Description

Book Synopsis


Table of Contents

Foreword xxix

Preface xxxi

Introduction xxxv

Part I Technical Foundations 1

Chapter 1 Introduction to Concepts and Relationships 3

Roles and Responsibilities 4

Network and Wireless Architects 4

Security, Risk, and Compliance Roles 5

Operations and Help Desk Roles 8

Support Roles 9

External and Third Parties 9

Security Concepts for Wireless Architecture 11

Security and IAC Triad in Wireless 11

Aligning Wireless Architecture Security to Organizational Risk 14

Factors Influencing Risk Tolerance 15

Assigning a Risk Tolerance Level 15

Considering Compliance and Regulatory Requirements 17

Compliance Regulations, Frameworks, and Audits 17

The Role of Policies, Standards, and Procedures 19

Segmentation Concepts 22

Authentication Concepts 23

Cryptography Concepts 27

Wireless Concepts for Secure Wireless Architecture 30

NAC and IEEE 802.1X in Wireless 33

SSID Security Profiles 34

Security 35

Endpoint Devices 35

Network Topology and Distribution of Users 37

Summary 43

Chapter 2 Understanding Technical Elements 45

Understanding Wireless Infrastructure and Operations 45

Management vs. Control vs. Data Planes 46

Cloud-Managed Wi-Fi and Gateways 48

Controller Managed Wi-Fi 52

Local Cluster Managed Wi-Fi 53

Remote APs 55

Summary 55

Understanding Data Paths 56

Tunneled 58

Bridged 59

Considerations of Bridging Client Traffic 59

Hybrid and Other Data Path Models 61

Filtering and Segmentation of Traffic 62

Summary 71

Understanding Security Profiles for SSIDs 72

WPA2 and WPA3 Overview 73

Transition Modes and Migration Strategies for Preserving Security 76

Enterprise Mode (802.1X) 77

Personal Mode (Passphrase with PSK/SAE) 87

Open Authentication Networks 94

Chapter 3 Understanding Authentication and Authorization 101

The IEEE 802.1X Standard 102

Terminology in 802.1X 103

High-Level 802.1X Process in Wi-Fi Authentication 105

RADIUS Servers, RADIUS Attributes, and VSAs 107

RADIUS Servers 107

RADIUS Servers and NAC Products 108

Relationship of RADIUS, EAP, and Infrastructure Devices 110

RADIUS Attributes 111

RADIUS Vendor-Specific Attributes 115

RADIUS Policies 116

RADIUS Servers, Clients and Shared Secrets 118

Other Requirements 121

Additional Notes on RADIUS Accounting 122

Change of Authorization and Disconnect Messages 123

EAP Methods for Authentication 127

Outer EAP Tunnels 129

Securing Tunneled EAP 132

Inner Authentication Methods 133

Legacy and Unsecured EAP Methods 137

Recommended EAP Methods for Secure Wi-Fi 138

MAC-Based Authentications 140

MAC Authentication Bypass with RADIUS 140

MAC Authentication Without RADIUS 147

MAC Filtering and Denylisting 147

Certificates for Authentication and Captive Portals 148

RADIUS Server Certificates for 802.1X 148

Endpoint Device Certificates for 802.1X 151

Best Practices for Using Certificates for 802.1X 152

Captive Portal Server Certificates 158

Best Practices for Using Certificates for Captive Portals 159

In Most Cases, Use a Public Root CA Signed Server Certificate 159

Understand the Impact of MAC Randomization on Captive Portals 159

Captive Portal Certificate Best Practices Recap 161

Summary 162

Captive Portal Security 163

Captive Portals for User or Guest Registration 163

Captive Portals for Acceptable Use Policies 165

Captive Portals for BYOD 166

Captive Portals for Payment Gateways 167

Security on Open vs. Enhanced Open Networks 167

Access Control for Captive Portal Processes 167

LDAP Authentication for Wi-Fi 168

The 4-Way Handshake in Wi-Fi 168

The 4-Way Handshake Operation 168

The 4-Way Handshake with WPA2-Personal and WPA3-Personal 170

The 4-Way Handshake with WPA2-Enterprise and WPA3-Enterprise 171

Summary 171

Chapter 4 Understanding Domain and Wi-Fi Design Impacts 173

Understanding Network Services for Wi-Fi 173

Time Sync Services 174

Time Sync Services and Servers 175

Time Sync Uses in Wi-Fi 175

DNS Services 177

DHCP Services 180

DHCP for Wi-Fi Clients 181

Planning DHCP for Wi-Fi Clients 184

DHCP for AP Provisioning 185

Certificates 186

Understanding Wi-Fi Design Impacts on Security 187

Roaming Protocols’ Impact on Security 188

Fast Roaming Technologies 193

System Availability and Resiliency 203

RF Design Elements 205

AP Placement, Channel, and Power Settings 205

Wi-Fi 6E 207

Rate Limiting Wi-Fi 208

Other Networking, Discovery, and Routing Elements 213

Summary 217

Part II Putting It All Together 219

Chapter 5 Planning and Design for Secure Wireless 221

Planning and Design Methodology 222

Discover Stage 223

Architect Stage 224

Iterate Stage 225

Planning and Design Inputs (Define and Characterize) 227

Scope of Work/Project 228

Teams Involved 230

Organizational Security Requirements 233

Current Security Policies 235

Endpoints 236

Users 239

System Security Requirements 239

Applications 240

Process Constraints 240

Wireless Management Architecture and Products 241

Planning and Design Outputs (Design, Optimize, and Validate) 241

Wireless Networks (SSIDs) 247

System Availability 249

Additional Software or Tools 249

Processes and Policy Updates 250

Infrastructure Hardening 251

Correlating Inputs to Outputs 252

Planning Processes and Templates 254

Requirements Discovery Template (Define and Characterize) 254

Sample Network Planning Template (SSID Planner) 261

Sample Access Rights Planning Templates 262

Notes for Technical and Executive Leadership 267

Planning and Budgeting for Wireless Projects 268

Consultants and Third Parties Can Be Invaluable 271

Selecting Wireless Products and Technologies 271

Expectations for Wireless Security 275

Summary 279

Chapter 6 Hardening the Wireless Infrastructure 281

Securing Management Access 282

Enforcing Encrypted Management Protocols 283

Eliminating Default Credentials and Passwords 293

Controlling Administrative Access and Authentication 296

Securing Shared Credentials and Keys 301

Addressing Privileged Access 303

Additional Secure Management Considerations 307

Designing for Integrity of the Infrastructure 308

Managing Configurations, Change Management, and Backups 309

Configuring Logging, Reporting, Alerting, and Automated Responses 313

Verifying Software Integrity for Upgrades and Patches 314

Working with 802.11w Protected Management Frames 316

Provisioning and Securing APs to Manager 321

Adding Wired Infrastructure Integrity 325

Planning Physical Security 331

Locking Front Panel and Console Access on Infrastructure Devices 334

Disabling Unused Protocols 337

Controlling Peer-to- Peer and Bridged Communications 339

A Note on Consumer Products in the Enterprise 339

Blocking Ad-Hoc Networks 341

Blocking Wireless Bridging on Clients 342

Filtering Inter-Station Traffic, Multicast, and mDNS 344

Best Practices for Tiered Hardening 353

Additional Security Configurations 354

Security Monitoring, Rogue Detection, and WIPS 355

Considerations for Hiding or Cloaking SSIDs 356

Requiring DHCP for Clients 359

Addressing Client Credential Sharing and Porting 360

Summary 362

Part III Ongoing Maintenance and Beyond 365

Chapter 7 Monitoring and Maintenance of Wireless Networks 367

Security Testing and Assessments of Wireless Networks 367

Security Audits 368

Vulnerability Assessments 370

Security Assessments 373

Penetration Testing 375

Ongoing Monitoring and Testing 376

Security Monitoring and Tools for Wireless 376

Wireless Intrusion Prevention Systems 377

Recommendations for WIPS 404

Synthetic Testing and Performance Monitoring 405

Security Logging and Analysis 407

Wireless-Specific Tools 410

Logging, Alerting, and Reporting Best Practices 416

Events to Log for Forensics or Correlation 417

Events to Alert on for Immediate Action 419

Events to Report on for Analysis and Trending 422

Troubleshooting Wi-Fi Security 424

Troubleshooting 802.1X/EAP and RADIUS 425

Troubleshooting MAC-based

Authentication 428

Troubleshooting Portals, Onboarding, and Registration 431

Troubleshooting with Protected Management Frames Enabled 431

Training and Other Resources 432

Technology Training Courses and Providers 432

Vendor-Specific Training and Resources 435

Conferences and Community 436

Summary 437

Chapter 8 Emergent Trends and Non-Wi- Fi Wireless 439

Emergent Trends Impacting Wireless 440

Cloud-Managed Edge Architectures 440

Remote Workforce 441

Process Changes to Address Remote Work 443

Recommendations for Navigating a Remote Workforce 444

Bring Your Own Device 445

Zero Trust Strategies 455

Internet of Things 463

Enterprise IoT Technologies and Non-802.11 Wireless 465

IoT Considerations 466

Technologies and Protocols by Use Case 467

Features and Characteristics Impact on Security 502

Other Considerations for Secure IoT Architecture 507

Final Thoughts from the Book 508

Appendix A Notes on Configuring 802.1X with Microsoft NPS 513

Wi-Fi Infrastructure That Supports Enterprise (802.1X) SSID Security Profiles 513

Endpoints That Support 802.1X/EAP 514

A Way to Configure the Endpoints for the Specified Connectivity 515

An Authentication Server That Supports RADIUS 517

Appendix B Additional Resources 521

IETF RFCs 521

IEEE Standards and Documents 522

Wi-Fi Alliance 524

Blog, Consulting, and Book Materials 524

Compliance and Mappings 525

Cyber Insurance and Network Security 528

Appendix C Sample Architectures 531

Architectures for Internal Access Networks 532

Managed User with Managed Device 533

Headless/Non-User- Based Devices 539

Contractors and Third Parties 544

BYOD/Personal Devices with Internal Access 547

Guidance on WPA2-Enterprise and WPA3-Enterprise 549

Guidance on When to Separate SSIDs 550

Architectures for Guest/Internet-only Networks 551

Guest Networks 551

BYOD/Personal Devices with Internet-only Access 553

Determining Length of a WPA3-Personal Passphrase 555

Appendix D Parting Thoughts and Call to Action 559

The Future of Cellular and Wi-Fi 559

MAC Randomization 562

Index 567

Wireless Security Architecture

    Product form

    £30.39

    Includes FREE delivery

    RRP £37.99 – you save £7.60 (20%)

    Order before 4pm tomorrow for delivery by Wed 24 Jun 2026.

    A Paperback / softback by Jennifer Minella, Stephen Orr

    1 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Wireless Security Architecture by Jennifer Minella

      Publisher: John Wiley & Sons Inc
      Publication Date: 11/04/2022
      ISBN13: 9781119883050, 978-1119883050
      ISBN10: 1119883059
      Also in:
      Technology, Engineering & Agriculture Electronics and communications engineering

      Description

      Book Synopsis


      Table of Contents

      Foreword xxix

      Preface xxxi

      Introduction xxxv

      Part I Technical Foundations 1

      Chapter 1 Introduction to Concepts and Relationships 3

      Roles and Responsibilities 4

      Network and Wireless Architects 4

      Security, Risk, and Compliance Roles 5

      Operations and Help Desk Roles 8

      Support Roles 9

      External and Third Parties 9

      Security Concepts for Wireless Architecture 11

      Security and IAC Triad in Wireless 11

      Aligning Wireless Architecture Security to Organizational Risk 14

      Factors Influencing Risk Tolerance 15

      Assigning a Risk Tolerance Level 15

      Considering Compliance and Regulatory Requirements 17

      Compliance Regulations, Frameworks, and Audits 17

      The Role of Policies, Standards, and Procedures 19

      Segmentation Concepts 22

      Authentication Concepts 23

      Cryptography Concepts 27

      Wireless Concepts for Secure Wireless Architecture 30

      NAC and IEEE 802.1X in Wireless 33

      SSID Security Profiles 34

      Security 35

      Endpoint Devices 35

      Network Topology and Distribution of Users 37

      Summary 43

      Chapter 2 Understanding Technical Elements 45

      Understanding Wireless Infrastructure and Operations 45

      Management vs. Control vs. Data Planes 46

      Cloud-Managed Wi-Fi and Gateways 48

      Controller Managed Wi-Fi 52

      Local Cluster Managed Wi-Fi 53

      Remote APs 55

      Summary 55

      Understanding Data Paths 56

      Tunneled 58

      Bridged 59

      Considerations of Bridging Client Traffic 59

      Hybrid and Other Data Path Models 61

      Filtering and Segmentation of Traffic 62

      Summary 71

      Understanding Security Profiles for SSIDs 72

      WPA2 and WPA3 Overview 73

      Transition Modes and Migration Strategies for Preserving Security 76

      Enterprise Mode (802.1X) 77

      Personal Mode (Passphrase with PSK/SAE) 87

      Open Authentication Networks 94

      Chapter 3 Understanding Authentication and Authorization 101

      The IEEE 802.1X Standard 102

      Terminology in 802.1X 103

      High-Level 802.1X Process in Wi-Fi Authentication 105

      RADIUS Servers, RADIUS Attributes, and VSAs 107

      RADIUS Servers 107

      RADIUS Servers and NAC Products 108

      Relationship of RADIUS, EAP, and Infrastructure Devices 110

      RADIUS Attributes 111

      RADIUS Vendor-Specific Attributes 115

      RADIUS Policies 116

      RADIUS Servers, Clients and Shared Secrets 118

      Other Requirements 121

      Additional Notes on RADIUS Accounting 122

      Change of Authorization and Disconnect Messages 123

      EAP Methods for Authentication 127

      Outer EAP Tunnels 129

      Securing Tunneled EAP 132

      Inner Authentication Methods 133

      Legacy and Unsecured EAP Methods 137

      Recommended EAP Methods for Secure Wi-Fi 138

      MAC-Based Authentications 140

      MAC Authentication Bypass with RADIUS 140

      MAC Authentication Without RADIUS 147

      MAC Filtering and Denylisting 147

      Certificates for Authentication and Captive Portals 148

      RADIUS Server Certificates for 802.1X 148

      Endpoint Device Certificates for 802.1X 151

      Best Practices for Using Certificates for 802.1X 152

      Captive Portal Server Certificates 158

      Best Practices for Using Certificates for Captive Portals 159

      In Most Cases, Use a Public Root CA Signed Server Certificate 159

      Understand the Impact of MAC Randomization on Captive Portals 159

      Captive Portal Certificate Best Practices Recap 161

      Summary 162

      Captive Portal Security 163

      Captive Portals for User or Guest Registration 163

      Captive Portals for Acceptable Use Policies 165

      Captive Portals for BYOD 166

      Captive Portals for Payment Gateways 167

      Security on Open vs. Enhanced Open Networks 167

      Access Control for Captive Portal Processes 167

      LDAP Authentication for Wi-Fi 168

      The 4-Way Handshake in Wi-Fi 168

      The 4-Way Handshake Operation 168

      The 4-Way Handshake with WPA2-Personal and WPA3-Personal 170

      The 4-Way Handshake with WPA2-Enterprise and WPA3-Enterprise 171

      Summary 171

      Chapter 4 Understanding Domain and Wi-Fi Design Impacts 173

      Understanding Network Services for Wi-Fi 173

      Time Sync Services 174

      Time Sync Services and Servers 175

      Time Sync Uses in Wi-Fi 175

      DNS Services 177

      DHCP Services 180

      DHCP for Wi-Fi Clients 181

      Planning DHCP for Wi-Fi Clients 184

      DHCP for AP Provisioning 185

      Certificates 186

      Understanding Wi-Fi Design Impacts on Security 187

      Roaming Protocols’ Impact on Security 188

      Fast Roaming Technologies 193

      System Availability and Resiliency 203

      RF Design Elements 205

      AP Placement, Channel, and Power Settings 205

      Wi-Fi 6E 207

      Rate Limiting Wi-Fi 208

      Other Networking, Discovery, and Routing Elements 213

      Summary 217

      Part II Putting It All Together 219

      Chapter 5 Planning and Design for Secure Wireless 221

      Planning and Design Methodology 222

      Discover Stage 223

      Architect Stage 224

      Iterate Stage 225

      Planning and Design Inputs (Define and Characterize) 227

      Scope of Work/Project 228

      Teams Involved 230

      Organizational Security Requirements 233

      Current Security Policies 235

      Endpoints 236

      Users 239

      System Security Requirements 239

      Applications 240

      Process Constraints 240

      Wireless Management Architecture and Products 241

      Planning and Design Outputs (Design, Optimize, and Validate) 241

      Wireless Networks (SSIDs) 247

      System Availability 249

      Additional Software or Tools 249

      Processes and Policy Updates 250

      Infrastructure Hardening 251

      Correlating Inputs to Outputs 252

      Planning Processes and Templates 254

      Requirements Discovery Template (Define and Characterize) 254

      Sample Network Planning Template (SSID Planner) 261

      Sample Access Rights Planning Templates 262

      Notes for Technical and Executive Leadership 267

      Planning and Budgeting for Wireless Projects 268

      Consultants and Third Parties Can Be Invaluable 271

      Selecting Wireless Products and Technologies 271

      Expectations for Wireless Security 275

      Summary 279

      Chapter 6 Hardening the Wireless Infrastructure 281

      Securing Management Access 282

      Enforcing Encrypted Management Protocols 283

      Eliminating Default Credentials and Passwords 293

      Controlling Administrative Access and Authentication 296

      Securing Shared Credentials and Keys 301

      Addressing Privileged Access 303

      Additional Secure Management Considerations 307

      Designing for Integrity of the Infrastructure 308

      Managing Configurations, Change Management, and Backups 309

      Configuring Logging, Reporting, Alerting, and Automated Responses 313

      Verifying Software Integrity for Upgrades and Patches 314

      Working with 802.11w Protected Management Frames 316

      Provisioning and Securing APs to Manager 321

      Adding Wired Infrastructure Integrity 325

      Planning Physical Security 331

      Locking Front Panel and Console Access on Infrastructure Devices 334

      Disabling Unused Protocols 337

      Controlling Peer-to- Peer and Bridged Communications 339

      A Note on Consumer Products in the Enterprise 339

      Blocking Ad-Hoc Networks 341

      Blocking Wireless Bridging on Clients 342

      Filtering Inter-Station Traffic, Multicast, and mDNS 344

      Best Practices for Tiered Hardening 353

      Additional Security Configurations 354

      Security Monitoring, Rogue Detection, and WIPS 355

      Considerations for Hiding or Cloaking SSIDs 356

      Requiring DHCP for Clients 359

      Addressing Client Credential Sharing and Porting 360

      Summary 362

      Part III Ongoing Maintenance and Beyond 365

      Chapter 7 Monitoring and Maintenance of Wireless Networks 367

      Security Testing and Assessments of Wireless Networks 367

      Security Audits 368

      Vulnerability Assessments 370

      Security Assessments 373

      Penetration Testing 375

      Ongoing Monitoring and Testing 376

      Security Monitoring and Tools for Wireless 376

      Wireless Intrusion Prevention Systems 377

      Recommendations for WIPS 404

      Synthetic Testing and Performance Monitoring 405

      Security Logging and Analysis 407

      Wireless-Specific Tools 410

      Logging, Alerting, and Reporting Best Practices 416

      Events to Log for Forensics or Correlation 417

      Events to Alert on for Immediate Action 419

      Events to Report on for Analysis and Trending 422

      Troubleshooting Wi-Fi Security 424

      Troubleshooting 802.1X/EAP and RADIUS 425

      Troubleshooting MAC-based

      Authentication 428

      Troubleshooting Portals, Onboarding, and Registration 431

      Troubleshooting with Protected Management Frames Enabled 431

      Training and Other Resources 432

      Technology Training Courses and Providers 432

      Vendor-Specific Training and Resources 435

      Conferences and Community 436

      Summary 437

      Chapter 8 Emergent Trends and Non-Wi- Fi Wireless 439

      Emergent Trends Impacting Wireless 440

      Cloud-Managed Edge Architectures 440

      Remote Workforce 441

      Process Changes to Address Remote Work 443

      Recommendations for Navigating a Remote Workforce 444

      Bring Your Own Device 445

      Zero Trust Strategies 455

      Internet of Things 463

      Enterprise IoT Technologies and Non-802.11 Wireless 465

      IoT Considerations 466

      Technologies and Protocols by Use Case 467

      Features and Characteristics Impact on Security 502

      Other Considerations for Secure IoT Architecture 507

      Final Thoughts from the Book 508

      Appendix A Notes on Configuring 802.1X with Microsoft NPS 513

      Wi-Fi Infrastructure That Supports Enterprise (802.1X) SSID Security Profiles 513

      Endpoints That Support 802.1X/EAP 514

      A Way to Configure the Endpoints for the Specified Connectivity 515

      An Authentication Server That Supports RADIUS 517

      Appendix B Additional Resources 521

      IETF RFCs 521

      IEEE Standards and Documents 522

      Wi-Fi Alliance 524

      Blog, Consulting, and Book Materials 524

      Compliance and Mappings 525

      Cyber Insurance and Network Security 528

      Appendix C Sample Architectures 531

      Architectures for Internal Access Networks 532

      Managed User with Managed Device 533

      Headless/Non-User- Based Devices 539

      Contractors and Third Parties 544

      BYOD/Personal Devices with Internal Access 547

      Guidance on WPA2-Enterprise and WPA3-Enterprise 549

      Guidance on When to Separate SSIDs 550

      Architectures for Guest/Internet-only Networks 551

      Guest Networks 551

      BYOD/Personal Devices with Internet-only Access 553

      Determining Length of a WPA3-Personal Passphrase 555

      Appendix D Parting Thoughts and Call to Action 559

      The Future of Cellular and Wi-Fi 559

      MAC Randomization 562

      Index 567

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account