Basics

Wireless Security: The Basics

Encryption and authentication are the fundamentals of wireless security - here's your guide.

By Galen Gruman

May 04, 2008

The first widely available wireless LAN technology, 802.11b, has been available since 1999, yet it's surprising how many companies still don't take appropriate wireless security measures, both on LANs and Wide Area Networks, those inside their walls and those used elsewhere. Today, businesses are seeing a real uptake in mobile devices that adds a whole new set of security concerns. "A lot of organizations still have not done the basics," says Allan Carey, a senor research vice president at the Institute for Applied Network Security, an organization for practicing information security professionals.

Yet the basics of wireless security are not difficult to accomplish, says Eric Maiwald, senior analyst at Burton Group, a research and advisory firm. There are proven, widely deployed security standards for the two main forms of protection in wireless networks, which are authentication and encryption.

Although the first generation of mobile devices often paid scant attention to security issues — Research in Motion's BlackBerry being the notable exception — the new crop of Web-friendly devices such as the Apple, iPhone, Palm, Inc.'s Treo and devices based on Microsoft 's Windows Mobile 6 are increasingly designed with enterprise-class wireless security in mind. Case in point: The first Apple iPhone lacked basic security standards such as VPN, strong passwords, security manageability, encryption and remote-kill capabilities. But as business adoption has grown, Apple has added VPN support and has promised to plug other security gaps,  with the possible exception of strong passwords,  in June 2008 with a software update.

Each generation of Windows Mobile and Palm Treo devices have likewise improved security features. For example, the forthcoming Version 6.1 Windows Mobile software will let administrators encrypt data stored on memory cards in Windows Mobile devices, as well as control which applications may be installed. Last year, Palm introduced an option based on military requests that uses Bluetooth card readers to swipe second-factor authentication cards, in addition to requiring a password to be entered on the Treos, before the handhelds can be used.

Some organizations in highly security-aware industries have gone beyond wireless security basics, Carey notes. Chief among these are health care organizations, which are bound by HIPAA's stringent data privacy requirements, and universities, which have a large, mobile workforce and a student base working in multiple locations. These organizations were havens for hackers in the early days of wireless networking and so have learned their lessons the hard way, Carey says.

The issue, then, is not technology availability but how businesses prioritize and think of security for their wireless networks and mobile devices. There are still plenty of companies that have not yet formulated a security strategy for wireless networks and mobile devices.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Revolutionizing Endpoint Security with a Single Agent

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Ponemon Study: How Much Does a Data Breach "Cost"?

Envision Identity-Based Access Control for the Datacenter

IT Service Management: Metrics That Matter

Configuration Audit and Control for Virtualized Environments

The PCI Data Security Standard

Configuration Audit and Control for Virtualized Environments

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

Solving Online Credit Fraud Using Device Reputation

Take our CSO role survey and receive a copy of the results

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Data Protection: Challenges for the Traveling User

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Prepare for (ISC)2® Certification With Villanova - Online

Key strategies for C-level executives and security staff

Configuration Assessment: Choosing the Right Solution

ITCi White Paper: Challenges and Opportunities of PCI

Effective Security with a Continuous Approach to ISO 27001 Compliance

Rolling the dice with your security? Take the Self-Assessment Test now

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage