Hardened protocols for authentication, authorization, and encryption have been built into devices and devices drivers; and they have proven highly effective in keeping unauthorized users outsides the security perimeter.

---

from Intel Corp.

Companies have long recognized that wireless technology provides significant and, in many cases, unique operational efficiencies. Wireless LAN technology first saw widespread deployment in warehouses, then on the shop floors, and finally today in the hands of mobile workers of all kinds. Executives and knowledge workers from small office/home office (SOHO) businesses to large multi-campus enterprises today depend on wireless technology to enable them to have all their computing resources with them at all times.

Within large enterprises, however, the wireless paradigm still is not completely accepted despite the benefits it confers. In part, managers' resistance derives from the perception that wireless LANs are less secure than traditional wired networks. This perception is based on several factors, including greater familiarity and comfort with wired security and the belief that the presence of a physical medium provides greater access control than wireless radio communication. However, due to advances during the last few years, wireless communication can be deployed with a level of security comparable or even superior to that of wired networks. Hardened protocols for authentication, authorization, and encryption have been built into devices and devices drivers; and they have proven highly effective in keeping unauthorized users outsides the security perimeter. This paper describes the types of vulnerabilities that can occur on unguarded wireless networks and the protocols and technologies that counter these threats.

The fundamental process of network security
Security in enterprises typically focuses on the two processes: authentication and authorization. Authentication is the process of verifying that users are who they claim to be, especially at the point at which they attempt to log into the network. User Ids combined with passwords are a familiar form of authentication.

Authorization is the process of identifying what a user is entitled to do on the system. Many sites today assign individual users to specified groups or profiles that define the set of activities they are entitled to perform, while denying access to other areas.

In addition to authentication and authorization, wireless networks should user encryption to protect data from exposure to unauthorized parties, as all data items necessarily pass over publicly accessible airwaves. Data authentication is an additional step that protects sites against message forgeries.

Let's look at the kinds of attacks that can occur on unprotected wireless networks and then examine the protocols that defend against them.

Possible attacks
While attacks and vulnerabilities take many forms, they most often fall into one of the categories described next. While some vulnerabilities might not appear severe, each can result in unauthorized access to company information or resources. As a result, it is wise to view all vulnerabilities presented here as severe. Anytime access is obtained by an intruder, a company's assets are at severe risk.

Read the rest of this whitepaper: click link, below.

© 2004 Intel Corp.