Mobility Or Security - Must You Choose?

Wireless technology is changing the way people work in countless ways. By freeing us - and our PCs, PDAs (personal digital assistants), printers, phones, and headsets - from the physical limitations imposed by cables and walls, wireless technology is enabling us to realize the full potential of an anywhere, anytime workplace. The use of wireless technology is becoming more evident every day. Wireless may dismiss the need for wires and cables to stay connected, but how secure is mission-critical data?

Wi-Fi And Bluetooth Together?
Two wireless technologies play key roles in this new mobile world: Wi-Fi and Bluetooth. While both operate in the 2.45 GHz spectrum, they should be viewed as complementary, not competitive, approaches to wireless communications. Wi-Fi (802.11b technology) provides untethered LAN access, enabling workers with PCs to connect to a company's LAN wirelessly while offering a 300-foot range. In contrast, Bluetooth is proving to be well suited as a cable replacement mechanism, with a 30-foot range. Bluetooth enables communication between peripherals such as printers, PDAs, and phones/headsets without the physical constraints of cabling or the line-of-sight restrictions of infrared techology.

(A recent forecast from IDC predicts Bluetooth-related revenue will increase from $76.7 million in 2001 to $2.6 billion in 2006. Gartner estimated that 161 million Bluetooth-enabled products will be shipped in 2003 and 362 million in 2004.)

Mobility Threatens Security
There is a down side to this mobility-enabled workplace - a new set of security concerns from a new breed of hackers. War-drivers often tap into mission-critical, proprietary databases through a company's LAN. (War-driving is the practice of tapping into a Wi-Fi access point without permission.) What is surprising is 50% of instances of unauthorized access occur because even the most basic levels of security protocols available for wireless LANs have not been implemented. This is tantamount to allowing anyone with a PC to come into a company and connect to its network and databases. In Wi-Fi communications, the wired equivalent protocol provides basic security. However, this encryption scheme is proving vulnerable to determined hacking attempts.

The differences in operating characteristics between Bluetooth and Wi-Fi also provide a certain level of additional security. While war-drivers are looking for Wi-Fi access points because of the LAN access they provide, Bluetooth technology does not expose a company's entire network through wireless access. Bluetooth has a much smaller perimeter to physically secure compared to 802.11, and it uses a frequency-hopping mechanism of 1,600 hops per second, making the transmissions difficult to tap into.

Unlike 802.11b, Bluetooth uses two different keys for authentication and encryption. Authentication uses link keys, which can be either unit keys or combination keys. A unit key means the same key applies for each connection from a particular device. A combination key is different for each particular set of devices. The Bluetooth Special Interest Group recommends the use of combination keys for authentication, thus preventing the possibility of communication between two devices being overheard by a third device that has been paired with the originating device. To provide further security, it is recommended that this initial pairing take place in a private location.

Take Responsibility For Your LAN's Security
Is there a right technology? In actuality, both wireless technologies exist in the same space and each has a special role to perform. Bluetooth is really a cable replacement and should be viewed in this manner. Expecting Bluetooth to operate across large selling areas will only lead to disappointment.

Bluetooth's forte is enabling PDAs, mobile printers, and portable phones to interact in close proximity without cables. Most important, though, is to remember that the greatest area of security vulnerability is not in the technology, but rather, in the human element. Be sure you fully understand and implement the security features already residing in your wireless technologies. You'll sleep better.