210 Chapter 8 E- Commerce Security Mechanisms
today may be breakable in 5 to 10 years. A reasonable security requirement is that procedures
must be viable for many years. It is necessary for the security designers to consider the best
cracking algorithms today and have provisions for field upgradeability in the future.
A user of a personal computer services (PCS) station needs privacy in the following areas:
Call setup information.•
User location.•
User identification.•
Calling patterns.•
All uses of PCS communications need to be private so that the user can send information
on any channelwhether it is voice, data, or control— and be assured that the transmission
is secure.
Both wireless and wired networks are subject to the same security risks and issues. These
include threats to the physical security of the resource, unauthorized access and eavesdrop-
ping, and attacks from within the authorized users. There are, however, two physical security
concerns that must be addressed in a wireless implementation: the interception and recon-
struction of radio transmissions and the theft or loss of system devices. These situations can
result in eavesdropping episodes and unauthorized access and use of the wireless resources.
While second- and third- generation (2G and 3G) wireless technologies continue to evolve and
a security rating might be assigned to a specic network component, implementation- specic
parameters remain key factors in defining the level of security actually achieved. To ensure
the security of information stored or transmitted by a wireless device, compliance with an
information security policy and associated standards is essential.
When a WLAN is part of an enterprise network, it provides an interface to a potential
intruder that requires no physical intervention or mechanism. The basic security principles
applicable to the wired networks also apply to the wireless environment; however, there are
unique issues that must be addressed: unauthorized access, integrity, denial of service, infer-
ence and deception, and vulnerabilities.
Unauthorized Access
Wireless systems provide opportunities for a number of vulnerabilities in condentiality. These
include browsing, eavesdropping, inference, leakage, masquerading, and traffic analysis. Each
of these activities can have a negative impact on the organization’s assets.
Eavesdropping is the ability of an intruder to intercept a message without detection. One
of the most challenging security issues associated with wireless is the radio- frequency (RF)
emanation. Denying access to these signals is difficult, because the distance they travel often
59940_Newman_02Print.indb 210 2/6/09 11:42:52 AM

Get Computer Security: Protecting Digital Resources now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.