Security standards improve: improved encryption standards offer better wireless safeguards. (Wireless).
Wireless LANs (WWANs) and wireless WANs use different technologies and meet different needs. Their security challenges are similar, and a single security solution can be deployed over both kinds of networks.
The confidentiality of information is vital, since anyone connected to a WLAN See wireless LAN.
WLAN - wireless local area network or WWAN See wireless WAN. can eavesdrop eaves·drop
intr.v. eaves·dropped, eaves·drop·ping, eaves·drops
To listen secretly to the private conversation of others. . The security methods must also take the user experience into account: A method that is too much trouble will not be used.
Seamless roaming between networks is favorably accomplished using virtual private network (VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. ) technology for mobility (wireless), which connects network components and resources through secure protocol tunnels. Thus, mobile devices on disparate networks appear to share a common backbone.
Unlike VPN technology, which normally operates at the network layer and above, vendors of Wi-Fi-compliant devices supply encryption capabilities at the media access layer, based on the wired equivalency protocol (WEP (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. ) standard. The intent of the WEP standard is to use cryptography to make wireless LANs as secure as wired ones. Questions have been raised, however, that the chosen cipher cipher: see cryptography.
(1) The core algorithm used to encrypt data. A cipher transforms regular data (plaintext) into a coded set of data (ciphertext) that is not reversible without a key. mechanism for WEP is poorly suited for the way it is used in 802.11b environments.
Industry analysts and the Wireless Ethernet Compatibility Alliance recommend that enterprises deploy VPN technology, which directly addresses the security problem, and also provides advanced features like network and subnet (SUBNETwork) A logical division of a local area network, which is created to improve performance and provide security. To enhance performance, subnets limit the number of nodes that compete for available bandwidth. roaming, session persistence for intermittent connections, and battery life management for mobile devices.
Compared to WLANs, WWANs operate at much lower speeds and over greater distances. The security used for the wireless link depends on the access technology and the telecommunications carrier.
For example, in global system for mobile communications (communications) Global System for Mobile Communications - (GSM, originally "Groupe de travail Sp?ciale pour les services Mobiles") One of the major standards for digital cellular communications, in use in over 60 countries and serving over one billion subscribers. and derivative networks, subscriber identity mechanism cards are used to supply key information used during encryption. Although all of these WWAN security systems encrypt the data while it is being transmitted, security becomes the responsibility of the individual user once the data leaves the wireless interconnect and travels over a public network, such as the Internet.
To protect data from end to end, enterprises typically deploy wireless-optimized VPNs, just as they do with Wi-Fi networks. A VPN for WWANs should provide distinctions specific to wireless networks and use standard protocols like Layer 2 tunneling protocol/IPsec.
The most popular encryption algorithm deployed today is the data encryption standard See DES.
Data Encryption Standard - (DES) The NBS's popular, standard encryption algorithm. It is a product cipher that operates on 64-bit blocks of data, using a 56-bit key. It is defined in FIPS 46-1 (1988) (which supersedes FIPS 46 (1977)). (DES) as defined by the U.S. government. Improvements in processing power, however, have left the default 56-bit keys used by DES vulnerable to attack. To increase the level of privacy, many vendors have adopted what is commonly known as triple-DES. This involves running the same DES algorithm three times, using three separate keys. Unfortunately, this is processor intensive, making it inappropriate for less powerful wireless devices. In addition, tripling the key length to 168 bits does not improve privacy significantly.
To provide strong encryption with improved performance, the National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. selected Rijndael ("Rhine-doll") as the new advanced encryption standard (cryptography, algorithm) Advanced Encryption Standard - (AES) The NIST's replacement for the Data Encryption Standard (DES). The Rijndael /rayn-dahl/ symmetric block cipher, designed by Joan Daemen and Vincent Rijmen, was chosen by a NIST contest to be AES. (AES). Rijndael's low memory requirements and high performance make it suitable for mobile computing. The standard specifies three different key sizes: 128, 192 and 256. When selecting a VPN for wireless networks, choosing one that supports Rijndael yields improved performance and significantly stronger security.
Other attributes found in good WWAN VPNs include compression to increase perceived link speed; link optimizations to reduce protocol chattiness chat·ty
adj. chat·ti·er, chat·ti·est
1. Inclined to chat; friendly and talkative.
2. Full of or in the style of light informal talk: a chatty letter. ; and session persistence to handle times when the mobile station is in a coverage hole (where coverage is bad or blocked), detached from the network or suspended to conserve battery life. Session persistence is crucial, since it lets me user Keep me established session and VPN tunnel connected--even if a coverage hole is entered during an application transaction.
In Wi-Fi networks, poorly selected algorithms make for weak security. Users need to be able to roam to different subnets or networks while maintaining security associations. To make the mobile devices more usable, users have to be able to maintain their application sessions.
In WWANs, the network architecture sets the need for additional security measures. Coverage is spottier and the network is slower. Wireless users need session persistence, link optimizations and compression for the network to be usable.
In both types of networks, analysts recommend the use of VPNs for in-depth defense. The VPN should support standard security encryption algorithms and wireless optimizations suitable for today's smaller wireless devices.
Circle 255 for more information from NetMotion Wireless
Savarese is CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of NetMotion, Seattle, WA, www.netmotionwireless.com