption method called CCMP (Counter-Mode with CBC-MAC Protocol), which is based on AES (Advanced Encryption Standard), a stronger encryption algorithm than RC4.
Both WPA and WPA2 include two authentication modes: personal and enterprise. WPA2-Personal generates a 256-bit key from a plain-text pass phrase, sometimes called a PSK, or preshared key. The PSK (as well as the Service Set Identifier and SSID length) form the mathematical basis for the PMK (pairwise master key) that’s used to initiate a four-way handshake and generate the PTK (pairwise transient key)-or session key-between the wireless user device and access point. WPA2-Personal, like static WEP, poses challenges in key distribution and maintenance, making it a fit for small offices but not the enterprise.
WPA2-Enterprise, meanwhile, addresses concerns regarding distributing and managing static keys, and controls access on a per-account basis by tying in to most organizations’ authentication services. This mode requires credentials, such as a user name and password, a certificate or a one-time password, and authentication occurs between the station and central authentication server. The access point or wireless controller monitors the connection and directs authentication packets to the appropriate authentication server, typically a RADIUS server. The framework for this is 802. IX, which supports user and machine authentication with port-based control that works for both wired switches and wireless access points.
Three major components of 802.IX authentication are supplicant, authenticate: and authentication server.
The 802. IX specification describes the supplicant as the device requesting access to the network, usually a laptop or mobile device, but in practice it’s software on that device that initiates and responds to 802. IX commands.
The authenticator-typically an access point, but in a centralized AP architecture, it may reside on the switch/controller-authenticates the client to the network. This device processes requests from the supplicant, and leaves the network interface blocked unless directed by the authentication server to unblock it.
The authentication server, meanwhile, receives and processes the authentication request. It usually is a RADIUS server, but it’s not just any RADIUS server-it must be compatible with the supplicant’s EAP (Extensible Authentication Protocol) types.
EAP traffic is exchanged between the client (supplicant) and AP (authenticator) over the Layer 2 EAPoL (EAP over LAN) protocol. The supplicant doesn’t have Layer 3 connectivity to the RADIUS server: When the AP receives EAP traffic from the client, it converts it to the appropriate RADIUS request and then passes it to the RADIUS server for processing. If the supplicant encrypts the data, the authenticator can’t inspect the contents of the request, but can extract from the response attributes such as the client’s VLAN assignment.
After 802. IX authentication, the client receives the master key (MK) from the authentication server. The master key is tied to that authentication session. From the MK, the same primary master key (PMK) is generated on both the client and the authentication server. The authenticator-in this case an access point-receives the PMK from the authentication server through a predefined RADIUS attribute. Once the client and access point possess the PMK, the client and AP generate the pair-wise transient key (PTK) without actually exchanging it. This is possible over a four-way handshake, which eliminates a successful man-in-the-middle attack.
WPA2’s PTK comprises three types of keys. They are the Key Confirmation Key (KCK), which is used to check the integrity of an EAPOL-Key frame (used in the MIC), the Key Encryption Key (KEK), which encrypts the GTK, and the Temporal Keys (TK), which secure data traffic.
All wireless devices associated with an access point must be able to decrypt the broadcast and multicast traffic. They do so with the same group key, or GTK. If the AP changes the GTK because it was compromised, for example, the AP issues a replacement key using a simpler twoway handshake with the KEK encrypting the GTK.
Because this entire process of client authentication to the RADIUS server can take up hundreds of milliseconds (if not seconds) when a device is roaming from one AP to another, it’s unacceptable for Wi-Fi phones or streaming applications on laptops. So most enterprise wireless products have 802.11i features that help minimize roaming latency-preauthentication and PMK caching.
Pre-authentication lets a mobile client authenticate with other APs in its vicinity while remaining associated with its primary AP. With PMK caching, a roaming client need not fully re-authenticate over 802. IX when it returns “home.”
WPA2 is built around AES, which has replaced DES and 3DES as the de facto industry encryption standard. The computationally intensive AES requires hardware assistance, something not always in older WLAN equipment.
WPA2 uses CBC-MAC (Cipher Block Chaining Message Authentication Code) Protocol for authentication and integrity, and CTR (Counter Mode) to encrypt the data and MIC. WPA2’s MIC is similar to a checksum and provides data integrity for the nonchangeable fields in the 802.11 header, unlike WEP and WPA. This prevents packet replay from being exploited to decrypt the packet or compromise cryptographic information.
MIC calculation uses a 128-bit IV (initialization vector). The IV is encrypted with AES and the temporal key, producing a 128-bit result. The algorithm then performs an exclusive OR on that result and the next 128 bits of data. The result of this calculation is encrypted with AES and the TK, and then an exclusive OR is performed on that and the next 128 bits of data. The last step is repeated until all 128 blocks in the 802.11 payload are exhausted. At the end of the operation, the first 64 bits are used to produce the MIC.
The counter-mode encryption algorithm encrypts the data and the MIC. The algorithm begins with a 128-bit counter preload similar to the MIC IV, but uses a counter value initialized to 1 instead of a data length. So a different counter is used to encrypt each packet.
The first 128 bits are encrypted using AES and the TK, producing a 128-bit result, and an exclusive OR is performed on that result. The first 128 bits of data produce the first 128-bit encrypted block. The counter preload value increases incrementally and is encrypted with AES and the data encryption key. Then an exclusive OR is performed on that and the next 128 bits of data.
The last step is repeated until all the 128-bit blocks have been encrypted. Then the final counter value is set to O and encrypted using AES and XORed with the MIC. The result is appended to the encrypted frame.
Once the MIC is calculated using CBC-MAC, the data and MIC are encrypted. That information is prefixed with an 802.11 header and the CCMP packet number field, appended with the 802.11 trailer, and then sent out.
WPA2 decryption works in reverse. The counter value is derived from the same algorithm used in the encryption. That value and the encrypted portion of the 802.11 payload are decrypted with the counter mode decryption algorithm and the TK, which results in the decrypted data and MIC. The data then goes through the CBC-MAC algorithm to recalculate the MIC. If the values don’t match, the packet is dropped. If they do, the decrypted data is sent up the network stack and to the client.
Most of the latest enterprise wireless systems support WPA2 or are upgradeable to it. But if you don’t have an authentication or RADIUS server that supports the requisite EAP types, you’ll have to pull together the elements to do so. And you probably have a few laptops and PC cards that don’t support WPA2 because they lack the necessary AES encryption hardware. Sometimes a firmware and/or driver upgrade will activate that functionality.
Another challenge is getting WPA2 to embedded or small form-factor devices such as PDAs, Wi-Fi phones, barcode scanners and wireless print servers. These devices tend to lag in security features due to integration challenges and their infrequent replacement lifecycle.
You can create a separate SSID with WEP or WPA on a separate VLAN with limited, controlled and monitored access to your network. An example is Wi-Fi phones that support only WEP or WPA-PSK: Because they need to communicate only with the VoIP infrastructure, you should restrict them from accessing the general corporate network. Of course, voice calls are still susceptible to decryption, and it might make sense to wait for handsets that support some form of 802.IX.
Supporting WPA2 on your existing desktops and laptops isn’t always easy. If the type of EAP you’re using is not supported by the wireless station’s OS, you can use the supplicant provided on your wireless card’s drive or install, configure and manage a third-party supplicant. If you can’t convert all your users in short order, you can overlay your system with a new SSID that uses WPA2 or mixed-mode encryption. Then you can convert your devices to WPA2 by location, for instance.
Either way, Wi-Fi is ready for prime time when it comes to enterprise security. WPA2 provides encryption and data integrity, and when used with 802. IX authentication, you get complete link-level security.
History of development (WEP To WPA2)
Wired Equivalent Privacy (WEP) was ratified in 1999 along with the original 802.11b Wi-Fi standards. WEP failed to live up to its name when it proved vulnerable to shared key and stream cipher attacks in 2001. In response, enterprises that wanted tighter security augmented their own encryption and authentication schemes, and they added virtual private network (VPN) tunnels on top of their Wi-Fi installations.
By 2003, the Wi-Fi Alliance had crafted WPA as a temporary solution, borrowing from the IEEE’s work in progress on the 802.11i security standard. WPA uses the same encryption algorithm (RC4) as WEP uses, but with larger and dynamically changing keys. WPA also incorporates strong user authentication (such as the 802.1x standard). Most early Wi-Fi clients and access points (APs) could be upgraded from WEP to WPA in software or firmware (i.e., software embedded in hardware).
In June 2004, the IEEE formalized 802.11i, shortly after the Wi-Fi Alliance released WPA2. While the two are not strictly identical, from a practical standpoint the two terms are used interchangeably. If anyone buy a wireless access point or router with either term on it, it provides the same level of security. The WPA2 designation means that the equipment is interoperable with other equipment bearing that designation.
Though the Wireless networking are becoming increasingly popular but it true many users still fear of a large security risk because of it high security vulnerabilities. The initial failure of WEP security technology leads the users fearful about this Wi-Fi technology. But the current development of WPA2™ security plugs hole in WEP. Also, the Wi-Fi Alliance claims that WPA addresses all known WEP vulnerabilities but the market clearly is not convinced.
Wi-Fi security issues are dealing with two different problems: authentication and privacy. Authentication ensures that only legitimate users get access to the network. Privacy keeps transmissions secure from eavesdropping. The WPA is nicely handled these two key problems.
Even though we have the most robust security technology but mishaps can happen anytime, to get a pleasant experience of Wi-Fi technology users must be aware of the security vulnerabilities, that’s why the Wi-Fi Alliance recommends that users of wireless networks exercise the same level of caution they’ve learned to use to avoid scams in the wired world. End users should change their passwords regularly, not respond to questionable e-mails, and look for secure connections. Consumers need to make some new simple security precautions a habit, like connecting through a provider that uses encryption with a list of trusted hotspots, using a VPN, and always enabling security within a home network. Also, users should make it a point to look for products that are Wi-Fi CERTIFIED for WPA™ (Wi-Fi Protected Access) or WPA2™ security.
1. Silence on the wire(a Field Guide to Passive Reconnaissance and Indirect Attacks): Michal Zalewski, ISBN 1-59327-046-1, San Francisco CA94107, No Starch Press Inc.
2. Hacker’s Challenge: Test Your Incident Response Skills Using 20 Scenarios: Mike Schiffman, ISBN 0-07-219384-0, California, McGraw-Hills
3. Security in Wireless LANs and MANs: Thomas Hardnono, Lakshminath R. Dondeti: , ISBN 1-58053-755-3, London, Artech House, Inc.
4. Don’t Overlook the Threats Posed by Wi-Fi ,Bob Egan. American Banker. ISSN: 00027561 , New York, N.Y.: Jul 18, 2006.Vol.171, Iss. 136; pg. 10.A
5. The ABCs Of WPA2 Wi-Fi Security, Frank Bulk. Network Computing. ISSN: 10464468 , Manhasset: Feb 2, 2006.Vol.17, Iss. 2; pg. 65, 3 pgs
6. 802.11i Brings More Security To WLANs, Drew Robb. Business Communications Review. ISSN: 01623885, Hinsdale: Apr 2006.Vol.36, Iss. 4; pg. 52, 3 pgs
7. Better, Simpler WLAN Security,Elena Malykhina. InformationWeek. Manhasset: ISSN: 87506874, Apr 17, 2006., Iss. 1085; pg. 27, 1 pgs
8. Key-Exchange Authenication Using Sharing Secrets, Mohamad Badra, Ibrahim Hajjeh. ISSN: 00189162, Computer. New York: Mar 2006.Vol.39, Iss. 3; pg. 58