Security for 802.11

Security is a broad subject, and there is an entire chapter dedicated to the unique challenges with security for voice mobility later. But any component of voice mobility over Wi-Fi will require some use of 802.11's built-in encryption. Keep in mind that securing the wireless link is not only critical, but may be the only encryption used to prevent eavesdroppers from listening in on sensitive voice calls for many networks.
802.11 security has both a rich and somewhat checkered past. Because of the initial application of 802.11 to the home, and some critical mistakes by some of the original designers, 802.11 started out with inadequate protection for traffic. But thankfully, all Wi-Fi-certified devices today are required to support strong security mechanisms.
Nevertheless, administrators today do still need to keep in mind some of the older, less secure technologies—often because the mobile handset might not correctly support the latest security, and it may fall to you to figure out how to make an old handset work without compromising the security of the rest of the network.
A secure wireless network provides at least the following (borrowed from Chapter 8):
  • Confidentiality: No wireless device other than the intended recipient can decrypt the message.
  • Outsider Rejection: No wireless device other than a trusted sender can send a message correctly encrypted.
  • Authenticity and Forgery Protection: The recipient can prove who the original composer of the message is.
  • Integrity: The message cannot be modified by a third party without the message being detected as having been tampered with.
  • Replay Protection: A older but valid message cannot be resent by an attacker later, thus preventing attackers from replaying old transactions.
Some of these properties are contained in how the encryption keys get established or sent from device to device, and the rest are contained in how the actual encryption or decryption operates.

No comments:

Telecom Made Simple

Related Posts with Thumbnails