Wireless security not taken seriously
Wireless is attracting many users for its flexibility and power to deliver quality service at high speed. But the security built into the 802.11 protocol in all its flavours is inadequate on its own, warns security expert Rogan Dawes of Deloitte & Touche Enterprise Risk Services.
Speaking at a joint marketing breakfast designed to spur acceptance of Centrino notebooks, hosted by Intel and NEC, Dawes provided welcome perspective on the security hoodoo surrounding wireless – a topics which along with legalities and business models is still clouding the issue.
Dawes says wireless networks are by definition a broadcast technology, enabling one to pick up the transmission and the content of the network session.
“The Wireless Equivalent Protocol (WEP), which is an integral, albeit optional part of the 802.11 standard, is not worth much on its own,” Dawes says. “It has been badly designed and cannot provide adequate security by itself. It is possible to recover the encryption key once sufficient information is intercepted, from the safety and comfort of your own car, parked outside the wireless premises.”
[ Read more ]
- Review: Deploying License-Free Wireless Wide-Area Networks (14 May 2003)
- Article: Positive Identification in a Wireless World (6 May 2003)
- Article: Warchalking and Other Wireless Worries (3 April 2003)
- Article: How to Make Wireless Networks Secure (26 March 2003)
- Article: Interview with Cyrus Peikari, CEO of AirScanner Mobile Security (24 February 2003)
- Review: Maximum Wireless Security (17 February 2003)
- Article: Detecting Wireless LAN MAC Address Spoofing (22 January 2003)
- Article: Avoid Wireless LAN Security Pitfalls (17 January 2003)
- Article: Interview with Jay Chaudhry, CEO of AirDefense (7 January 2003)
- Review: Wireless Security and Privacy: Best Practices and Design Techniques (17 December 2002)