Skip the navigation

QuickStudy: Wireless Security

By Russell Kay
June 24, 2002 12:00 PM ET

Computerworld - Some people think that the term wireless security is an oxymoron, but in fact, wireless security isn't very different from wired security. To protect data going out from an organization, whether over radio waves that anyone can listen in on or over phone lines or network cabling that can be wiretapped or sniffed, you need the same basic controls as with any other connection.

There are two basic steps:

• A host system needs to authenticate the user or device that it's communicating with.

• The data must be protected as it travels from the user device to the destination host, whether to preserve confidentiality or to ensure that the message isn't changed or destroyed en route.

This discussion centers around security for wireless Ethernet networks using IEEE standard 802.11b (also called Wi-Fi), which offers speeds of up to 11M bit/sec. There are other standards and protocols for wireless communications, but most of the same security principles will apply to them. The vast majority of wireless networks now in operation are based on the 802.11b standard.

The first security mechanism built into Wi-Fi was Wired Equivalent Privacy (WEP), which allowed the encryption of wireless traffic. However, encryption is turned off by default in wireless devices and software, and in many cases, it's never turned on. But even when WEP is used, it isn't terribly secure.

WEP relies on a secret key to encrypt packets transmitted between a mobile station (a device with a wireless Ethernet card) and an access point (a base station connecting to a wired network). An integrity check ensures that packets aren't modified in transit. In the real world, most installations use a single key that's shared by all mobile stations and access points.

A 40-bit key is standard, but even the 128-bit version is vulnerable to attacks from crackers who can analyze traffic statistics; send messages of known content through networks from their own, unauthorized mobile stations; trick access points and reconfigure them; or build dictionaries of initialization vectors based on traffic analysis.

Last year, Ian Goldberg, a cryptologist at security and privacy software developer Zero-Knowledge Systems Inc. in Montreal, working with researchers at the University of California, Berkeley, broke WEP. Researchers at Rice University in Houston and AT&T Labs in Florham Park, N.J., later discovered an even easier method for breaking WEP.

Future Developments

Help is on the way. Task Group I (TGi) of the IEEE 802.11 Working Group has been busy trying to fill in the cracks of wireless network security. TGi is looking for a WEP replacement that can be implemented without making the current generation of wireless network equipment obsolete. Last year, TGi approved a measure to ensure a backward-compatible interim security improvement.



Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Mobile and Wireless White Papers
Digital Transformation: Creating New Business Models Where Digital Meets Physical
Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil...
Empowering Your Mobile Worker
Today's most productive employees are mobile, and your company's IT strategy must be ready to support them with 24/7 access to the business...
An Interactive Guide: Bring Your Own Device
BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets....
Calculating ROI for Mobile Client Acceleration
As mobile devices continue to expand in business use, ensuring these devices have optimal performance is becoming an IT imperative. This EMA paper...
Tablet Computing Without Compromise
This paper provides an overview of how and why that migration-from any old tablet to Windows tablets-came to be.
All Mobile and Wireless White Papers
Mobile and Wireless Webcasts
Live Webcast
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Supporting Mobile Productivity With A Limited IT Budget
Join us and hear from Kaseya mobile IT management experts as we discuss core strategies for supporting the mobile revolution on a shoestring...
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Unified Communications 101
What's the best way to implement a unified communications solution for your organization?
QNX® and BlackBerry® PlayBook™ Tablet.
RIM's multi-processor, multi-tasking BlackBerry PlayBook runs a new Tablet OS powered by QNX, a bullet-proof microkernel operating system. This track will take a...
A Close Look at Tablets
Learn More
All Mobile and Wireless Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs