<http://www.ottawabusinessjournal.com/283824489528668.php>
Ottawa Business Journal - News Wireless security remains as main threat to mobility By Ottawa Business Journal Staff Mon, Sep 6, 2004 12:00 AM EST The wireless industry needs a lasting solution to one of its biggest threats: outside intrusion. According to Victor Shevchenko, director of business development for the Global Mobile Enterprise 2004 Conference, wireless security will be a main discussion point at the conference, Sept. 14 to 16 at the Brookstreet Hotel. "Mainly, we're talking about the protection of electronic data transported and received by Palm Pilots, mobile phones and computers connected through wireless networks," said Mr. Shevchenko, who organized the conference with Zora Arnautovic, director of the organizing committee. "The general trend is to get people mobile when they're offsite, but the key challenges are: how can we ensure that the communication is secure, that no data is compromised and that access to corporate networks through secure wireless channels is safe?" said Mr. Shevchenko. "Protecting the access and integrity of data being sent back and forth is the real challenge." There is no universal standard acknowledged by the wireless industry as the safest, he added. Virtual private networks (VPNs) are one way a company can improve its wireless security, he said, adding new-generation standards, such as WiMAX, are another. "One of the main purposes of our conference will be to determine what the most promising (standard) is" so the industry can move forward, he said. Mark Zimmerman, vice-president of sales at Toronto-based Nextair Corp., said there is no "one-size-fits-all solution" to the issue of standards. Mr. Zimmerman will attend the conference with Nextair CEO Ron Close, who will lead a discussion on wireless applications. "There have been a number of hiccups along the way when securing information that's being delivered over the air (between two wireless devices)," said Mr. Zimmerman, describing the early wireless fidelity standards as "not very good from a security perspective". In the past, officials from the federal government's Communications Security Establishment (CSE) warned that cellphones, for example, should not be relied on for transmitting sensitive data. "(They) could very easily be compromised," said Richard MacLean, a CSE communications security engineer, at a May conference on wireless security. In a bid to ensure the encryption capability of public sector cellphones is up to date, the CSE is testing global system for mobile phones equipped to handle top-secret voice data. "Now we're approaching a level where (wireless standards) are secure for many applications, if not for all," said Mr. Zimmerman. The one thing not talked about is securing wireless devices themselves, he added. "When you look at PDAs that leave a (company's) building, they often have the corporate crown jewels on them. In most cases, we do have the technology, but we need to spend more time educating the marketplace and our customers about using that technology and building it into products, rather than turning to security as an afterthought." Mr. MacLean's advice is to use approved cryptography solutions, strong passwords that are changed often and anti-virus software on PDAs and PCs that can be updated frequently. The threat of outside intrusion is "very viable" because of ample hardware and software capable of compromising wireless connectivity, said Mr. Shevchenko. Such equipment can have "serious implications" for corporate productivity, revenue and data, he added. While BlackBerries and other handheld e-mail devices are widely used by businesspeople, users should know that, without private keys that can encrypt the data, sensitive information can easily be poached, said Mr. MacLean. The medical and financial fields have led by example when it comes to wireless security, said Mr. Zimmerman, mostly because it's critical security failures are avoided in these fields. Currently, new medical standards are being worked on to ensure there is no electromagnetic interference with other pieces of medical equipment. In the transport industry, wireless security has become paramount, as airports adopt wireless baggage handling systems. To protect its wireless system, Toronto's Pearson International Airport, for example, uses additional software that encrypts and protects all baggage-related transmissions to ensure no one from the outside can manipulate the information in any way, according to Gary Long, general manager of information technology at the Greater Toronto Airport Authority. The transport industry will be the subject of a wireless case study at the conference, said Mr. Shevchenko. "We want to see where this is going and how it can be ensured. In all honesty, I'm as eager as anyone to get some answers to some of these questions." -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]