security in wireless communication

There is no communications system in the world that cannot be hacked. All networks, wireless or hard wired can be penetrated by the application of the right method in the right place.

That is a statement of fact and it will always be so. Community system security will for ever be a case of application of best endeavour protection at the current time. For best endeavour, read ‘do what you can within the budget available’.

In the past I have had demonstrated to me system penetration in various situations by experts, who, once focussed on a system, and motivated to crack that system, will find a way in.

The motivation in most of these cases was, quite simply, to prove that a weakness existed, and to show how it could be exploited. The result in most of these cases was to plug the weakness demonstrated. The unfortunate fact in most of these cases is that other weaknesses also existed in the same systems that were not plugged, and were open for to further, future penetration.

I have never seen a system made totally safe.

Wireless offers huge opportunities to potential for penetration. WEP and WPA are wide open to a skilful data highjack. But, the best approach in security evaluation must be to examine ‘why?’

There is a vast difference between a hacker, one who will penetrate a system because it presents a challenge, and a cracker, one who penetrates a system for gain.

Both hacker and cracker present the IT professional with issues but while the hacker may damage your image, the cracker will seriously damage the organisation that employs you. And you will never know that a good cracker has ever been there.

Any security assessment must take into account what is at stake. What would be the gain for anyone to penetrate the system that you wish to protect. Act to ensure protection at the level of risk. (Don’t forget that corporate image may have a huge influence here. If the organisation could be made to look silly as a result of a security breach, that could be as damaging as a million dollar rip off.)

An executive or worker using wireless from a remote site (say from home) is a low level risk. It will be one connection, the penetrator must identify the opportunity, and the location, before making a move to intercept data. Wireless rollout on a corporate site is much more of a risk. A single penetrator, parked in the company car park could reap lots of data from that.

The main questions must be those regarding the quality, value and quantity of the data that may be intercepted. But always stay conscious of the fact that if wireless were a lot more secure, how much harder woud it be for the penetrator to infiltrate a contractor or temporary worker onto site, with legal access, in order to mine the data wanted?


COMMENT Uncategorized