Basics

Wireless Security: The Basics

Encryption and authentication are the fundamentals of wireless security - here's your guide.

By Galen Gruman

May 04, 2008

The first widely available wireless LAN technology, 802.11b, has been available since 1999, yet it's surprising how many companies still don't take appropriate wireless security measures, both on LANs and Wide Area Networks, those inside their walls and those used elsewhere. Today, businesses are seeing a real uptake in mobile devices that adds a whole new set of security concerns. "A lot of organizations still have not done the basics," says Allan Carey, a senor research vice president at the Institute for Applied Network Security, an organization for practicing information security professionals.

Yet the basics of wireless security are not difficult to accomplish, says Eric Maiwald, senior analyst at Burton Group, a research and advisory firm. There are proven, widely deployed security standards for the two main forms of protection in wireless networks, which are authentication and encryption.

Although the first generation of mobile devices often paid scant attention to security issues — Research in Motion's BlackBerry being the notable exception — the new crop of Web-friendly devices such as the Apple, iPhone, Palm, Inc.'s Treo and devices based on Microsoft 's Windows Mobile 6 are increasingly designed with enterprise-class wireless security in mind. Case in point: The first Apple iPhone lacked basic security standards such as VPN, strong passwords, security manageability, encryption and remote-kill capabilities. But as business adoption has grown, Apple has added VPN support and has promised to plug other security gaps,  with the possible exception of strong passwords,  in June 2008 with a software update.

Each generation of Windows Mobile and Palm Treo devices have likewise improved security features. For example, the forthcoming Version 6.1 Windows Mobile software will let administrators encrypt data stored on memory cards in Windows Mobile devices, as well as control which applications may be installed. Last year, Palm introduced an option based on military requests that uses Bluetooth card readers to swipe second-factor authentication cards, in addition to requiring a password to be entered on the Treos, before the handhelds can be used.

Some organizations in highly security-aware industries have gone beyond wireless security basics, Carey notes. Chief among these are health care organizations, which are bound by HIPAA's stringent data privacy requirements, and universities, which have a large, mobile workforce and a student base working in multiple locations. These organizations were havens for hackers in the early days of wireless networking and so have learned their lessons the hard way, Carey says.

The issue, then, is not technology availability but how businesses prioritize and think of security for their wireless networks and mobile devices. There are still plenty of companies that have not yet formulated a security strategy for wireless networks and mobile devices.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era