Security Risks In The Wireless Computing Environment
by Jerry Malcolm - for HNS - Wednesday, 22 December 2004.
Authentication is an access control method that is well understood by the network users. Utilizing the login and password system, authentication not only permits network security to know who is utilizing the system and to control their access easily, it affords the ability to control with precision how each user can use the system, the level of security they can be granted and the level of impact each user is permitted to have on the data resources and network performance.

Computer security has long been regimented to make available security levels that range from low risk access to very highly secured networks such as those used by financial or military institutions. Such disciplines worked out under the mainframe paradigm do provide a structure for the organization to implement access control systems in the wireless landscape.

Authentication similarly can be introduced at a relatively loose level or increasingly more strict controls imposed depending on the potential risk and the criticality of the resources and services offered by the network. User name and password controls are common but for more tightly controlled networks, an access card such as used in the ATM setting layers into the security plan greater controls. Further the rate of revision of the passwords, the level of complexity passwords are required to maintain raise the standard of security significantly but also introduce “east of use” difficulties that must be considered. Over all however, how authentication is used and a program for routine review and improvement of authentication is critical to the creation and ongoing operation of a wireless security scheme.

Encryption

Encryption addresses a different level of security concerns than access control and authentication are designed to defend against. Encryption stated simply is the encoding of sensitive data within the network to be decoded upon arrival at the destination point. In this way if the information is accessed by an unauthorized agent, decryption would be difficult or impossible.

Encryption has its value in a wireless security plan because it defends against spoofing, session hijacking or external unauthorized monitoring of the network. Encryption of the user name and password does enter into the authentication plan but only by way of securing those codes against possible identity theft. Within the operation of the network, encryption of packet data transverseing the network does provide a higher defense against network compromise coming from a hacker learning of network data flows as well as access to sensitive data.

The trade off of encryption is high cost of keeping abreast of encryption technologies and standards and the impact on network performance due to the overhead encryption and decryption must have on the movement and access to data packets. Before deciding on the use of or the level of encryption to utilize, performance evaluation, throughput, response time and capacity studies should be completed to have a firm grasp on what the potential customer impact such security will introduce.

The Wi-Fi Protected Security Specification – The WPA

The most significant leap forward toward a universally applicable wireless security specification was the release of the Wi-Fi Protected Access (WPA) Security Specification. As with any important step toward greater control in I.T. history, it has been the implementation of industry standards that brought the ability to impose controls on an other wise out of control situation.

The WPA addressed in detail and put standardized protocols in place for the highest level security measures that needed to become stabilized and supported across the board. Amongst those were user authentication standards, a data encryption protocol that came to be identified as TKIP and data validation methodologies.

Spotlight

What can we learn from the top 10 biggest data breaches?

Posted on 21 August 2014.  |  Here's a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //