WIRELESS
SECURITY—INFORMATION FOR CIOS—
TECHNICAL
APPENDIX
Introduction
This
appendix provides Chief Information Officers (CIOs), Chief Technology Officers
(CTOs) and IT managers with technical detail to support the primary reports on
the topic of Wireless Security. The appendix concentrates on the WiFi and WiMAX
technologies, detailing the threats and risks in these technologies and ways to
manage them. The paper includes additional information regarding management, operational
and technical countermeasures to the standard CIO paper, to help organise related
decisions.
This
technical appendix and the associated reports have been developed by the IT Security
Expert Advisory Group (ITSEAG) which is part of the Trusted Information Sharing
Network (TISN) 1 for critical infrastructure protection.
Wireless
networks are exposed to many of the same risks as wired networks, but they are
also vulnerable to additional risks. Wireless networks transmit data through
radio frequencies (RF) so there is an increased chance that communications may
be tapped into by intruders unless properly protected. Intruders have exploited
the openness of wireless systems to access systems, destroy or steal data,
launch attacks that tie up network bandwidth and deny service to authorised
users, and to eavesdrop on conversations2. For example, attackers have compromised wireless systems to gain
access to sensitive payment card data.
This
paper should not be taken as an exhaustive technical coverage of
vulnerabilities or risks associated with wireless technologies. It primarily
deals with the IEEE 802.11 group of standards for Wireless Local Area Networks
(WLANs) and the IEEE 802.16 group
of standards for Wireless Metropolitan Area Networks (WMANs).
1 TISN enables the owners and operators of critical infrastructure
to share information on important issues. It is made up of nine sector-specific
Infrastructure Assurance Advisory Groups (IAAG), several Expert Advisory Groups
(EAG), and the Critical Infrastructure Advisory Council (CIAC - which is the peak
body of TISN and oversees the IAAGs and the EAGs). More information on TISN can
be sought from www.tisn.gov.au or
by contacting cip@ag.gov.au. The ITSEAG is one of the
expert advisory groups within the TISN framework. The ITSEAG provides advice to
the CIAC and the sector-based IAAGs on IT security issues as they relate to
critical infrastructure protection. It is made up of academic specialists,
vendors, consultants and some industry association representatives who are leaders
in the information technology/e-security field. The ITSEAG Secretariat can be
contacted on (02) 6271 7018.
2 Page 1 Security for Wireless Networks and Devices, Shirley
Raddock, National Institute of Standards
DISCLAIMER:
To the extent permitted by law, this document is provided without any liability
or
warranty. Accordingly, it is to be used only for the purposes specified and the
reliability of
any
assessment or evaluation arising from it are matters for the independent
judgement of users.
The
document is intended as a general guide only and users should seek professional
advice as to
their
specific risks and needs. This information is not legal advice and should not
be relied upon
as
legal advice.
No comments:
Post a Comment