Four essential elements of wireless security
Maintaining security while providing mobile workers with access to the information they need when and where they need it is complex. Protecting enterprise IT infrastructure requires a deep understanding of the risks associated with mobile applications, handhelds and wireless networks. The move toward wireless data access extends the perimeter of the corporate network and, like earlier innovations, raises many security issues. Compared with behind-the-firewall enterprise systems, wireless handheld computing systems are fundamentally different and involve incremental security risks. To ensure security across the entire system, enterprises must recognize and address risks across the three different links in a wireless handheld computing system:
1. Perimeter or firewall security — When a corporation wishes to make enterprise systems like enterprise messaging servers, CRM, ERP or intranet Web pages accessible wirelessly, the first priority is to maintain the security of the internal network. Any programs running inside the firewall must not open avenues of attack from programs running outside. Additional perimeter security considerations include:
o Authentication — Each component of a wireless system must be able to prove that it is authorized to communicate on the network. It must not be possible for an attacker to impersonate a handheld or server, thereby misleading authentic services into communicating with it.
o Administrative security — Enterprises need to ensure that different administrative tasks are accessible only to the appropriate administrator. For example, only the most senior system administrators may modify system-wide security policies while lower level administrators may provision new users.
2. Transmission/Over-the-Air (OTA) security—When internal information is transmitted over the public Internet and/or a wireless network, the data must be protected against interception or “man-in-the-middle” attacks. Data packets can be intercepted and read if unencrypted or weakly encrypted transmission security is employed. The handheld session itself can be hijacked and an unauthorized user can interact with backend systems if transmission and authentication security is not robust.
3. Handheld security — Once internal information is received and decrypted for viewing on a handheld, that information must be protected against access by unauthorized users or programs on the handheld. Handheld security must also address corporate requirements to control various functions on the handheld (like use of Wi-Fi, Bluetooth,® cameras, speakers, etc.) as well as provide IT managers with a mechanism to control which applications are used on a handheld
4. Human - human is of course the weakest link in the wireless security, by the increasing number of wireless device every person and company should put the risk of social engineering issue at the top priority
download here for more detail about Good Architecture and Security for Wireless
(FREE download, 19 pages report)