Basics

Wireless Security: The Basics

Encryption and authentication are the fundamentals of wireless security - here's your guide.

By Galen Gruman

May 04, 2008 —

The first widely available wireless LAN technology, 802.11b, has been available since 1999, yet it's surprising how many companies still don't take appropriate wireless security measures, both on LANs and Wide Area Networks, those inside their walls and those used elsewhere. Today, businesses are seeing a real uptake in mobile devices that adds a whole new set of security concerns. "A lot of organizations still have not done the basics," says Allan Carey, a senor research vice president at the Institute for Applied Network Security, an organization for practicing information security professionals.

Yet the basics of wireless security are not difficult to accomplish, says Eric Maiwald, senior analyst at Burton Group, a research and advisory firm. There are proven, widely deployed security standards for the two main forms of protection in wireless networks, which are authentication and encryption.

Although the first generation of mobile devices often paid scant attention to security issues — Research in Motion's BlackBerry being the notable exception — the new crop of Web-friendly devices such as the Apple, iPhone, Palm, Inc.'s Treo and devices based on Microsoft 's Windows Mobile 6 are increasingly designed with enterprise-class wireless security in mind. Case in point: The first Apple iPhone lacked basic security standards such as VPN, strong passwords, security manageability, encryption and remote-kill capabilities. But as business adoption has grown, Apple has added VPN support and has promised to plug other security gaps,  with the possible exception of strong passwords,  in June 2008 with a software update.

Each generation of Windows Mobile and Palm Treo devices have likewise improved security features. For example, the forthcoming Version 6.1 Windows Mobile software will let administrators encrypt data stored on memory cards in Windows Mobile devices, as well as control which applications may be installed. Last year, Palm introduced an option based on military requests that uses Bluetooth card readers to swipe second-factor authentication cards, in addition to requiring a password to be entered on the Treos, before the handhelds can be used.

Some organizations in highly security-aware industries have gone beyond wireless security basics, Carey notes. Chief among these are health care organizations, which are bound by HIPAA's stringent data privacy requirements, and universities, which have a large, mobile workforce and a student base working in multiple locations. These organizations were havens for hackers in the early days of wireless networking and so have learned their lessons the hard way, Carey says.

The issue, then, is not technology availability but how businesses prioritize and think of security for their wireless networks and mobile devices. There are still plenty of companies that have not yet formulated a security strategy for wireless networks and mobile devices.

• Email
• Print
• Comments
• Digg This
• SlashDot

• Network Security: The Basics
• The Deperimeter Problem
• A Field Guide to Spotting Bad Cryptography
• Risk Assessment: Are You Overlooking Wireless Networks?