Wireless security… What?

This is getting ridiculous: an Internet search on “wireless securityreturns over a million results, while “wired security” is fetching much less, and the results aren’t much to do with transmission of data over networks.

There is no difference in wireless and non-wireless security. Layer 1 of the OSI model – the Physical – is in question. Anyone who assumes their physical layer is secured (e.g. no one can wiretap etc) should ask themselves a question – what makes them so sure? It is not a trivial task to locate a wireless bridge opening the network to external connections; it takes much more effort and sometimes very sophisticated electronics to find wire taps.

You should design infrastructure and applications as they were residing on public Internet. Saves a lot of grief further down the road.

Back to wireless security. They have some good ideas, like 802.11i – the security suite that requires endpoint authentication and encrypts traffic to the access point – however, that just highlights the fact that corporate switching and routing infrastructure too often is considered secure. What really makes a difference is wide adoption of secure configurations of wireless networks. Therefore it’s time to shift the emphasis from wireless back to OSI levels 2 to 7.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>