Editor’s Note: The Take Control Of series of PDF e-books is essential to getting the most out of Apple products. These gems published by Tonya and Adam Engst include a new title that goes beyond Apple’s products to cover Wi-Fi networking, with advice shaped for Apple users. I’ve asked a security professional to have a look from his industry-wide perspective.

Review by Steve Hardwick

Many computer users are taking advantage of the wireless technology in their home and small office networks. Unfortunately, many are unaware of the dangers that this can cause if not implemented well. In many cases the initial set-up for wireless equipment gives an easy to use but very insecure network. Take Control of Your WiFi Security, a $10 e-book from Take Control Publications, provides a lot of very useful information for setting up secure wireless networks.

One key element of security, often overlooked in similar publications, is to understand what you are protecting against. Not only does the book’s quick-start guide begin with assessing the threats, but there is a reasonable section on determining your security risk. The three L’s approach — likelihood, liability, and lost opportunity — serve to simplify the definition of risk principles. The section also included some good analogies to illustrate these principles.A couple of topics are not as well covered. First is the danger of illicit theft of internet bandwidth, especially if used for illegal access (e.g. neighborhood teenagers surfing adult sites). Second is the impact of identity theft. A quick discussion of this topic, especially the financial cost, would have been very helpful to the reader.

In the section on preventing access, the authors give a good overview of WEP, WPA and WPS security protocols. There is a fairly complete roundup of the various encryption standards and their evolution. There’s also a good review of the flaws of WEP and the dangers of choosing this encryption methodology.

This prevention section includes some real-world examples of how to set up networks to utilize the various router elements. It contains great examples of using some of Apple’s unique approaches to solving network access set-up. Guest networking was a useful inclusion, as many networking books do not address this problem very well.

“Secure your data in transit” opened very well. However, it does assume that you have some basic understanding of application protocols such as SMTP, FTP and SSH. A quick primer on basic encryption, such as symmetric versus asymmetric, would have been useful for a novice reader. Although a lot of information was presented and is very relevant, it is difficult to work out how it all fits together. It does give the reader enough information to ask the right questions of their ISP, but not all of the capabilities described are generally available to the home or small office user.

When it comes to protecting your systems, the book presents some really good concepts that apply to both wireless and wired networks. This section did assume that the reader had a basic understanding of IP protocols and infrastructure; for example the function of “ports” for different services is assumed. To get the most benefit from this section, you will want a review of basic networking concepts. This also applies to the last section in the book that deals with small offices networks.

In general, this book is a valuable tool when starting to deploy home or small business wireless networks for Apple computers. The quick-start section at the beginning, with the embedded links in the e-book, gives a good way to set up a secure network systematically. The book does tend to switch from addressing a novice user to a more network savvy individual, so it may be a hard read for a neophyte to get through some of the sections. On the other hand it does provide a good reference book for a lot of the technology used in WiFi networking. When coupled with a basic IP networking book, this would allow the novice user to tackle most WiFi security challenges.

Steve Hardwick, who holds a CISSP certification, has over 10 years of information security experience. He has worked with different environments from military customers, financial institutions, healthcare organizations and Fortune 1000 companies. He has also conducted security assessments for large and small corporations.

TAGS: None