 |
“BULLETPROOF WIRELESS SECURITY : GSM, UMTS, 802.11, and Ad Hoc Security (Communications Engineering)” (Praphul Chandra)
I asked for a review copy of this book because I understood it to be a guide to implementing security. The problem is that “implementing” is a loaded term. I wanted a book on how to set up and configure security, and Chandra’s written a book about how to engineer products that implement these solutions. In that light, this is an interesting book because it covers GSM, UMTS, and 802.11 security. The writing style is clear and direct. However, there’s a problem: for a book billed as comprehensive, there’s not enough depth to actually help an implementer build an implementation of any of these protocols. For example, the first 60 pages or so explain some basic security concepts and algorithms, and the next 25 pages cover how security protocols are applied at various OSI layers. There’s a chapter dedicated to GSM and UMTS security, and one on 802.11a/b/g security that (IMHO) pulls some punches about how bad WEP is. In a book targeted at implementation engineers, it would have been helpful for Chandra to go deeper into the reasons why we got stuck with such a crappy security implementation. |
Overall, this book is probably most useful to those who need a quick survey-level introduction to wireless security because they’re working in the wireless industry. It’s pretty much useless for system administrators or developers (particularly because there’s only vestigial coverage of code security/quality issues) except for folks who have a general interest in the topic.
Paul's Down-Home Page 
hi:
I am the author of this book and would like to respectfully comment on Paul’s review. While writing this book, I was acutely aware of the challenge of covering such a huge topic in one book. As I say in the preface of the book:-
“It is almost impossible to explain each and every security algorithm that is used in wireless security in detail in a single volume. In writing this book, I have tried to strike a balance between architectural overviews and minute details.”
I agree with Paul that this is a book about “how to engineer secure wireless products” rather than a book about “how to set up and configure security”.
However, I respectfully disagree with him that “this book is probably most useful to those who need a quick survey-level introduction to wireless security”. I think the book goes into much more architectural detail than a ‘quick-survey’. It is intended for engineers, architects and technical managers in the industry who want to have an in-depth understanding of wireless security. My aim in writing this book has been to answer questions like:-
How is wireless security different from security of wireline networks?
How has wireless security evolved with changes in wireless networking?
What is the architectural philosophy behind the design of wireless security protocols?
What are the loopholes in these protocols and how can they be rectified in future designs?
I believe the book succeeds in answering these questions and explainig the design of security in wireless networks and the philosphy behind it.
regards
praphul chandra.