Further Reading: Wireless Security

Curated, annotated resources to deepen this chapter. Each entry notes which learning path it serves most (🛡️ SOC, 🏗️ Engineer, 📋 GRC, 📜 Cert) and its citation tier. Start with the suggested order; you do not need to read everything before Chapter 9.

Suggested order

  1. Read the Wi-Fi Alliance overview of WPA3 to see, from the source, what changed and why (SAE, Enhanced Open, PMF).
  2. Skim the NIST SP 800-153 wireless-LAN security guidelines for the standards-grade control set.
  3. Read a clear explainer of the KRACK and Dragonblood results to internalize "even sound protocols have implementation bugs — patch wireless gear."
  4. Map the relevant MITRE ATT&CK techniques (rogue AP, evil twin, network sniffing) to the attacks in §8.4 so you can speak the shared language.

Standards & primary documents (Tier 1)

  • Wi-Fi Alliance, WPA3 Specification and Security overview (wi-fi.org). 🏗️📜 The authoritative source on WPA3, SAE, Enhanced Open (OWE), and Protected Management Frames. Read the security overview to ground §8.2's protocol rule in the standard itself.
  • NIST SP 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs). 🏗️📋 The standards-grade control checklist for enterprise WiFi — configuration, monitoring, and assessment. The closest thing to an official version of this chapter's §8.6 design discipline.
  • IEEE 802.1X and 802.11i / 802.11w (the standards behind enterprise auth and Protected Management Frames). 🏗️ Dense, but the primary definition of the supplicant/authenticator/server model and the management-frame protection that defeats deauthentication. Read about them first; consult the standards as reference.
  • PCI-DSS v4.0, wireless requirements. 📋📜 The mandatory baseline for any cardholder-data environment: prohibits WEP, requires strong wireless authentication and encryption, and requires scanning for rogue APs. Directly relevant to Meridian's and any retailer's obligations.
  • MITRE ATT&CK (attack.mitre.org). 🛡️ Look up the techniques for rogue/evil-twin access points and network sniffing to connect §8.4's attacks to the framework you will live in throughout Part V.

Free online & explainers (Tier 1 / Tier 2)

  • The KRACK Attack site and paper (Vanhoef & Piessens, 2017). 🛡️🏗️ The original disclosure of the WPA2 key-reinstallation attack — a model of responsible disclosure and the canonical example of "the protocol was sound, the implementation reinstalled a key." (Tier 1 for the paper; read a reputable summary first.)
  • Dragonblood (WPA3/SAE) analysis (Vanhoef & Ronen, 2019). 🏗️ The follow-up showing WPA3's early implementation flaws — and that they were patchable. Reinforces that no protocol is "done" at release. (Tier 2: read a well-sourced write-up; specifics vary by retelling.)
  • CISA / national-CERT advisories on wireless and IoT exposure. 🛡️📋 Periodic advisories on rogue devices, default credentials, and wireless misconfiguration in enterprise and critical-infrastructure settings. Use them as a feed of what is being exploited now.
  • A reputable retrospective on BlueBorne (2017). 🛡️🏗️ The Bluetooth vulnerability class that broke the "unpaired is safe" assumption; grounds §8.5's "patch Bluetooth stacks" advice. (Tier 2: vendor and research write-ups vary; read a well-sourced account.)

Books (Tier 1)

  • Chapple, M., & Seidl, D., CompTIA Security+ Study Guide (relevant chapters on wireless and secure protocols). 📜 Exam-aligned coverage of WEP→WPA3, EAP methods, evil twins, and rogue APs at exactly the depth Security+ tests. The best companion for certification candidates on this chapter.
  • Harris, S., & Maymí, F., CISSP All-in-One Exam Guide (Communication & Network Security domain). 📜📋 Broader, management-oriented treatment of wireless security within the network domain; pair with this chapter for CISSP preparation.
  • Stewart, J. M., Network Security, Firewalls, and VPNs (or an equivalent network-security text). 🏗️ Situates wireless within the larger network-defense picture you began in Chapters 6–7; useful for engineers who want the wider context.

Tools to explore (in your own lab only)

  • A WIDS/WIPS feature on enterprise access points (vendor documentation for your own gear). 🏗️🛡️ Read how your access points implement rogue-AP and evil-twin detection and what their BSSID-allowlist and containment features actually do — the §8.4 detections, vendor-specific.
  • A wireless survey / signal-strength app (for your own networks). 🏗️ The humble tool in the case-study runbooks: walking down a rogue radio by signal strength. Practice mapping where your own signal reaches — the §8.1 lesson made physical.
  • A home lab with WPA2-Personal vs. WPA3-Personal on equipment you own. 🏗️📜 Configure both, enable and disable Protected Management Frames, and observe the difference. The best way to make SAE and PMF concrete is to deploy them.

⚖️ Authorization & Ethics reminder: Wireless tooling makes capturing and impersonating other people's networks technically easy and legally serious. Every resource here is for assessing networks you own or are explicitly authorized to test. Never capture, deauthenticate, impersonate, or relay a network, device, or credential that is not yours to handle — the short range of radio does not make eavesdropping lawful (Chapter 39 covers the legal landscape in full).