Wireless Security in Businesses - Essay Example

Running Head: WIRELESS SECURITY IN BUSINESSES Wireless Security in Businesses of Wireless Security in Businesses At present information and payments could be sent by wireless technology means to consumers at each moment anywhere. Wireless technology enables businesses a brand new channel. Wireless technology project of any organisation facilitate its consumers to formulate retail activities, using their mobile phones, palm pilots, and other hand-held instruments. In uncomplicated expressions, such organisation by switching to wireless technology allows its consumers receive or transmit data from a mobile phone to the organisation's server that links to consumer's account information--and vice versa--via a link supplied by a telecommunications services provider like AT&T to finish an range of transactions. Businesses' concern in taking wireless technology a stride ahead of chat is an international issue. Wireless security is at least as good quality as Internet security. Impending technologies and values will create wireless security better than wireline security. That's for the reason that security is being addressed in the early days of wireless communications. (Bill, 2004. 3) Wired security, though, fundamentally resulted from a hodgepodge effort to block holes after they were uncovered. For Instance wireless stock-trading coordination has three levels of security, which are armored by widespread consumer education and by systems that grasp anomalous trading patterns. The first level is on the device. A trading consumer has to pierce a consumer ID and a password, in addition a separate password, to carry out a transaction. The transaction is subsequently encrypted with a license-free, 128-bit Blowfish. (Macworld, 2003, 62) The confirmation system used for the wireless transactions is the identical as that used for Internet dealings, apart from that the wireless dealings are pennant as such, as an aid to troubleshooting. The reported consumer troubles have been only physical difficulties in entering data and passwords owing to tiny mobile-phone keys. Passwords can be complicated to enter on mobile phones because the similar key must at times be pushed more than once to enter a single letter, and password-masking formulates it difficult to verify the accuracy of the input. Systems will scrutinize wireless trading levels, and if a consumer's trading movement spikes unpredictably then the organisation will call the consumer. The first inquiry will be: "Does one still have the mobile" The prospective for loss or larceny of the handheld instruments signifies the supreme security weakness. Since organisations undervalue the extent of notebook loss or robbery, so the trouble will be shoddier with wireless instruments, creating confirmation and other issues. However the use of IDs and passwords mostly alleviates the risk masquerades by such losses. In addition, work by industry conglomerates sketches new wireless security methodologies that deal with the central issues surrounding wireless security. Those methods are verification, or confirmation of authorized admission, nonrepudiation, data veracity, approval and privacy. These industry groups include a wide selection of hardware vendors, encryption and software vendors, and financial institutions. Wireless security systems ought to be technology-agnostic. It is for the reason that they may have to function in numerous diverse settings, including CDMA, GSM, and TDMA, as well as become accustomed to cultural, legal, and technological disparities that exist from region to region. (Marshall, 2005, 2) At a financial services company the data from mobile phones enabled with WAP 1.0 are encrypted with Wireless Transport Layer Security, a wireless derivative of Secure Sockets Layer that's used for Web browsers to engage in secure sessions with servers. Encryption on as is managed through a public key infrastructure cryptographic framework. PKI is based on a pair of keys generated by a single algorithm, one public, and one private, known only to the consumer. The private key, which is never communal, is used to decrypt information that is been encrypted by a company using the public key. (Craig, 2003, 88) There is all the times a speculative possibility of security issues, but this achievement diminishes the risk to a level that's suitable to a financial institution whose standing rides on every transaction. However even this level of security can be enhanced. A dual system of security, for instance, a smart card or other identity device is swiped through a mobile phone can further improve the security. Ultimately, professionals forecast, biometrics will be included into wireless instruments to verify individuality through thumbprints or other individual characteristics. Wireless industry implementations are moving closer to the smart-card level of security, primarily to address the well-publicized security hole in WAP 1.0. That security hole made it possible for decrypted traffic to be intercepted as it passed from wired to wireless networks. This threat was downplayed in the security community because the vulnerable transfer point was under the security umbrella provided by carriers. Still, the breach was addressed in WAP 1.2, which requires a Wireless Identity Module, essentially a tamper-resistant smart card that uses PKI certificates to ensure continuous encryption throughout the connection. Businesses in other industries are also paying attention in wireless security and other back-office solutions so that they can allow wireless remote access to E-mail. The Wireless security server, which sits at the back of the firewall, directs communications to and from the Exchange Server. Wireless security has been tested, and it hasn't been an issue at all. As wireless solutions turn out to be more widespread and established implementations meet the high security standards of institutions, the overarching issue is the integration of wireless into IT environments. (Singer, 2004, 1) Certain security features are common to all types of wireless Systems; other controls are specific to the type of transmission being used. The features common to all wireless Systems include the primary security concern of wireless Systems focuses on the ability of a motivated individual to eavesdrop on data transmissions. However, it is currently probably easier to tap wired systems using analyzers and sniffers than it is to capture data off the airwaves. Devices for interception of wireless transmission are more expensive and the technical proficiency needed to operate them is much higher than that required to circumvent security on wired networks. Current forms of wireless systems can only transmit data to a relatively small geographic area (up to 50,000 square feet). Other security controls can be implemented to improve the overall security of wireless transmissions. Some of these controls are inherent features of specific types of wireless Systems. Spreading Codes. Spreading codes select the transmission frequencies in which messages are sent. The adequacy of the spreading code helps determine the effectiveness and reliability of the transmission. If the spreading codes used are difficult to identify, the wireless transmissions sent out across different frequencies will be correspondingly difficult to capture and reassemble into meaningful information. (Craig, 2003, 48) A spreading code that employs direct sequencing in which the transmissions are sent in a continuous, repetitive band of frequencies is more likely to be cracked than a code that uses frequency-hopping techniques. To ensure continued security of encrypted transmissions, the encryption keys should be changed on a regular basis. The risks associated with wireless systems can be evaluated according to the security objectives of information confidentiality, integrity, and availability. The methods of attack change when information moves from a wired to a wireless network. In a wireless configuration, it is relatively easy for a knowledgeable person with the appropriate hardware receiver to intercept radio frequencies and hence network traffic. This requires more sophisticated equipment and a higher level of technical proficiency regarding the transmission type and the nature of the data to be deciphered. In the case of spread spectrum systems, the potential eavesdropper would have to know, or guess, the spreading codes in use and reassemble packets accordingly. (Nick, 2000, 77) The data encryption can also be used to ensure the confidentiality of a message. Authentication and access controls to workstations and servers are also critical to ensure confidentiality; this is true for both wireless and wired systems. Integrity. Data integrity issues for wireless Systems focus on the potential to manipulate or corrupt transmitted data. Establishing strict atmospheric controls at the wireless site is generally impractical and expensive; it would defeat the primary advantage of this technology, which is ease of installation. Effective wireless systems should have integrity checking and error correction and detection capabilities to constantly cheek packets for integrity. Many major vendors employ Logical Link Control, a communications technique that helps ensure the reliability of transmissions. Providing verifiable proof of message integrity requires use of message authentication controls. (Alan, 2001, p-52) This encryption technology is designed to ensure that the message has not been tampered with in transit. This feature is not provided by wired or wireless systems; additional hardware or software is required. In wireless systems, threats to availability focus on signal jamming, which can interfere with or interrupt transmissions. Ensuring availability requires protecting against intentional attempts to jam frequencies as well as unintentional interruptions due to interference. A concerted effort by a highly motivated individual to intentionally disrupt wireless transmissions may be difficult to prevent. The wireless devices must also be properly located to prevent interference. The ability to function unencumbered by spurious or extraneous frequencies depend on the strength of the spreading technology that is implemented. In summary, it is important to ensure there is adequate protection of data transmitted over the open airwaves. Such techniques as encryption and spreading codes, as well as the general characteristic of close physical proximity common to most wireless systems, help ensure the confidentiality of wireless transmissions. However, threats to integrity and availability persist, in part because of the relative immaturity of wireless technology and limited experience with this technology. Wireless security enhancements will play a very important role in the development of business procedures worldwide. Bibliography Alan, Radding, (1/1/2001), Crossing the Wireless Security Gap. Computerworld, Vol. 35 Issue 1, p52. Bill, Howard, Craig, Ellison, (2/17/2004), Wireless Reaches More and Gets a Security Boost. PC Magazine, Vol. 23 Issue 3. Craig, Ellison, (10/1/2003), Communication Protector: Wireless Security, PC Magazine, Vol. 22 Issue 17, p88. Craig, Ellison, (Fall2003), Wireless Security: WPA Step by Step. PC Magazine, Vol. 22 Issue 18, p48. Macworld, J. Snell, (Mar2003), Security in a Wireless World. Vol. 20 Issue 3, p62. Marshall, Breeding, (Mar2005), Implementing Wireless Networks Without Compromising Security. Computers in Libraries, Vol. 25 Issue 3. Nick, Wreden, (08/07/2000), Wireless Overcomes Security Woes, InformationWeek, Issue 798, p77. Singer, R. Gordon, (11/1/2004), War Driving: Drive, Detect, Defend; A Guide to Wireless Security / Wi-Foo: The Secrets of Wireless Hacking, Library Journal, Vol. 129 Issue 18. Read More