Google

So You Want To Be A Wireless Security Professional

So You Want To Be A Wireless Security Professional

Contact:[email protected]

by William Sieglein, Senior Security Engineer, Fortrex Technologies 
[ November 28, 2000 ] 

Q: I wish to know more about the security threats in the wireless area,
and I also want to know how dangerous these threats are. What types of
skill sets are required to deal with wireless security threats? I wish
to pursue a career in this area. What should one learn in order to
become a wireless security professional?
- Vivek Kashyap
A: You're either the pioneering type, or you're thinking this is the
next big wave and you want to get rich as a wireless security
consultant. Actually you might be both. 

Wireless technology is not brand-new; neither are the threats associated
with it. We've all heard about cases of cell phone cloning and the
incredible costs this brings to the industry. But now we're talking
about sending data over wireless networks -- potentially sensitive data.
We're opening up our trusted intranets to the public Internet. Of
course, we're already doing that over the wire-based Internet. But our
mobile friends need it via the airwaves. 

Is wireless any more dangerous than traditional wire-based networking?
The definitive answer is yes, it very possibly is. Wireless is just
another medium for getting data packets from point A to point B. The
wireless architecture provides possible points of attack against the
portable device (phone, PDA, laptop and so on), the wireless network and
the wireless gateway. Portable devices are vulnerable to DoS attacks,
malicious code, theft and compromise. Their packets, in transit over the
wireless network, are vulnerable to interception, modification and
replay or fabrication. Finally, the wireless gateways are potentially
vulnerable to DoS attacks and compromise. 

Does this mean there are "whackers" (wireless hackers) looming in the
shadows, waiting to pounce? Although there are no well-known incidents
of major attacks against wireless technology to date, there are ongoing
discoveries by research organizations and development companies that
expose weaknesses. So far, wireless technology providers have been less
than serious about closing these holes, primarily because the demand for
wireless technology is still modest. But rest assured that as wireless
picks up steam, these attacks will increase and the technology firms
will provide more solutions. 
You must keep this in mind as you educate yourself about wireless
security: Nothing in the real world happens in a vacuum. You can't just
look at a single solution to solve your security issues. You have to
consider the entire IT infrastructure when designing security solutions.
Putting up a WAP gateway is much like putting up a Web-based application
server. It usually exposes some portion of your back-end, trusted
infrastructure. So you must consider the entire solution, end to end,
and ensure that security addresses these vulnerabilities at all points.
Merely encrypting the link or requiring the user to authenticate is not
enough. You must consider intrusion detection, anti-virus, firewall
configuration, DMZ architecture, user authorization, access controls and
logging. 

I recommend that you become proficient in information security, with an
emphasis on wireless security technology. Wireless certainly holds
promise but, like all technologies, it will be superseded by another,
even cooler technology before you know it. 


Back to the Index