Home > Store

Real 802.11 Security: Wi-Fi Protected Access and 802.11i

View Larger Image

Real 802.11 Security: Wi-Fi Protected Access and 802.11i
Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Real 802.11 Security: Wi-Fi Protected Access and 802.11i

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2004
  • Dimensions: 7" x 9-1/4"
  • Pages: 480
  • Edition: 1st
  • Book
  • ISBN-10: 0-321-13620-9
  • ISBN-13: 978-0-321-13620-6

"Real 802.11 Security provides clear descriptions of current and emerging security techniques. The authors handle complex topics nicely, and offer significant clarification of IEEE draft standards."
--Russ Housley, IETF Security Area Director and founder of Vigil Security, LLC

"This is certainly the definitive text on the internals of 802.11 security!"
--John Viega, founder and chief scientist, Secure Software, Inc.

"This book keeps the exposition as straightforward as possible and enables you to cut through the maze of acronyms, hacking tools, rumored weaknesses, and vague vendor security claims to make educated security decisions when purchasing or deploying WLAN."
--Simon Blake-Wilson, Director of Information Security, BCI

Business professionals and advanced home users are captivated by the convenience of working on wireless networks. But how can privacy and security be maintained effectively? Real 802.11 Security describes an entirely new approach to wireless LAN security based on the latest developments in Wi-Fi technology. This is the book that will show you how to establish real security within your Wi-Fi LAN.

Recent developments in Wi-Fi security achieve what no amount of reconfiguration can do: They solve the problem at the source. Wi-Fi Protected Access (WPA) repairs weaknesses in existing Wi-Fi systems and is designed to allow software upgrades. The upcoming 802.11i standard will offer a much higher level of security than previously offered and will provide flexible, extremely secure solutions for future products.

Real 802.11 Security addresses the theory, implementations, and reality of Wi-Fi security. It provides an overview of security issues, explains how security works in Wi-Fi networks, and explores various security and authentication protocols. The book concludes with an in-depth discussion of real-world security issues and attack tools.

Written by two experts in wireless security, Jon Edney and William Arbaugh, this book shows you how to stay informed and aware when making security decisions, and what steps you can take to implement the most effective, proactive wireless security now and in the future.



0321136209B06242003

Sample Content

Downloadable Sample Chapter

Download the Sample Chapter related to this title.

Table of Contents



Preface.


Acknowledgments.

I. WHAT EVERYONE SHOULD KNOW.

1. Introduction.

Setting the Scene.

Roadmap to the Book.

Notes on the Book.

2. Security Principles.

What Is Security?

Good Security Thinking.

1. Don't Talk to Anyone You Don't Know.

2. Accept Nothing Without a Guarantee.

3. Treat Everyone as an Enemy until Proved Otherwise.

4. Don't Trust Your Friends for Long.

5. Use Well-Tried Solutions.

6. Watch the Ground You Are Standing on for Cracks.

Security Terms.

Summary.

3. Why Is Wi-Fi Vulnerable to Attack?

Changing the Security Model.

What Are the Enemies Like?

Gaming Attackers.

Profit or Revenge Attackers.

Ego Attackers.

Traditional Security Architecture.

Option 1: Put Wireless LAN in the Untrusted Zone.

Option 2: Make Wi-Fi LAN Trusted.

Danger of Passive Monitoring.

Summary.

4. Different Types of Attack.

Classification of Attacks.

Attacks Without Keys.

Snooping.

Man-in-the-Middle Attack (Modification).

Attacks on the Keys.

One-Time Passwords.

Burying the Keys.

Wireless Attacks.

Attacking the Keys Through Brute Force.

Dictionary Attacks.

Algorithmic Attacks.

Summary.

II. THE DESIGN OF WI-FI SECURITY.

5. IEEE 802.11 Protocol Primer.

Layers.

Wireless LAN Organization.

Basics of Operation in Infrastructure Mode.

Beacons.

Probing.

Connecting to an AP.

Roaming.

Sending Data.

Protocol Details.

General Frame Formats.

AC header.

Management Frames.

Radio Bits.

Summary.

6. How IEEE 802.11 WEP Works and Why It Doesn't.

Introduction.

Authentication.

Privacy.

Use of RC4 Algorithm.

Initialization Vector (IV).

WEP Keys.

Mechanics of WEP.

Fragmentation.

Integrity Check Value (ICV).

Preparing the Frame for Transmission.

RC4 Encryption Algorithm.

Why WEP Is Not Secure.

Authentication.

Access Control.

Replay Prevention.

Message Modification Detection.

Message Privacy.

RC4 Weak Keys.

Direct Key Attacks.

Summary.

7. WPA, RSN, and IEEE 802.11i.

Relationship Between Wi-Fi and IEEE 802.11.

What Is IEEE 802.11i?

What Is WPA?

Differences Between RSN and WPA.

Security Context.

Keys.

Security Layers.

How the Layers Are Implemented.

Relationship of the Standards.

List of Standards.

Pictorial Map.

Summary.

8. Access Control: IEEE 802.1X, EAP, and RADIUS.

Importance of Access Control.

Authentication for Dial-in Users.

IEEE 802.1X.

IEEE 802.1X in a Simple Switched Hub Environment.

IEEE 802.1X in Wi-Fi LANs.

EAP Principles.

EAP Message Formats.

EAPOL.

EAPOL-Start. BHEADS = EAPOL-Key.

EAPOL-Packet.

EAPOL-Logoff.

Messages Used in IEEE 802.1X.

Authentication Sequence.

Implementation Considerations.

RADIUS--Remote Access Dial-In User Service.

RADIUS Mechanics.

EAP over RADIUS.

Use of RADIUS in WPA and RSN.

Summary.

9. Upper-Layer Authentication.

Introduction.

Who Decides Which Authentication Method to Use?

Use of Keys in Upper-Layer Authentication.

Symmetric Keys.

Asymmetric Keys.

Certificates and Certification Authorities.

A Detailed Look at Upper-Level Authentication Methods.

Transport Layer Security (TLS).

Functions of TLS.

Handshake Exchange.

Relationship of TLS Handshake and WPA/RSN.

TLS over EAP.

Summary of TLS.

Kerberos V5V5.

Using Tickets.

Kerberos Tickets.

Obtaining the Ticket-Granting Ticket.

Service Tickets.

Cross-Domain Access.

How Tickets Work.

Use of Kerberos in RSN.

Cisco Light EAP (LEAP).

Protected EAP Protocol (PEAP).

Phase 1.

Phase 2.

Status of PEAP.

Authentication in the Cellular Phone World: EAP-SIM.

Overview of Authentication in a GSM Network.

Linking GSM Security to Wi-Fi LAN Security.

EAP-SIM.

Status of GSM-SIM Authentication.

Summary.

10. WPA and RSN Key Hierarchy.

Pairwise and Group Keys.

Pairwise Key Hierarchy.

Creating and Delivering the PMK.

Computing the Temporal Keys.

Exchanging and Verifying Key Information.

Completing the Handshake.

Group Key Hierarchy.

Summary of the Key Establishment Process.

Key Hierarchy Using AES-CCMP.

Mixed Environments.

Summary of Key Hierarchies.

Details of Key Derivation for WPA.

Four-Way Handshake.

Group Key Handshake.

Nonce Selection.

Computing the Temporal Keys.

Summary.

11. TKIP.

What Is TKIP and Why Was It Created?

TKIP Overview.

Message Integrity.

IV Selection and Use.

Per-Packet Key Mixing.

TKIP Implementation Details.

Message Integrity--Michael.

Countermeasures.

Computation of the MIC.

Per-Packet Key Mixing.

Substitution Table or S-Box.

Phase 1 Computation.

Phase 2 Computation.

Summary.

12. AES-CCMP.

Introduction.

Why AES?

AES Overview.

Modes of Operation.

Offset Codebook Mode (OCB).

How CCMP Is Used in RSN.

Steps in Encrypting a Transmission.

CCMP Header.

Overview of Implementation.

Steps in Encrypting an MPDU.

Decrypting MPDUs.

Summary.

13. Wi-Fi LAN Coordination: ESS and IBSS.

Network Coordination.

ESS Versus IBSS.

Joining an ESS Network.

WPA/RSN Information Element.

Validating the Information Elements.

Preauthentication Using IEEE 802.1X.

IBSS Ad-Hoc Networks.

Summary.

III. WI-FI SECURITY IN THE REAL WORLD.

14. Public Wireless Hotspots.

Development of Hotspots.

Public Wireless Access Defined.

Barriers to Growth.

Security Issues in Public Hotspots.

How Hotspots Are Organized.

Subscribers.

Access Points.

Hotspot Controllers.

Authentication Server.

Different Types of Hotspots.

Airports.

Hotels.

Coffee Shops.

Homes.

How to Protect Yourself When Using a Hotspot.

Personal Firewall Software.

Virtual Private Network (VPN).

Summary.

15. Known Attacks: Technical Review.

Review of Basic Security Mechanisms.

Confidentiality.

Integrity.

Review of Previous IEEE 802.11 Security Mechanisms.

Confidentiality.

RC4 and WEP.

Integrity and Authentication.

Attacks Against the Previous IEEE 802.11 Security Mechanisms.

Confidentiality.

Access Control.

Authentication.

Man-in-the-Middle Attacks.

Management Frames.

ARP Spoofing.

Problems Created by Man-in-the-Middle Attacks.

802.1x and EAP.

PEAP.

Denial-of-Service Attacks.

Layer 2 Denial-of-Service Attacks Against All Wi-Fi-Based Standards.

WPA Cryptographic Denial-of-Service Attack.

Summary.

16. Actual Attack Tools.

Attacker Goals.

Process.

Reconnaissance.

Example Scenarios.

Planning.

Collection.

Analysis.

Execution.

Other Tools of Interest.

Airsnort.

Airjack.

Summary.

17. Open Source Implementation Example.

General Architecture Design Guidelines.

Protecting a Deployed Network.

Isolate and Canalize.

Upgrade Equipment's Firmware to WPA.

What to Do If You Can't Do Anything.

Planning to Deploy a WPA Network.

Deploying the Infrastructure.

Add a RADIUS Server for IEEE 802.1X Support.

Use a Public Key Infrastructure for Client Certificates.

Install Client IEEE 802.1X Supplicant Software.

Practical Example Based on Open Source Projects.

Server Infrastucture.

Building an Open Source Access Point.

Making It All Work.

Summary.

Acknowledgments.

References and More Information.

APPENDIXES.

Appendix A. Overview of the AES Block Cipher.

Finite Field Arithmetic.

Addition.

Subtraction.

Multiplication.

Division.

Galois Field GF().

Conclusion.

Steps in the AES Encryption Process.

Round Keys.

Computing the Rounds.

Decryption.

Summary of AES.

Appendix B. Example Message Modification.
Appendix C. Verifying the Integrity of Downloaded Files.

Checking the MD5 Digest.

Checking the GPG Signature.

Acronyms.
References.
Index.

Preface

Why This Book Now?

Reality Check

Ask anyone with a computer whether they want to be protected against strangers reading their data or planting viruses. Not really worth the effort is it - everyone wants this type of protection. However, the reality is that most Wi-Fi wireless LANs operating in 2003, do so with no effective security at all. In fact, so many Wi-Fi LANs operate without security that an entire new hobby "war-driving" has sprung up in which folks drive around detecting and connecting to unsuspecting networks for fun. There are Web sites that publish the location and details of unprotected networks that are found - there are bound to be some near you! This problem is the result of people being unaware of the danger - but you are different, right?

The fact that you are reading this preface means that you are aware of the need to take active steps to implement security. Already, you may have implemented some security approach, perhaps as recommended by the supplier of the equipment you installed. Would that this were enough. The horrible truth is that the security systems shipped with Wi-Fi systems over the period from 1999 through 2002 are completely inadequate - some would say completely broken. The reality is that any computer literate person can now download from the Internet tools that will attack and break into the first generation Wi-Fi systems.

This book will show you how to tip the balance back in your favor - how to establish real security within your Wi-Fi LAN. It is not just about configuring your computer correctly or choosing good passwords (although these things are important). There are many books which just focus on "parameter setting." What we describe in this book is a whole new approach to wireless LAN security enabled by the recent development of new core technology for Wi-Fi. The new developments achieve what no amount of re-configuration can do - they solve the problem at the source. In this book we show how the new approaches work and how they should be applied to maximum effect. Whether you are a system administrator or an advanced home user this book will open your eyes to current weaknesses and practical, implementable solutions.

To Wi-Fi or Not to Wi-Fi

For many years Wi-Fi or IEEE802.11 wireless LANs were considered an interesting technology but not mainstream. This has all changed. It is no longer confined to technology addicts or experimenters in IT departments; it provides practical benefits, to ordinary people and everyday companies. There are really two categories of user: business and home. Corporations set up Wi-Fi LANs to allow rapid network deployment, to reduce the cost of installing wiring and to give workers more flexibility in where and when they work. Home users also want to avoid installing wiring and might like the ability to use a laptop on the couch or in a comfy chair outside.

System administrators have a big problem when it comes to Wi-Fi LANs. On the one hand they recognize the benefits of wireless both for their own configuration management and to users. On the other hand they must not deploy anything that will be a serious security threat. We say "serious" because there is always some security risk in any technology deployment. The only truly secure network is "no network." So system administrators have to choose between "banning" Wi-Fi networks or figuring out how to obtain the needed level of security. Experienced system administrators recognize that any new system component brings both benefits and risks. The problem with Wi-Fi up to now has been how to evaluate the risk.

The Cavalry is Here

In 2001 those few who deployed security often relied on the original Wi-Fi security method, called "WEP." Regrettably, and quite suddenly, it was discovered that WEP had major security flaws and, while arguably better than nothing, customers were left without effective protection. The result, in 2002, was an unparalleled effort on the part of the industry to devise a replacement for WEP, something that would be impregnable, but which could be used to upgrade the existing installed systems. In 2003 we see the results of this effort being deployed.

The new solutions for Wi-Fi security are being delivered in two installments. The first installment is called "Wi-Fi Protected Access" (WPA), announced by the Wi-Fi Alliance at the end of 2002. WPA has been specifically designed to allow software upgrade of most existing Wi-Fi systems. It repairs all the security weaknesses found in older Wi-Fi systems and has been developed to provide system administrators with a solution to the security dilemma.

In time WPA will be incorporated into a new version of the IEEE802.11 standard (IEEE802.11i) which is incomplete at the time of writing. This will provide a flexible and extremely secure solution for all future products. WPA offers levels of security much higher than previously available. The failure of WEP was a sharp wake-up call for the industry and the prevailing mood during 2002 was "we will never let this happen again". As a result, the best experts have participated in creating the new solution and the results have been reviewed worldwide prior to completion.

Naturally, change brings questions:
"Should I implement WPA now rather than wait for IEEE802.11i?"
"What do I do with my existing WEP equipment - can I upgrade it?"
"Is it now safe to put Wi-Fi inside the firewall?"

These are the types of questions that this book will answer. We could answer them right here: "Yes," "Yes," "Yes," but our goal in writing is to ensure that you understand enough about the mechanics to answer these types of questions for yourself.

In this book we look at security issues, protocols and application. An overview is provided for all the important protocols from IEEE802.11 and IEEE802.1X through to authentication protocols such as RADIUS and EAP. We cover the security protocols of WPA and IEEE802.11i in detail. We also look at the real world tools that have been used to attack Wi-Fi systems and you will learn why these will no longer be a threat.

Audience

This book is written principally for system administrators but will also be useful to technically oriented home users and design engineers. It focuses on why the new Wi-Fi security methods are secure and how they work. This book arms you with an understanding of Wi-Fi security so that you will know what you are doing - and why. It does not flood you with pages of installation and configuration instructions for specific vendor equipment, as that information changes and becomes obsolete frequently. You should use this book alongside vendor documentation to create customized security solutions.

System administrators have been badly burned in the past by assurances that Wi-Fi LANs had effective built in security; assurances which did not hold true over time. We feel that administrators will not want to take at face value statements like "the new WPA and IEEE802.11i methods are completely secure". They should be able to see for themselves how the security methods are implemented and understand for themselves why the types of weakness that existed previously have been overcome. Only when this trust is re-established can administrators continue deployment in comfort. This book attempts to provide all the information needed for this understanding.

If you are a design engineer in any networking field, wireless or otherwise, you will find this book relevant. The security technologies incorporated into WPA and IEEE802.11i are the state of the art for data networking and it is much easier to learn and understand technology when it is described in the context of a real system. It seems likely that some of the techniques incorporated into the wireless LAN area will also be applied to wired LANs in future.

If you are just generally interested in the area you will find lots of material describing the approach to security that is needed to provide a robust defense. You may choose to skip some of the chapters which describe the protocol and you will probably be surprised to see the real examples of hacking tools presented in the later chapters.

We assume that readers have a reasonable understanding of how computer networks operate. You don't need to be an expert - especially to understand the first part of the book - but we presume you know what a Wi-Fi access point does and how it is connected to the rest of the network. We don't explain terms like Ethernet or TCP/IP in detail. There is a primer on IEEE802.11 for those who are not familiar with the protocol used to communicate over the air.

Organization

This book is organized into three sections. Roughly speaking these sections describe:

  • Things you should know about security in general
  • How security works in Wi-Fi networks - both the old and new methods
  • Real world issues and examples of attack tools that have been (and continue to be) used

In the first section, "Wireless LAN Security Principals," we look at the issues that everybody should know about security. Some of these issues are common sense but many are things that you may not have thought about. If you are already security expert, and just looking to find out how security works for Wi-Fi, you might skim this section as many of the principals will be familiar.

The second section, "How Wi-Fi Security Works," starts with a primer on IEEE802.11 which runs through the basics of Wi-Fi systems communication. It describes the types of messages that are exchanged - usually hidden from the end user - and explains how a portable device like a laptop can find, select and connect to an access point. The primer contains a moderate but hopefully not oppressive, amount of detail. An understanding of the messages being sent between the Wi-Fi components is important to appreciate the security risks.

After the primer, the book delves into the various security protocols for Wi-Fi. It describes the original Wi-Fi security approach "WEP" and explains why this method is no longer considered secure. It then covers the new approaches of Wi-Fi Protected Access (WPA) and IEEE802.11i Robust Security Networks. Both the new methods share a common approach and are scalable from small networks of a few devices up to international corporations. The solution involves many pieces assembled in layers. This makes the approach appear complicated but taken one layer at a time each part can be separately understood. Section two is divided into chapters, each dedicated to one piece of the solution. Section 2 ends with a technical review of the known attacks against existing wireless LANs and how these have been effective in the past. Reviewing these attacks after understanding the new security methods enables us to appreciate why the new methods are able withstand all known attacks to date.

The third section "Security in the Real World," comes back to practical issues. We start off with a review of security in "Hot spots" or public access networks. Such network access is becoming increasing popular in Internet cafes and airports; hot spots bring their own special security risks. We review the actual tools available on the Web which anyone can download for attacking wireless LANs. Our philosophy here is that it is only by sitting in the cockpit of enemy's plane that you can understand the threat it poses. Finally we look at an open source project that has been established to set up and test the security approaches that you will need to deploy.

We have not focused on specific vendor products. In the end each vendors will package the new security approaches in their own way. They will hide the complexity behind graphical user interfaces and try to simplify the installation and maintenance as much as possible. All this can make life easy for you if you are deploying the equipment. However, while the work required to install systems can be boiled down, we believe that the understanding of what is going on should be sharpened up. Why? ....because at the end of the day you're the one that gets hurt by attacks - not the vendor.

There is no "neighborhood watch" scheme for network security. The administrator or owner of the equipment must be aware of the risks and proactive in response. Of course most people can't afford, and don't want, to spend all their time working on security issues. We all welcome any short cuts that the vendors can provide us in simplifying or setting up the systems. However, remember that sales people are optimists but security people must be pessimists.

Our advice to you is simple: "be informed." Take advantage of vendor tools to simplify installation and management but understand what they are doing. Know enough to decide what is best for you where you have choice and to tweak under the hood when you think necessary. Make better purchasing decisions and sleep well at night. Be informed.

That is the purpose of this book.



0321136209P03272003

Index

Download the Index file related to this title.

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020


Other Things You Might Like

CompTIA Security+ SY0-701 Cert Guide

CompTIA Security+ SY0-701 Cert Guide

CompTIA Security+ SY0-701 Cert Guide Premium Edition and Practice Test

CompTIA Security+ SY0-701 Cert Guide Premium Edition and Practice Test

In Zero Trust We Trust

In Zero Trust We Trust