Security Risks In The Wireless Computing Environment
by Jerry Malcolm - for HNS - Wednesday, 22 December 2004.
The wireless network as a computing paradigm has brought unprecedented access, flexibility and usability to the I.T. environment in a relatively short time. When one considers that the “conventional” computing environment of an enclosed mainframe system accessed exclusively by hard wired terminals, evolved over a period of 30+ years. Such slow growth of an I.T. system allowed for a maturing of the implementation plan and the time to develop adequate security measures.

By contrast, the wireless network paradigm has exploded just within the last five years. From an infancy in which wireless I.T. access was the stuff of theory, experimentation and science fiction we have come to a point that wireless network access is common to the general public on the same level of widespread use as the television or the automobile. While such success is amazing and a testimony to the ingenuity of its developers, it also brings with it unprecedented security risks. Because of the rapid nature of industry growth, such core necessities as protocol standardization and development and administration of security agreements has had to occur at a rapid pace. As we near the end of 2004, we must review where the industry is in the development of wireless security, what problems still daunt the industry and the direction of addressing these problems that is currently showing the most promise.

Scope of this Article

This article will address at a summary level the most significant security risks in the wireless computing environment. The purpose of the article is to introduce in a centralized fashion the scope of the problem and the most significant talking points on the issue of wireless security and to summarize where the industry is in addressing these problems and where it is going.

Most Significant Sources of Security Risk in the Wireless Environment

The heart of the security problem in the wireless security setting is that networks are at heart an amalgam of independent processing units and the architecture itself is resistant to controls. The very ease of access, flexibility of expansion and evolution that makes the wireless world so successful make it highly vulnerable from a security standpoint.

Ease of access itself represents the greatest security challenge. The very navigation protocols that make it possible for users of a wireless network to find their destination nodes leave vulnerabilities for those who would use the network in an unethical, harmful or illegal manner. To date the strongest response to this form of threat is access controls which we will discuss shortly.

A second level of threat to the network are rogue access points both within the network or department or from outside of the network firewall. We will discuss rogue access points in greater depth momentarily as well.

Unauthorized use of network services represents a threat to the security of the system as well. Such network utilization not only creates unproductive network traffic but unauthorized users are the ones who will attempt to use network resources in a harmful way or attempt to break into data resources either for entertainment or illegal reasons. “Hacking” of this nature is a very serious problem particularly for network clients whose software and data repositories are of a sensitive and/or financial nature.

Another devious mythology used by network attackers is spoofing and session hijacking. Using the open nature of the network and sophisticated detection tools, the network hacker can simulate legitimate network directional information – “spoofing” those commands and in that way redirect traffic within the network in a way that disrupts performance and causes unauthorized and unexpected results for network users. Such activity represents forgery and is a serious attack on the network.


Real MITM attacks enabled by Komodia's software might have already happened

EFF researchers showed that MITM attacks taking advantage of software using Komodia's encryption libraries have probably been executed in the wild.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 27th