Basics

Wireless Security: The Basics

Encryption and authentication are the fundamentals of wireless security - here's your guide.

By Galen Gruman

May 04, 2008

The first widely available wireless LAN technology, 802.11b, has been available since 1999, yet it's surprising how many companies still don't take appropriate security measures for their wireless connections, both on LANs and Wide Area Networks, those inside their walls and those used elsewhere. Today, businesses are seeing a real uptake in mobile devices that adds a whole new set of security concerns. "A lot of organizations still have not done the basics," says Allan Carey, a senor research vice president at the  Institute for Applied Network Security, an organization for practicing information security professionals.

Yet the basics are not difficult to accomplish, says Eric Maiwald, senior analyst at Burton Group, a research and advisory firm. There are proven, widely deployed security standards for the two main forms of protection in wireless networks, which are authentication and encryption.

Although the first generation of mobile devices often paid scant attention to security issues — Research in Motion.'s BlackBerry being the notable exception — the new crop of Web-friendly devices such as the Apple, iPhone, Palm, Inc.'s Treo and devices based on Microsoft 's Windows Mobile 6 are increasingly designed with enterprise-class security in mind. Case in point: The first Apple iPhone lacked basic security standards such as VPN, strong passwords, security manageability, encryption and remote-kill capabilities. But as business adoption has grown, Apple has added VPN support and has promised to plug other security gaps,  with the possible exception of strong passwords,  in June 2008 with a software update.

Each generation of Windows Mobile and Palm Treo devices  have likewise improved security features. For example, the forthcoming Version 6.1 Windows Mobile software will let administrators encrypt data stored on memory cards in Windows Mobile devices, as well as control which applications may be installed. Last year, Palm introduced an option based on military requests that uses Bluetooth card readers to swipe second-factor authentication cards, in addition to requiring a password to be entered on the Treos, before the handhelds can be used.

Some organizations in highly security-aware industries have gone beyond wireless security basics, Carey notes. Chief among these are health care organizations, which are bound by HIPAA's stringent data privacy requirements, and universities, which have a large, mobile workforce and a student base working in multiple locations. These organizations were havens for hackers in the early days of wireless networking and so have learned their lessons the hard way, Carey says.

The issue, then, is not technology availability but how businesses prioritize and think of security for their wireless networks and mobile devices. There are still plenty of companies that have not yet formulated a security strategy for wireless networks and mobile devices.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
IT productivity challenges: Google survey results

GoogleIn this webcast, Google reveals results from a survey of message security and compliance priorities and concerns. Download a free copy of the survey report after registering.

» Watch the Webcast

Featured Sponsors
Sponsored Links

Secure your virtual and physical environments with the same software.

ITCi White Paper: Challenges and Opportunities of PCI

The PCI Data Security Standard

Hardware-based security. That's IT as it should be.

Eliminate network threats and downtime with Juniper Networks. View demo

Configuration Audit and Control for Virtualized Environments

Webcast: learn results from an annual Google message security survey of 575 global IT professionals

This whitepaper describes how you can test your Web applications with virtualization

Read The Evolution of Application Security in Online Banking White Paper

White Paper: Learn how to use Adaptec(R) Snap Server(TM) with MOBOTIX IP Network Cameras

Compliance: Moving From Mandate to Differentiator White Paper

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Visit the RSA resource center and learn more about the Payment Card Industry (PCI).

A Guide to Providing Proactive Protection to Consumer Online Transactions

Webcast: Best practices in application security: How do you stack up?

White Paper: Use DAM technology when there is a need for granular monitoring.

This white paper presents document security strategies and best practices

IT Service Management: Metrics That Matter

White Paper: Learn more about how you can use compliance as a means of competitive differentiation.