Computer security has long been regimented to make available security levels that range from low risk access to very highly secured networks such as those used by financial or military institutions. Such disciplines worked out under the mainframe paradigm do provide a structure for the organization to implement access control systems in the wireless landscape.
Authentication similarly can be introduced at a relatively loose level or increasingly more strict controls imposed depending on the potential risk and the criticality of the resources and services offered by the network. User name and password controls are common but for more tightly controlled networks, an access card such as used in the ATM setting layers into the security plan greater controls. Further the rate of revision of the passwords, the level of complexity passwords are required to maintain raise the standard of security significantly but also introduce “east of use” difficulties that must be considered. Over all however, how authentication is used and a program for routine review and improvement of authentication is critical to the creation and ongoing operation of a wireless security scheme.
Encryption addresses a different level of security concerns than access control and authentication are designed to defend against. Encryption stated simply is the encoding of sensitive data within the network to be decoded upon arrival at the destination point. In this way if the information is accessed by an unauthorized agent, decryption would be difficult or impossible.
Encryption has its value in a wireless security plan because it defends against spoofing, session hijacking or external unauthorized monitoring of the network. Encryption of the user name and password does enter into the authentication plan but only by way of securing those codes against possible identity theft. Within the operation of the network, encryption of packet data transverseing the network does provide a higher defense against network compromise coming from a hacker learning of network data flows as well as access to sensitive data.
The trade off of encryption is high cost of keeping abreast of encryption technologies and standards and the impact on network performance due to the overhead encryption and decryption must have on the movement and access to data packets. Before deciding on the use of or the level of encryption to utilize, performance evaluation, throughput, response time and capacity studies should be completed to have a firm grasp on what the potential customer impact such security will introduce.
The Wi-Fi Protected Security Specification – The WPA
The most significant leap forward toward a universally applicable wireless security specification was the release of the Wi-Fi Protected Access (WPA) Security Specification. As with any important step toward greater control in I.T. history, it has been the implementation of industry standards that brought the ability to impose controls on an other wise out of control situation.
The WPA addressed in detail and put standardized protocols in place for the highest level security measures that needed to become stabilized and supported across the board. Amongst those were user authentication standards, a data encryption protocol that came to be identified as TKIP and data validation methodologies.