Charles R. Elden is an independent security consultant. He has worked as a manager and software security consultant with Cigital's Software Security Group. He has experience performing communication and software systems risk analysis and risk management.

Previously, he worked for the Central Intelligence Agency for 12 years and has worked for more than 11 years in the Directorate of Science and Technology's Office of Technical Services. He is the co-author of "Wireless Security and Privacy: Best Practices and Design Techniques."

How did you get interested in wireless security?

I have a general interest in security and leveraging technology to assist in solving problems. During my time with the Agency, I was a Technical Operations Officer, responsible for technical support to field operations including secret writing, disguise, concealment devices, miniature cameras, counter-terrorism, technical surveillance, and clandestine communications (my specialty). I was responsible for designing, building, installing, operating and training field agents and assets to use these devices, in other words I got to build and play with cool spy toys. On the communications side these systems included RF signalling, voice and data transmission via RF, IR, microwave, satellite, as well as wired and wireless networks. The security requirements of these systems were stringent and unyielding; we had the anonymity of the sender, receiver, commercial communication technologies and systems. Becoming involved with commercial security issues (wireless being a part) was an easy transition from my government duties.


What are your favourite tools for dealing with security when it comes to wireless networks and why?

Tools are just that, and listing tools will likely lead people to believe that by implementing the tool they will be able to achieve security. The mind is the best tool, you have to thoroughly understand what you are trying to accomplish with the use of a wireless network, what you are trying to protect, and where might an attacker try to gain access. The results of this analysis will lead you to the tools you will need to verify that the system is working, as you believe it is, or know it should be. It all comes down to how much risk you are willing to accept and what the consequences are if the threat is realized.

The only tools unique to wireless systems over a wired system are; a wireless device, one of the available spectrum analysis program(s) and wireless diagnostic utilities, which allows you to determine the range of the wireless access, other RF activity, what access points are visible and how they are configured.