Wireless security remains as main threat to mobility

R. A. Hettinga rah at shipwright.com
Wed Sep 8 13:55:53 EDT 2004 

<http://www.ottawabusinessjournal.com/283824489528668.php>

Ottawa Business Journal - News

Wireless security remains as main threat to mobility
By Ottawa Business Journal Staff
Mon, Sep 6, 2004 12:00 AM EST



 The wireless industry needs a lasting solution to one of its biggest
threats: outside intrusion.

 According to Victor Shevchenko, director of business development for the
Global Mobile Enterprise 2004 Conference, wireless security will be a main
discussion point at the conference, Sept. 14 to 16 at the Brookstreet Hotel.

 "Mainly, we're talking about the protection of electronic data transported
and received by Palm Pilots, mobile phones and computers connected through
wireless networks," said Mr. Shevchenko, who organized the conference with
Zora Arnautovic, director of the organizing committee.

 "The general trend is to get people mobile when they're offsite, but the
key challenges are: how can we ensure that the communication is secure,
that no data is compromised and that access to corporate networks through
secure wireless channels is safe?" said Mr. Shevchenko. "Protecting the
access and integrity of data being sent back and forth is the real
challenge."

 There is no universal standard acknowledged by the wireless industry as
the safest, he added. Virtual private networks (VPNs) are one way a company
can improve its wireless security, he said, adding new-generation
standards, such as WiMAX, are another.

 "One of the main purposes of our conference will be to determine what the
most promising (standard) is" so the industry can move forward, he said.

 Mark Zimmerman, vice-president of sales at Toronto-based Nextair Corp.,
said there is no "one-size-fits-all solution" to the issue of standards.
Mr. Zimmerman will attend the conference with Nextair CEO Ron Close, who
will lead a discussion on wireless applications.

 "There have been a number of hiccups along the way when securing
information that's being delivered over the air (between two wireless
devices)," said Mr. Zimmerman, describing the early wireless fidelity
standards as "not very good from a security perspective".

 In the past, officials from the federal government's Communications
Security Establishment (CSE) warned that cellphones, for example, should
not be relied on for transmitting sensitive data.

 "(They) could very easily be compromised," said Richard MacLean, a CSE
communications security engineer, at a May conference on wireless security.

 In a bid to ensure the encryption capability of public sector cellphones
is up to date, the CSE is testing global system for mobile phones equipped
to handle top-secret voice data.

 "Now we're approaching a level where (wireless standards) are secure for
many applications, if not for all," said Mr. Zimmerman. The one thing not
talked about is securing wireless devices themselves, he added.

 "When you look at PDAs that leave a (company's) building, they often have
the corporate crown jewels on them. In most cases, we do have the
technology, but we need to spend more time educating the marketplace and
our customers about using that technology and building it into products,
rather than turning to security as an afterthought."

 Mr. MacLean's advice is to use approved cryptography solutions, strong
passwords that are changed often and anti-virus software on PDAs and PCs
that can be updated frequently.

 The threat of outside intrusion is "very viable" because of ample hardware
and software capable of compromising wireless connectivity, said Mr.
Shevchenko.

 Such equipment can have "serious implications" for corporate productivity,
revenue and data, he added.

 While BlackBerries and other handheld e-mail devices are widely used by
businesspeople, users should know that, without private keys that can
encrypt the data, sensitive information can easily be poached, said Mr.
MacLean.

 The medical and financial fields have led by example when it comes to
wireless security, said Mr. Zimmerman, mostly because it's critical
security failures are avoided in these fields.

 Currently, new medical standards are being worked on to ensure there is no
electromagnetic interference with other pieces of medical equipment.

 In the transport industry, wireless security has become paramount, as
airports adopt wireless baggage handling systems.

 To protect its wireless system, Toronto's Pearson International Airport,
for example, uses additional software that encrypts and protects all
baggage-related transmissions to ensure no one from the outside can
manipulate the information in any way, according to Gary Long, general
manager of information technology at the Greater Toronto Airport Authority.

 The transport industry will be the subject of a wireless case study at the
conference, said Mr. Shevchenko.

 "We want to see where this is going and how it can be ensured. In all
honesty, I'm as eager as anyone to get some answers to some of these
questions."



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list