"The trick to sound security is to begin early, know your threats,... design for security, and subject your design to thorough objective risk analyses and testing. This book will help."—From the Foreword by Gary McGraw, CTO of Cigital, and coauthor of Building Secure Software

As wireless technology emerges into the mainstream of the networking and communications markets, the wireless development community has a unique opportunity to be proactive, rather than reactive, in its approach to security. At this early point in the wireless industry, developers can anticipate future security needs and integrate security considerations into every stage of the development process. Wireless Security and Privacy shows developers how to take advantage of this exceptional opportunity.

Written for wireless development professionals new to security, and for security professionals moving into the wireless arena, this book presents the foundation upon which to design and develop secure wireless systems. It looks in depth at the key issues faced by those who develop wireless devices and applications, describes the technology and tools that are now available, and offers a proven methodology for designing a comprehensive wireless risk management solution.

In particular, Wireless Security and Privacy documents the I-ADD process, which offers a standardized, systematic approach for identifying targets, analyzing vulnerabilities, defining strategies, and designing security into the entire development lifecycle of a wireless system.

The book also examines such important topics as:

· Fundamental wireless and security principles

· Specific wireless technologies, including 802.11b, Bluetooth, and WAP

· The security implications of the architecture of PDAs, cell phones, and wireless network cards for laptops

· The security shortcomings of wireless development languages

· Development of a risk model for a wireless system

· Cryptography essentials

· Privacy policy and legal issues

· The role of COTS products in a comprehensive security solution

· Analysis of known and theoretical attacks

· Security, financial, and functionality tradeoffs

Several case studies run throughout the book, illustrating the application of important concepts, techniques, strategies, and models.

In all, this practical guide book builds a framework for understanding the present and future of wireless security and offers the specific security strategies and methodologies that are critical for success in this fast-moving market.