QuickStudy: Wireless Security
Computerworld - Some people think that the term wireless security is an oxymoron, but in fact, wireless security isn't very different from wired security. To protect data going out from an organization, whether over radio waves that anyone can listen in on or over phone lines or network cabling that can be wiretapped or sniffed, you need the same basic controls as with any other connection.
There are two basic steps:
A host system needs to authenticate the user or device that it's communicating with.
The data must be protected as it travels from the user device to the destination host, whether to preserve confidentiality or to ensure that the message isn't changed or destroyed en route.
This discussion centers around security for wireless Ethernet networks using IEEE standard 802.11b (also called Wi-Fi), which offers speeds of up to 11M bit/sec. There are other standards and protocols for wireless communications, but most of the same security principles will apply to them. The vast majority of wireless networks now in operation are based on the 802.11b standard.
The first security mechanism built into Wi-Fi was Wired Equivalent Privacy (WEP), which allowed the encryption of wireless traffic. However, encryption is turned off by default in wireless devices and software, and in many cases, it's never turned on. But even when WEP is used, it isn't terribly secure.
WEP relies on a secret key to encrypt packets transmitted between a mobile station (a device with a wireless Ethernet card) and an access point (a base station connecting to a wired network). An integrity check ensures that packets aren't modified in transit. In the real world, most installations use a single key that's shared by all mobile stations and access points.
A 40-bit key is standard, but even the 128-bit version is vulnerable to attacks from crackers who can analyze traffic statistics; send messages of known content through networks from their own, unauthorized mobile stations; trick access points and reconfigure them; or build dictionaries of initialization vectors based on traffic analysis.
Last year, Ian Goldberg, a cryptologist at security and privacy software developer Zero-Knowledge Systems Inc. in Montreal, working with researchers at the University of California, Berkeley, broke WEP. Researchers at Rice University in Houston and AT&T Labs in Florham Park, N.J., later discovered an even easier method for breaking WEP.
Future Developments
Help is on the way. Task Group I (TGi) of the IEEE 802.11 Working Group has been busy trying to fill in the cracks of wireless network security. TGi is looking for a WEP replacement that can be implemented without making the current generation of wireless network equipment obsolete. Last year, TGi approved a measure to ensure a backward-compatible interim security improvement.
network cabling
Additional Resources



White Papers & Webcasts
Streamline Your Business with Innovative Tools
Download This White Paper Now!
Key Strategies for Managing Data Growth
What are you storage challenges?
Inquiry Insights: Enterprise Mobility, Q1 2009
Learn what Forrester has uncovered in their latest report on Enteprise Mobility trends.
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Comparing Research In Motion and Microsoft Mobile Solutions
This paper compares the Research In Motion BlackBerry solution with the Microsoft® mobile solution by analyzing features of the user experience and the...
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
True Convergence Demands a Communication Service Provider that Embraces a Customer-Centric Approach
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
SIP Trunking Is Key to Accelerating Unified Communications Deployments
Get this paper now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
