210 Chapter 8 E- Commerce Security Mechanisms
today may be breakable in 5 to 10 years. A reasonable security requirement is that procedures
must be viable for many years. It is necessary for the security designers to consider the best
cracking algorithms today and have provisions for ﬁeld upgradeability in the future.
A user of a personal computer services (PCS) station needs privacy in the following areas:
Call setup information.•
All uses of PCS communications need to be private so that the user can send information
on any channel— whether it is voice, data, or control— and be assured that the transmission
WIRELESS LAN SECURITY
Both wireless and wired networks are subject to the same security risks and issues. These
include threats to the physical security of the resource, unauthorized access and eavesdrop-
ping, and attacks from within the authorized users. There are, however, two physical security
concerns that must be addressed in a wireless implementation: the interception and recon-
struction of radio transmissions and the theft or loss of system devices. These situations can
result in eavesdropping episodes and unauthorized access and use of the wireless resources.
While second- and third- generation (2G and 3G) wireless technologies continue to evolve and
a security rating might be assigned to a speciﬁc network component, implementation- speciﬁc
parameters remain key factors in deﬁning the level of security actually achieved. To ensure
the security of information stored or transmitted by a wireless device, compliance with an
information security policy and associated standards is essential.
When a WLAN is part of an enterprise network, it provides an interface to a potential
intruder that requires no physical intervention or mechanism. The basic security principles
applicable to the wired networks also apply to the wireless environment; however, there are
unique issues that must be addressed: unauthorized access, integrity, denial of service, infer-
ence and deception, and vulnerabilities.
Wireless systems provide opportunities for a number of vulnerabilities in conﬁdentiality. These
include browsing, eavesdropping, inference, leakage, masquerading, and trafﬁc analysis. Each
of these activities can have a negative impact on the organization’s assets.
Eavesdropping is the ability of an intruder to intercept a message without detection. One
of the most challenging security issues associated with wireless is the radio- frequency (RF)
emanation. Denying access to these signals is difﬁcult, because the distance they travel often
59940_Newman_02Print.indb 210 2/6/09 11:42:52 AM