Wireless Operational Security

Wireless Operational Security

Volumn , Issue , 2004, Pages 1-468

  Rittinghouse, John W ^a   Ransome, James F ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

NETWORK ARCHITECTURE; WIRELESS NETWORKS;

OPERATIONAL SECURITY; SECURITY FLAWS; SECURITY MANAGEMENT; WIRED NETWORKS; WIRELESS ARCHITECTURES; WIRELESS SECURITY;

NETWORK SECURITY;

EID: 47349103205     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1016/B978-1-55558-317-0.X5000-4     Document Type: Book

References (124)

1. Rittinghouse John W., William M.Hancock Cybersecurity Operations Handbook 2003, Digital Press, New York. 1st ed.
2. http://www.isc.sans.org/trends.html.
3. Computer Security Institute 2002 CSI/FBI Computer Crime and Security Survey 2003, Richard Power. http://www.gocsi.com.
4. Internet Fraud Complaint Center IFCC Annual Internet Fraud Report, January 1, 2001 to December 31 2001, http://www.ifccfbi.gov/strategy/statistics.asp.
5. Black's Law Dictionary 1999, West Group, Cleveland, OH. 7th ed. B.A. Garner (Ed.).
6. Wells Joseph T., Gilbert Geis Fraud Examiners Manual 1998, vol. 1. Association of Certified Fraud Examiners, Inc. 3rd ed.
7. The Merriam Webster Dictionary, Home and Office Edition 1995, Merriam-Webster, Springfield, MA.
8. Downes John, Jordan Elliot Goodman Barron's Dictionary of Finance and Investment Terms 1998, Barron's Educational Series, Hauppauge, NY. 5th ed.
9. http://www.usdoj.gov/criminal/cybercrime/lloydSent.htm.
10. U.S. Department of Justice. Press Release of May 1, 2001, "Creator of Melissa Virus Sentenced to 20 Months in Federal Prison," at. http://www.usdoj.gov/criminal/cybercrime/MelissaSent.htm.
11. http://www.usdoj.gov/criminal/cybercrime/4Pillars6thCir.htm.
12. The full text of this rendering can be reviewed at. http://www.usdoj.gov/criminal/cybercime/4Pillars6thCir.htm.
13. NIST SP 800-12. Computer Security Handbook 1996, author unknown, U.S. Department of Commerce, Washington, DC.
14. http://www.naic.org.
15. http://www.thomas.loc.gov.
16. Health Insurance Portability and Accountability Act of 1996 August 21, 1996, Public Law 104-191. http://www.thomas.loc.gov.
17. Information Systems Security Association, Inc CISSP Review Course 2002, Domain 1, "Access Control Systems and Methodology. PowerPoint presentation given on August 10, 1999, slide 3.
18. U.S. Department of Commerce. Special Publication 800-12, "An Introduction to Computer Security: The NIST Handbook," undated, Chapter 17, p. 204.
19. National Computer Security Center publication NCSC-TG-003 A Guide to Understanding Discretionary Access Control in Trusted Systems September 30, 1987.
20. Ferraiolo D.F., et al. Proposed NIST Standard for Role-Based Access Control 2002, NIST, Gaithersburg, MD.
21. http://www.atstake.com/research/lc/index.html.
22. Shimonski Rob Hacking Techniques: Introduction to Password Cracking July 2002, http://www.106.ibm.com/developerworks/security/library/s.
23. National Security Agency, Information Assurance Solutions Technical Directors Information Assurance Technical Framework, Version 3.1 September 2002, http://www.iatf.net.
24. Reference number ISO/IEC 15408-1:1999(E) Information technology-Security techniques-Evaluation criteria for IT security-Part 1: Introduction and general model December 1999, Joint Technical Committee ISO/IEC JTC 1, information technology.
25. Bouchard Mark Plan for a Security Architecture: Guidelines and Relationships November 11, 2002, published on ZDNET, at, Meta Group. http://www.techupdate.zdnet.com.
26. Hrivnak Allison Host-Based Intrusion Detection: An Overview of Tripwire and Intruder Alert January 29, 2002, SANS. http://www.org.
27. http://www.ftp.cert.org/pub/tools/tcp_wrappers_7.6.tar.gzandftp.porcupine.org/pub/security.
28. CERT Advisory CA-1999-01 Trojan Horse Version of TCP Wrappers January 21, 1999, Original issue date. http://www.cert.org.
29. RFC 3164, "The BSD Syslog Protocol" August 2001, IETF NWG. http://www.ietf.org, C. Lonvick (Ed.).
30. http://www.tripwire.com.for.further.details.about.Tripwire.
31. http://www.sourceforge.net.
32. The CIDF URL reference is. http://www.isi.edu/gost/cidf.
33. http://www.cve.mitre.org/about.
34. RFC 2251. Lightweight Directory Access Protocol December 1997, v3. IETF NDW. M. Wahl (Ed.).
35. Caasi Richard SAIC, contributing to the Intrusion Detection FAQ http://www.sans.org/resources/idfaq/honeypot.php.
36. White paper by Kecia Gubbels Hands in the Honeypot November 3, 2002, SANS Institute. http://www.sans.org/rr/intrusion/hands.php.
37. White paper entitled "Internet Application Security" by Eran Reshef. Perfecto Technologies 1999, first published on. http://www.securityfocus.com.
38. IATF Release 3.1 "Defend the Computing Environment," Chapter 7, Section 7.1.1.
39. CERT Coordination Center CERT Coordination Center Web document 1994, See also CERT Annual Report to ARPA for further information. http://www.cert.org.
40. U.S.Department of Justice The National Information Infrastructure Protection Act of 1996 Legislative Analysis http://www.usdoj.gov/criminal/cybercrime.
41. United States of America Executive Order issued October 16, 2001, by President George W. Bush, at. http://www.whitehouse.gov.
42. electronic document available from the Library of Congress, H.R. 3162 http://www.thomas/loc.gov.
43. http://www.usdogj.gov.
44. Known as the Cable Act., 47 U.S.C. § 551.
45. Known as the wiretap statute, 18 U.S.C. § 2510 et seq.; ECPA, 18. U.S.C. § 2701 et seq.
46. Known as the pen/trap statute, 18 U.S.C. § 3121 et seq.
47. RFC 1087, "Ethics and the Internet" January 1989, Internet Activities Board. http://www.ietf.org.
48. http://www.bluetooth.org.
49. Knight Will Many Bluetooth, Gadgets Open to Wireless Snooping. New Scientist August 11, 2003, http://www.newscientist.,com/news/news.jsp?id=ns99994041.
50. Hallenborg J. PKI Technology May Be Great for Protection against Fraud, but the People Element Remains Crucial Retrieved September 28, 2003, from. http://www.usbanker.com/usb/articles/usbfeb01.
51. The Electronic, Signatures in Global and National Commerce Act, S. 761, 106th Congress, 1st Session. For more information, see http://www.ecommercetax.com/doc/070200.htm.
52. Schneier B. Why Digital Signatures Are Not Signatures November 15, 2000. Retrieved September 28, 2003, from. http://www.schneier.com/cryptogram.
53. Federal Information Processing Standards Publication 197, "Announcing the ADVANCED ENCRYPTION STANDARD (AES)" November 26, 2001, United States National Institute of Standards, Washington, DC.
54. A Cryptographic Compendium John G. Savard's home page, date unknown, at. http://www.home.ecn.ab.ca/~jsavard/main.htm.
55. Lowery J.Craig "Developing Effective Security Policies" Dell Power Solutions November 2002, Dell Computer.
56. http://www.sans.org.
57. Guel, Michele. "Proven Practices for Managing the Security Function," from the SANS certification program for Certified Information Security Officers.
58. RFC 2196. Site Security Handbook September 1997, IETF NWG. http://www.ietf.org, B. Fraser (Ed.).
59. Fites M., Kratz P., Brebner A. Control and Security of Computer Information Systems 1989, Computer Science Press.
60. Pfleeger C. Security in Computing 1989, Prentice Hall, Englewood Cliffs, NJ.
61. http://www.usinfo.state.gov/topical/pol/terror/03021600.htm.
62. http://www.itisac.org.
63. SoBig.F breaks virus speed records. CNN News Friday, August 22, 2003, Posted: 0625 GMT (2:25 PM HKT). http://www.edition.cnn.com/2003/TECH/internet/08/21/sobig.virus.
64. http://www.sans.org/rr.
65. NIST Special Publication 800-48 (Draft), "Wireless Network Security 802.11, Bluetooth and Handheld Devices July 2003, U.S. Department of Commerce, Washington, DC. T. Karygiannis, O. Les (Eds.).
66. Sun-tzu The Art of War, Chapter 3 2002, Clearbridge Publishing, Seattle, WA.
67. http://www.netstumbler.com/nation.php.
68. The URL for this story is. http://www.computerworld.com/mobiletopics/mobile/story.html.
69. http://www.arstechnica.com/wankerdesk/3q02/warflying.
70. http://www.kismetwireless.net.
71. http://www.wildpackets.com/products/airopeek.
72. http://www.networkassociates.com/us/products/sniffer/field/snifferbasic.htm.
73. http://www.ettercap.sourceforge.net.
74. http://www.technet.com.
75. http://www.atstake.com/research/lc.
76. Rittinghouse John W., Hancock William M. Cybersecurity Operations Handbook 2003, Material in this section is excerpted from the, Reprinted with permission, Digital Press, New York.
77. http://www.antispy.com.
78. Housley R. Wireless LAN Security Solution Motives and Rationale. NIST WLAN Security Workshop Presentation, Vigil Security, LLC December 4-5, 2002.
79. IEEE Status of Project IEEE 802.11i Retrieved August 23, 2003, from. http://www.grouper.ieee.org/groups/802/11/Reports/tgi_update.htm.
80. Sourceforge WEPCrack Retrieved August 23, 2002, from. http://www.wepcrack.sourceforge.net.
81. Shmoo AirSnort Homepage. Retrieved August 23, 2002, from. http://www.airsnort.shmoo.com.
82. IEEE Status of Project IEEE 802.11i Retrieved August 23, 2003 from. http://www.grouper.ieee.org/groups/802/11/Reports/tgi/update.htm.
83. IEEE 802.1x-Port-Based Network Access Control Retrieved August 23, 2003, from. http://www.ieee802.org/1/pages/802.1.x.html.
84. Condon P., et al. Request for Comments: 3580-IEEE 802.1X Remote Authentication Dial-In User Service (RADIUS) Usage Guidelines Retrieved September 19, 2002, from. http://www.ietf.org/rfc/rfc3580.txt.
85. Cisco Application Note: Authentication with 802.1x and EAP Across Congested WAN Links Retrieved August 23, 2003, from. http://www.cisco.com/en/US/netsol/netsol/ns110/ns175/ns176/ns178/networking_solutions_white_paper09186a00800a9e8e.shtml10.
86. http://www.ietf.org.
87. Aboba B., Simon D. RFC 2716-PPP EAP TLS Authentication Protocol Retrieved August 23, 2003, from. http://www.faqs.org/rfcs/rfc2716.html.
88. Microsoft Knowledgebase Article 325725 Protected EAP (PEAP) Support Added to Windows XP SP1 and Windows Server 2003 http://www.support.microsoft.com/default.aspx?scid=kb;en.
89. http://www.funk.com/radious.
90. Blunk L., Vollbrecht J. RFC 2284-PPP Extensible Authentication Protocol (EAP) Retrieved August 23, 2003, from. http://www.faqs.org/rfcs/rfc2284.html.
91. Andersson H., Josefsson S., Zorn G., Simon D., Palekar A. PPPEXT Working Group Internet-DRAFT: Protected EAP Protocol (PEAP) Retrieved August 23, 2003, from. http://www.globecom.net/ietf/draft/draftjosefsson.
92. Layer 2 Tunnelling Protocol Daemon Retrieved August 23, 2003, from. http://www.12tpd.org.
93. IETF IP Security Protocol (ipsec) Retrieved August 23, 2003, from. http://www.ietf.org/html.charters/ipsec.
94. SourceForge.net. "PPTP Client" Retrieved August 23, 2003, from. http://www.pptpclient.sourceforge.net.
95. Microsoft Point-Point Tunneling Protocol (PPTP) FAQ Retrieved August 23, 2003, from. http://www.microsoft.com/ntserver/ProductInfo/faqs/PPTPfaq.asp.
96. Aalto T. IPv6 Authentication Header and Encapsulated Security Payload Retrieved August 23, 2003, from. http://www.tml.hut.fi/Opinnot/Tik.
97. Aalto T. IPv6 Authentication Header and Encapsulated Security Payload Retrieved August 23, 2003, from. http://www.tml.hut.fi/Opinnot/Tik.
98. IETF Secure Shell (secsh) Retrieved August 23, 2003, from. http://www.ietf.org/html.charters/secsh.
99. SSH SSH2 Retrieved August 23, 2003. from, and Wellington, B. sftp, Retrieved August 23 2003, from. http://www.xbill.org/sftp/oldindex.html.
100. VanDyke Software SSH Overview: Security Benefits Retrieved September 15, 2003, from. http://www.vandyke.com/solutions/ssh_overview/ssh_overview_integrity.html.
101. IETF RFC 2002: IP Mobility Support Retrieved August 23, 2003, from. http://www.ietf.org/rfc/rfc2002.txt.
102. IEEE Status of Project IEEE 802.11f: Recommended Practice for Inter Access Point Protocol Retrieved August 23, 2003, from. http://www.grouper.ieee.org/groups/802/11/Reports/tgf/update.htm.
103. Internet Society Network Working Group-Request for Comments: 3118-Authentication for DHCP Messages Retrieved August 23, 2003, from. http://www.ietf.org/rfc/rfc3118.txt.
104. Microsoft Product Support Services Microsoft Knowledge Base Article-169289: DHCP (Dynamic Host Configuration Protocol) Basics Retrieved August 23, 2003, from. http://www.support.microsoft.com/?kbid=169289.
105. Champaine George A. MIT Project Athena: A Model for Distributed Campus Computing 1991, Retrieved on September 24, 2003, from, Digital Press, Boston. http://www.homepage.montana.edu/~sheehan/bookreviews/champaine.html.
106. Massachusetts Institute of Technology Kerberos TGT renewal Retrieved August 23, 2003, from. http://www.mailman.mit.edu/pipermail/kerberos/2002.
107. The University of Chicago: Networking Services and Information Technologies Kerberos TGS Grants Ticket Retrieved August 23, 2003, from. http://www.security.uchicago.edu/kerberos/talk/how/appticketkdc.shtml.
108. Symbol Technologies. "Technology for a Secure Mobiel Wireless LAN Environment: Evolution, Requirements, Options," White Paper.
109. http://www.barcodedatalink.com/spectrum/24.htm.
110. Symbol Technologies Symbol Products: Wireless Retrieved August 23, 2003, from. http://www.symbol.com/products/wireless/ap413111.html.
111. CERT Coordination Center Vulnerability Note VU#602625-KTH Kerberos environment variables krb4proxy and KRBCON-FDIR May Be Used Insecurely Retrieved August 23, 2003, from. http://www.kb.cert.orq/vuls/id/602625.
112. Kasslin K., Tikkanen A. Attacks on Kerberos V in a Windows 2000 Environment Retrieved August 23, 2003, from. http://www.hut.fi/~autikkan/kerberos/docs/phasel/pdf/LATEST_password_attack.pdf.
113. Interlink Networks Inc. Access Control and Authentication-White Paper Retrieved August 23, 2003, from. http://www.interlinknetworks.com/graphics/news/WLAN_Access_Control.pdf.
114. Will Schmied MCSE/MCSA Implementing and Administering Security in a Windows 2000 Network: Study Guide and DVD Training System (Exam, 70-214) 2003, For more information on putting Kerberos to work in Windows 2000, be sure to see, Syngress Publishing.
115. Congdon, et al. Request for Comments: 3580-IEEE 802. 1X Remote Authentication Dial-In User Service (RADIUS) Usage Guidelines Retrieved August 23, 2003, from. http://www.ietf.org/rfc/rfc3580.txt.
116. IBM.IBM Directory Server Rietrieved August 23, 2003, from. http://www.3.ibm.com/software/tivoli/products/directory.
117. Innosoft Innosoft Directory Services (IDS) Product Information Retrieved August 23, 2003, from. http://www.innosoft.com/directory/solutions/idsproducts.html.
118. Netscape.Netscape Directory Server Retrieved August 23, 2003, from. http://www.wp.netscape.com/directory/v4.0/index.html.
119. OpenLADP OpenLDAP Retrieved August 23, 2003, from. http://www.openldap.org.
120. Sun Microsystems Sun ONE Directory Server 5.2 Retrieved August 23, 2003, from. http://www.sun.com/software/products/directory_srvr/home_directory.html.
121. University of Michigan The SLAPD and SLURPD Release 3.3: Administrators Guide Retrieved August 23, 2003, from. http://www.umich.edu/~dirsvcs/ldap/doc/guides/slapd/toc.html.
122. IEEE IEEE P802.11-Task Group I, Meeting Update: Status of Project IEEE 802.11 i MAC Enhancements for Enhanced Security Retrieved August 23, 2002, from. http://www.qrouper.ieee.orq/qroups/802/11/Reports/tqi/update.htm.
123. WiFi Alliance Overview: WiFi Protected Access Retrieved August 23, 2003, from. http://www.wifialliance.org/OpenSection/pdf/Wi.
124. Ransome J. Wireless Integrated Secure Data Options Model (WISDOM) for Converged Network Security. A formal dissertation proposal submitted in partial fulfillment of the requirements for the degree of doctor of philosophy November 2003, Graduate School of Computer and Information Sciences, Nova Southeastern University.