Wireless Popularity 3: Problems Solved; Future Use
(Page 1 of 3 )
The first two articles in this series covered the security issues raised by wireless networks, many of which are inherent in computer network protocols. This final article in the series describes some of the ways to solve these security problems, and discusses the future possibilities of wireless networking technology.
Introduction
The previous two articles in this series have been relatively pessimistic in pointing out the many problems and pitfalls surrounding widespread wireless networking. They have dealt with the inherent insecurity of application level protocols, the lack of knowledge possessed by end users necessary to be security conscious when using wireless Internet, and some of the new avenues of attack to which networks are vulnerable.
However, these problems are all easily surmountable, and in many cases require moderate or relatively little effort on the part of systems administrators and end users. After discussing these solutions, I will endeavor to describe my view of how wireless networking will change our use of the Internet, and discuss some of the promise of this new technology
Security Solutions: Encryption
The simple answer to many of the security concerns of wireless networking is encryption. Simply scrambling traffic between servers and clients not only protects the traffic from interception on a wireless network, but it adds an extra layer of protection for wired traffic. The difficulty with this solution lies in the various logistical implementation problems.
For home users, WEP, or better yet, WPA can solve this problem. These methods protect all traffic with encryption, and furthermore prevent most unauthorized use or “piggy-backing” of residential connections.
However, on public access points, the distribution of keys for these encryption schemes poses a problem. The solution here is application protocol encryption. Many common application protocols can now be encrypted using SSL. This would protect data bound for specific servers. The issue here is making sure that this capability is enabled and set up correctly on both the server and client programs involved. System administrators must install SSL certificates in servers, and test to make sure the encryption is working correctly. In addition, client software must be able to take advantage of the SSL encryption layer, and users must know how to distinguish when their encryption is protecting traffic and when it is not.
In some cases, system administrators and ISP owners may not have SSL enabled on their systems. Turning on this feature on their servers would greatly increase the level of security they can offer to users. If your ISP or business does not have SSL enabled on their email or FTP servers, make them aware of this fact and try to get them to enable this feature. SSL can usually be enabled on most server daemons in such a way as to allow a user’s client program to request SSL and switch to SSL mode for that connection only, thus allowing backwards compatibility. This is a server dependent feature, and therefore will differ depending upon what kind of server you use.
Next: Security Solutions: Education >>
More Opinions Articles
More By Michael Swanson
