Wireless Security White Paper
27
This does not mean that there is no longer a need for WEP in an 802.11b LAN. As mentioned
above, 802.1x only provides authentication. It does not encrypt the over-the-air transmission. It is
therefore still possible for hackers to eavesdrop on conversations and intercept sensitive
information.
The ideal combination is to use 802.1x for authentication to the network, and WEP to ensure
privacy of the transmission. This does not address the cryptological weaknesses of WEP;
however, it does open the door for future versions of WEP to focus on privacy rather than
authentication.
WWAN Access Points
Telecommunications companies are responsible for the security of the data while the data passes
through their routers. That data is as secure as the trust management of privileges of the
employees working for the carrier itself. This level of security cannot be improved upon by the
corporation or by the access device user. Specific security provided for WWAN technologies is
described above under the section titled "Security Specific to WWAN Carrier Technologies."
Generally speaking, when data travels along the phone lines to the corporate firewall, the data is
secure barring phone line tapping. This is not a unique security problem and will not be discussed
in this paper, which is focused on wireless security.
Corporate Firewalls
The fourth key juncture in the pipe, after mobile access devices, wireless connectivity
technologies, and access points, centers on corporate firewalls.
A firewall is a set of related programs located at a network gateway server, which protects the
resources of a private network from users from other networks. (The term also implies that a
security policy is used with the programs.) An enterprise with an intranet that allows its workers
access to the wider Internet installs a firewall to prevent outsiders from accessing its own private
data resources and to control what outside resources its own users can access.
A firewall, working closely with a router program, examines each network packet to determine
whether to forward it to its destination. A firewall also includes or works with a proxy server that
makes network requests on behalf of workstation users. A firewall is often installed on a specially
designated computer separate from the rest of the network so that no incoming request can get
directly at private network resources.
There are several firewall screening methods. A simple one is to screen requests to make sure
they come from acceptable (previously identified) domain name and Internet Protocol (IP)
addresses. For mobile users, firewalls allow remote access to the private network through secure
log-on procedures and authentication certificates.
A number of companies make firewall products. Features include logging and reporting,
automatic alarms at given thresholds of attack, and a graphical user interface (GUI) for
controlling the firewall.