Many new technological solutions being embraced by the mobile workforce include the use of mobile data-connected equipment such as cell phones, text pagers , and personal digital assistants (PDAs). Mobile equipment may use many different communications standards, including long-range mobile communications using the Wireless Application Protocol (WAP) or i-Mode standards, as well as wireless local area network (WLAN) communications using the 802.11 wireless fidelity (Wi-Fi) or Bluetooth standards. Wireless Transport Layer Security (WTLS)Wireless Transport Layer Security (WTLS) is the security level for the Wireless Application Protocol (WAP). Its objective is to provide reliability and privacy for wireless applications. The basis for WTLS is Transport Layer Security (TLS). WTLS was developed because most wireless devices have limited memory and processing power as well as operate in limited-bandwidth environments. In a wireless environment, the client communicates directly with a gateway. The gateway translates the request to communicate with a server. WTLS encrypts the communication between the client and the gateway. The gateway then decrypts the message and reencrypts it using SSL. WTLS presents several security issues. It allows for weak algorithms, and there is a possibility that the gateway could be compromised if it is not properly protected. For more information on security and WTLS, see www.hut.fi/~jtlaine2/wtls/#chap4.3.
Wireless Local Area Networks (WLANs) Using 802.11 x or Bluetooth StandardsNew technologies using radio frequency transmissions are beginning to replace wired office networks and provide network support for mobile Bluetooth- or 802.11 x -enabled devices. Popular coffee house chains, college campuses, apartment complexes, and home users are taking advantage of the rapid proliferation of 802.11b technology using the 2.4GHz unregulated range of frequencies made popular by many vendors producing Wi-Fi network equipment. The 802.11 specifications extend the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) method of connectivity specified within the Ethernet protocol to provide wireless network access. There are currently four 802.11 x specifications:
The Bluetooth wireless specification operates under the 802.11b specification at 1MHz in the 2.4GHz band. It uses frequency- hopping techniques to keep noise out of communications. Its distance is currently limited to about 10 meters . Each Bluetooth network can support eight devices, and many networks can operate in the same area. Its premise is communications in personal space or personal area networks (PANs) . WAP and i-ModeWireless technologies such as mobile data cell phones can present Web content in textual format using either the Compact Wireless Application Protocol (CWAP) over Japan's i-Mode standard or the Wireless Markup Language (WML) supported by the WAP standard. Both standards also provide the capability to access email, instant messaging, newsgroups, and other types of data.
The WAP standard includes several other standard specifications:
Wired Equivalent Privacy (WEP)Specifications for the Wired Equivalent Privacy (WEP) standard are detailed in the 802.11b (Wi-Fi) specification. This specification details a method of data encryption and authentication that may be used to establish a more secured wireless connection.
Site SurveysA site survey is necessary before implementing any WLAN solution to optimize network layout within each unique location. This is particularly important in distributed wireless network configurations spanning multiple buildings or open natural areas, where imposing structures and tree growth may affect network access in key areas. A site survey should include a review of the desired physical and logical structure of the network, selection of possible technologies, and several other factors, including the following:
All wireless networks share several common security vulnerabilities related to their use of radio frequency broadcasts, which may potentially be detected and compromised without the knowledge of the network administrator. Data transported over this medium is available to anyone with the proper equipment; therefore, it must be secured through encryption and encapsulation mechanisms not subject to public compromise. Wireless solutions are susceptible to interception and sniffing because installing a wireless device is relatively easy to do, and many wireless devices are set up without any encryption. In addition, wireless communication takes place over airwaves; therefore, it is possible for hackers to access the network without any physical access. This is known as war-driving . A hacker can sit in the parking lot and access the network via unsecured wireless devices, especially because most networks use DHCP. The devices the hacker uses can easily obtain a network address because wireless access points advertise their presence and service set identifier (SSID). You can use encryption on a wireless network, but the encryption (RC4) is weak. The RC4 keyspace is small; therefore, a hacker can use a sniffer to collect all the keys in a relatively short time. After the keys are collected, the encrypted text can be broken. Because so many networks are unprotected , if a hacker finds a network using encryption, he may move on, but if there is information on the network he wants to access, he may spend the additional time to hack the network. To protect your wireless network, be sure that WEP is enabled, change the default SSIDs of access points, disable the SSID broadcast, and, if possible, use static addresses instead of DHCP. You may also want to put wireless access points in a DMZ and use a VPN for the wireless users or place them on a separate subnet. You should also use a program from outside of your building to check for rogue access points. Airsnort is a Linux program that can take advantage of the weakness in the key-scheduling algorithm of RC4. It can determine a WEP key in seconds. NetStumbler is shareware program that logs an exceptional amount of data and also allows you to discover key details. |