|
|
Programming Help |
Homework Help |
Counseling Astrology Advice | Tarot Advice | Parenting Dating Advice | Love Advice | Divorce Advice Legal Advice | Debt Advice | Career Advice W IRELESS N ETWORK S ECURITY 2-6 ! Malicious entities may use a third party, untrusted wireless network services to gain access to an agency's network resources. ! Internal attacks may be possible via ad hoc transmissions. As with wired networks, agency officials need to be aware of liability issues for the loss of sensitive information or for any attacks launched from a compromised network. 2.5 Emerging Wireless Technologies Originally, handheld devices had limited functionality because of size and power requirements. However, the technology is improving, and handheld devices are becoming more feature-rich and portable. More significantly, the various wireless devices and their respective technologies are merging. The mobile phone, for instance, has increased functionality that now allows it to serve as a PDA as well as a phone. Smart phones are merging mobile phone and PDA technologies to provide normal voice service and e- mail, text messaging, paging, Web access, and voice recognition. Next-generation mobile phones, already on the market, are quickly incorporating PDA, IR, wireless Internet, e-mail, and global positioning system (GPS) capabilities. Manufacturers are combining standards as well, with the goal to provide a device capable of delivering multiple services. Other developments that will soon be on the market include global system for mobile communications-based (GSM-based) technologies such as General Packet Radio Service (GPRS), Local Multipoint Distribution Services (LMDS), Enhanced Data GSM Environment (EDGE), and Universal Mobile Telecommunications Service (UMTS). These technologies will provide high data transmission rates and greater networking capabilities. However, each new development will present its own security risks, and government agencies must address these risks to ensure that critical assets remain protected. 2.6 Federal Information Processing Standards FIPS 140-2 defines a framework and methodology for NIST's current and future cryptographic standards. The standard provides users with the following: ! A specification of security features that are required at each of four security levels ! Flexibility in choosing security requirements ! A guide to ensuring that the cryptographic modules incorporate necessary security features ! The assurance that the modules are compliant with cryptography-based standards. The Secretary of Commerce has made FIPS 140-2 mandatory and binding for U.S. federal agencies. The standard is specifically applicable when a federal agency determines that cryptography is necessary for protecting sensitive information. The standard is used in designing and implementing cryptographic modules that federal departments and agencies operate or have operated for them. FIPS 140-2 is applicable if the module is incorporated in a product or application or if it functions as a standalone device. As currently defined, the security of neither 802.11 nor Bluetooth meets the FIPS 140-2 standard. Federal agencies, industry, and the public rely on cryptography to protect information and communications used in critical infrastructures, electronic commerce, and other application areas. Cryptographic modules are implemented in these products and systems to provide cryptographic services such as confidentiality, integrity, nonrepudiation, identification, and authentication. Adequate testing and validation of the cryptographic module against established standards is essential for security assurance. |
Find more freelance jobs
|
