Although not for the technically faint-hearted, Wi-Foo does a good job of explaining the vulnerabilities of wireless networks, and how administrators can marshal and maintain their defences.

People often fail to realise just how much extra risk installing a wireless access point adds to a network. This book reminds you: someone, entirely unknown to you, can point an antenna at your network from a car, sit on a nearby bench with a notebook PC, or install an extra access point in the building next door. The fact that 802.11b is such a widespread standard only makes it easier. You may think your network is too small to be at risk, but not so, say the authors. Often, small networks are more vulnerable because they do not have dedicated technical staff to secure them.

The book begins by explaining why wireless networks are so vulnerable and who is at risk and who the attackers are. From there it moves quickly into technical analysis: it examines standard equipment from the chipsets in wireless network interface cards to RF cables, as well as software drivers and utilities, Next it covers scanning and mapping networks, the software and hardware tools used to penetrate WEP and sniff traffic, and looks at the types of attacks that can be turned against networks. It then explains the defences that can be mounted, from cryptographic data protection to better authentication, using VPNs and other techniques. Finally, it provides a template to help administrators audit their networks for vulnerabilities.

This is not a book for the technically faint-hearted. Although plenty of it is written in plain enough English -- such as the reasons why you should not install a more powerful antenna than you need, or why someone might attack your network -- plenty more of it is more complex and technically detailed than the average user would probably like. The explanation of asymmetric (public key) cryptography is a case in point: this topic can be explained for the layman, but here it's accompanied by examples of the relevant mathematical formulas.

A word of caution. Although the authors' technical advice is sound, their grasp of British laws is shaky. They confuse, for example, the Regulation of Investigatory Powers Act (2000) with the Anti-Terrorism, Crime and Security Act (2001). To understand your legal liability, look elsewhere.

Copyright © 1995-2009 CBS Interactive Limited. All rights reserved
ZDNET is a registered service mark of CBS Interactive Limited. ZDNET Logo is a service mark of CBS Interactive Limited.