- Email: [email protected]
Wireless Security — what is out there?
05 nese may.qxd
5/20/02
4:16 PM
Page 5
reports
Wireless Security — what is out there? Frost & Sullivan have recently released a report on the European Wireless Security Market and this has revealed some interesting findings with regards to wireless security. A selection of technologies that can be deployed to secure wireless environments are examined below, including the wireless transport layer security (WTLS), virtual private networks (VPN), wireless public key infrastructure (WPKI) and authentication systems. It is vital to ensure that all parts of the wireless security framework are secured , including mobile devices, wireless transmissions and networks, gateways and servers, and backend systems. Organizations globally are anxious about security issues with regards to the range of transmissions, which incorporates short range transmissions, WLANs and Bluetooth, and wide range, GSM, GPRS, and UMTS. Frost & Sullivan predict that the wireless security market will expand from $99.6 million in 2001 to $793.9 million in 2005 at a CAGR of 51.5%. When considering wireless security, end-to-end security must be deployed to span across the total network. According to the report, wireless security should incorporate the cooperation between several partners including mobile device vendors, mobile equipment manufacturers, security vendors, wireless operators, system integrators and consultants, the organization and, finally, the end-user. Wired environment solutions can often be applied to wireless environments but these will sometimes need changes or a complete rebuild. It is also critical to ensure that all implemented solutions must be interoperable and scalable. Mobile devices do not benefit from the protection of wired dev-ices, sheltered within a corporate network, so alternative security policies must be applied. All of the different transmission techniques each offer different opportunities for attack. A number of the solutions on the market for securing wireless systems are examined in the Frost & Sullivan report.
IVPNs Virtual Private Networks (VPNs) solutions are produced using protocols such as Layer Two Tunnelling Protocol (L2TP), Internet Protocol Security (IPSec) etc. IPSec is the most commonly used standard. With regards to VPN solutions, administrators are often challenged by the problem of protecting the remote access point. If a hacker manages to compromise a home users machine, an open door is provided into the corporate network. The system administrators may potentially have to ensure the security of a machine that is not under their direct control. Vendors have reacted to this problem with a flurry of devices that can be remotely managed and have security features built-in. According to Frost & Sullivan the remote access capacity of VPNs is the most attractive incentive for corporate deployment. When wireless transmissions are transported through a VPN, it is guaranteed to be more secure than with WEP only.
Wireless Transport Layer Security The Wireless Transport Layer Security (WTLS) is a standard, which enables security on mobile appliances running WAP. WTLS has been grouped into three classifications according to the WAP 1.1 specification, Class 1,
Class 2 and Class 3. Class 3 encompasses the capabilities of the other two classes and also client authentication. Mutual authentication is also possible between server and consumer through certificate exchange. The WTLS Class 3 session will only commence after both parties check the certificates. This level of security is not sufficient as the WAP protocol causes data to be encrypted at the user level, deciphered at the operator level and then encrypted again. The gateway decrypts the data to establish where it should be sent to reach the destination. This could present a hacker with an opportunity to a ccess the message. A perfect solution to this would involve positioning the WAP server behind a trusted network.
Wireless Public Key Infrastructure (WPKI) PKI allows the distribution of encrypted digital certificates as authentication means during a transaction. A certificate authority validates the digital certificate Wireless PKI for the wireless environment is based on WAP standards. The main components of the WAP/WPKI system are as follows: • Mobile phones containing the WAP identity module (WIM). • WAP gateway with certificate-based identity authentication. • Registration authority. • Back-end PKI infrastructure with access to certification authority infrastructure. The WIM within the handset stores the security keys and certificates and is a tamper-proof hardware module. SWIM and dual chip are the two current techniques applied to WIM. The SWIM method involves the WIM security features being stored on a subscriber identity module (SIM)
5
05 nese may.qxd
5/20/02
4:16 PM
Page 6
reports card. The dual chip approach involves a smartcard been placed temporarily in the phone. This allows segregation between the network subscription and other applications. It will be interesting to see the developing reception of both technologies in the market. According to Frost & Sullivan, mobile equipment is not mature enough to support this technology and widespread issues exist regarding standards and support.
User Authentication The user authentication market refers to user identity equipment, which encompasses tokens that produce passwords, universal serial bus (USB) keys, smartcards, smartcard readers, server seats and connected software, software tokens
and biometrics. According to Frost & Sullivan the user authentication market is expanding and will continue to do so. A number of issues have restricted user authentication from becoming the main approach for authenticating users onto networks: These include:
Other technologies that can be implemented to secure wireless networks include:•
• Standards and support issues.
• Web access control (WAC).
• High price of equipment.
• Wireless firewall gateways.
• The market failing to consider network security to be a prime issue in general. • Most of the user authentication market, in fact, 80% is composed of the hardware token market. The market expansion in this area will be accelerated by the capability of smartcards and USB tokens to store digital certificates.
• Anti-virus software. • Intrusion and detection systems. • Vulnerability assessment tools.
• Personal firewalls. • Content filtering. • Hard drive encryption. Overall the introduction of wireless communication devices will greatly improve the efficiency of business processes however security is still presenting a barrier to the complete acceptance of this technology.
has the largest Internet infrastructure and most online users, so it is no surprise that it came in No. 1. But the fact that servers in South Korea and China are used in so many attacks, "should be By Julie Jervis a wake-up call for the countries". Smith Edittech International said: "We found that nations with a strong communications infrastructure Pacific Rim countries accounted for 91% of all cyber-attacks in the fourth and free markets, which describes much quarter of 2001, according to a recent study that identified the countries of the Pacific Rim, are, and will likely causing the largest threat to computer systems worldwide. continue to be, the source of frequent information security attacks." He also South Korea topped the list with 34% were used to obtain the source of an maintained that nations with weaker of attacks, followed by China attack based on lookups to the respective economies and growing communicawith 29%, Japan 10%, Taiwan 7%, Hong registrars. tions infrastructures will likely be prime Kong 4%, Australia 3%, and both India Richard Smith, an analyst at Pre- sources of attacks as well. The study and Singapore at 2%. By contrast, non- dictive Systems Global Integrity unit, found if nations are in the early stages Pacific Rim countries posed a consider- said over the past few years, informa- of building infrastructure and do not ably lower threat profile, with Great tion security attacks have increased have the time, talent or funding to supBritain producing 7% of worldwide dramatically in number and in port security efforts, it is possible that attacks and Germany just 2%. strength."In order to more accurately internal attackers could take advantage Predictive Systems, a consulting firm predict the sources and nature of of lax security. "This situation is comthat focuses on building and securing future attacks, it is critical to have an pounded by external attackers who high-performance infrastructures, con- understanding of where the majority of might use such nations as a jump-off ducted the study, which monitored more the current activity is taking place," point for attacks," Smith said. than 12 million events in worldwide Smith said. "Regardless of the source of attack, it is network traffic from 54 geographically The study found that 49% of all critical for administrators to continue distinct sensors to gather information attacks took advantage of servers in the patching known vulnerabilities in a for its study. Each sensor monitored net- US, 17% used South Korean servers timely manner and taking practice steps works with ten to several thousand hosts and about 15% used servers based in to improve their security posture to and the source IP addresses of the vents China. According to the study, the US reduce risk and mitigate future attacks."
Worldwide cyber-attacks
6
5/20/02
4:16 PM
Page 5
reports
Wireless Security — what is out there? Frost & Sullivan have recently released a report on the European Wireless Security Market and this has revealed some interesting findings with regards to wireless security. A selection of technologies that can be deployed to secure wireless environments are examined below, including the wireless transport layer security (WTLS), virtual private networks (VPN), wireless public key infrastructure (WPKI) and authentication systems. It is vital to ensure that all parts of the wireless security framework are secured , including mobile devices, wireless transmissions and networks, gateways and servers, and backend systems. Organizations globally are anxious about security issues with regards to the range of transmissions, which incorporates short range transmissions, WLANs and Bluetooth, and wide range, GSM, GPRS, and UMTS. Frost & Sullivan predict that the wireless security market will expand from $99.6 million in 2001 to $793.9 million in 2005 at a CAGR of 51.5%. When considering wireless security, end-to-end security must be deployed to span across the total network. According to the report, wireless security should incorporate the cooperation between several partners including mobile device vendors, mobile equipment manufacturers, security vendors, wireless operators, system integrators and consultants, the organization and, finally, the end-user. Wired environment solutions can often be applied to wireless environments but these will sometimes need changes or a complete rebuild. It is also critical to ensure that all implemented solutions must be interoperable and scalable. Mobile devices do not benefit from the protection of wired dev-ices, sheltered within a corporate network, so alternative security policies must be applied. All of the different transmission techniques each offer different opportunities for attack. A number of the solutions on the market for securing wireless systems are examined in the Frost & Sullivan report.
IVPNs Virtual Private Networks (VPNs) solutions are produced using protocols such as Layer Two Tunnelling Protocol (L2TP), Internet Protocol Security (IPSec) etc. IPSec is the most commonly used standard. With regards to VPN solutions, administrators are often challenged by the problem of protecting the remote access point. If a hacker manages to compromise a home users machine, an open door is provided into the corporate network. The system administrators may potentially have to ensure the security of a machine that is not under their direct control. Vendors have reacted to this problem with a flurry of devices that can be remotely managed and have security features built-in. According to Frost & Sullivan the remote access capacity of VPNs is the most attractive incentive for corporate deployment. When wireless transmissions are transported through a VPN, it is guaranteed to be more secure than with WEP only.
Wireless Transport Layer Security The Wireless Transport Layer Security (WTLS) is a standard, which enables security on mobile appliances running WAP. WTLS has been grouped into three classifications according to the WAP 1.1 specification, Class 1,
Class 2 and Class 3. Class 3 encompasses the capabilities of the other two classes and also client authentication. Mutual authentication is also possible between server and consumer through certificate exchange. The WTLS Class 3 session will only commence after both parties check the certificates. This level of security is not sufficient as the WAP protocol causes data to be encrypted at the user level, deciphered at the operator level and then encrypted again. The gateway decrypts the data to establish where it should be sent to reach the destination. This could present a hacker with an opportunity to a ccess the message. A perfect solution to this would involve positioning the WAP server behind a trusted network.
Wireless Public Key Infrastructure (WPKI) PKI allows the distribution of encrypted digital certificates as authentication means during a transaction. A certificate authority validates the digital certificate Wireless PKI for the wireless environment is based on WAP standards. The main components of the WAP/WPKI system are as follows: • Mobile phones containing the WAP identity module (WIM). • WAP gateway with certificate-based identity authentication. • Registration authority. • Back-end PKI infrastructure with access to certification authority infrastructure. The WIM within the handset stores the security keys and certificates and is a tamper-proof hardware module. SWIM and dual chip are the two current techniques applied to WIM. The SWIM method involves the WIM security features being stored on a subscriber identity module (SIM)
5
05 nese may.qxd
5/20/02
4:16 PM
Page 6
reports card. The dual chip approach involves a smartcard been placed temporarily in the phone. This allows segregation between the network subscription and other applications. It will be interesting to see the developing reception of both technologies in the market. According to Frost & Sullivan, mobile equipment is not mature enough to support this technology and widespread issues exist regarding standards and support.
User Authentication The user authentication market refers to user identity equipment, which encompasses tokens that produce passwords, universal serial bus (USB) keys, smartcards, smartcard readers, server seats and connected software, software tokens
and biometrics. According to Frost & Sullivan the user authentication market is expanding and will continue to do so. A number of issues have restricted user authentication from becoming the main approach for authenticating users onto networks: These include:
Other technologies that can be implemented to secure wireless networks include:•
• Standards and support issues.
• Web access control (WAC).
• High price of equipment.
• Wireless firewall gateways.
• The market failing to consider network security to be a prime issue in general. • Most of the user authentication market, in fact, 80% is composed of the hardware token market. The market expansion in this area will be accelerated by the capability of smartcards and USB tokens to store digital certificates.
• Anti-virus software. • Intrusion and detection systems. • Vulnerability assessment tools.
• Personal firewalls. • Content filtering. • Hard drive encryption. Overall the introduction of wireless communication devices will greatly improve the efficiency of business processes however security is still presenting a barrier to the complete acceptance of this technology.
has the largest Internet infrastructure and most online users, so it is no surprise that it came in No. 1. But the fact that servers in South Korea and China are used in so many attacks, "should be By Julie Jervis a wake-up call for the countries". Smith Edittech International said: "We found that nations with a strong communications infrastructure Pacific Rim countries accounted for 91% of all cyber-attacks in the fourth and free markets, which describes much quarter of 2001, according to a recent study that identified the countries of the Pacific Rim, are, and will likely causing the largest threat to computer systems worldwide. continue to be, the source of frequent information security attacks." He also South Korea topped the list with 34% were used to obtain the source of an maintained that nations with weaker of attacks, followed by China attack based on lookups to the respective economies and growing communicawith 29%, Japan 10%, Taiwan 7%, Hong registrars. tions infrastructures will likely be prime Kong 4%, Australia 3%, and both India Richard Smith, an analyst at Pre- sources of attacks as well. The study and Singapore at 2%. By contrast, non- dictive Systems Global Integrity unit, found if nations are in the early stages Pacific Rim countries posed a consider- said over the past few years, informa- of building infrastructure and do not ably lower threat profile, with Great tion security attacks have increased have the time, talent or funding to supBritain producing 7% of worldwide dramatically in number and in port security efforts, it is possible that attacks and Germany just 2%. strength."In order to more accurately internal attackers could take advantage Predictive Systems, a consulting firm predict the sources and nature of of lax security. "This situation is comthat focuses on building and securing future attacks, it is critical to have an pounded by external attackers who high-performance infrastructures, con- understanding of where the majority of might use such nations as a jump-off ducted the study, which monitored more the current activity is taking place," point for attacks," Smith said. than 12 million events in worldwide Smith said. "Regardless of the source of attack, it is network traffic from 54 geographically The study found that 49% of all critical for administrators to continue distinct sensors to gather information attacks took advantage of servers in the patching known vulnerabilities in a for its study. Each sensor monitored net- US, 17% used South Korean servers timely manner and taking practice steps works with ten to several thousand hosts and about 15% used servers based in to improve their security posture to and the source IP addresses of the vents China. According to the study, the US reduce risk and mitigate future attacks."
Worldwide cyber-attacks
6