|
|
Programming Help |
Homework Help |
Counseling Astrology Advice | Tarot Advice | Parenting Dating Advice | Love Advice | Divorce Advice Legal Advice | Debt Advice | Career Advice W IRELESS N ETWORK S ECURITY 4-20 Bluetooth is still a relatively new standard. Given that a number of vulnerabilities have been discovered, the standard is likely to continue to evolve and improve the built-in hardware security mechanisms. Many of the problems cannot be simply fixed by the user. The security problems, or possible security problems (security is not known fully), will exist until the Bluetooth SIG addresses them. Products that are released into the market now may exhibit some vulnerabilities. Some of the hardware solutions outlined for 802.11 WLANs in Section 3 may also be appropriate for Bluetooth devices. Because Bluetooth-enabled devices are not yet widely available, the market has not developed robust security solutions. Trusted third-party (TTP) authentication should be considered when it becomes available. TTP centralizes authentication, and as long as the TTP remains secure and trusted, the trustworthiness of the devices is not a concern. Centralized key management authority, which is similar to TTP authentication, is another possibility. Centralized key management, unlike TTP, maintains and distributes keys, so that only trusted devices have access to the secure keys. Jini is an emerging technology that allows for instant recognition of new devices in a network. It can be viewed as the next step (after the Java programming language) toward making a network look like one large computer. Jini promises to make devices capable of attaching to a network independent of an operating system. Equipped with its own, special-purpose operating system, the device could connect to a network and immediately be shared by devices with different operating systems (e.g., Windows, Macintosh, and UNIX). Mobile devices could easily connect to a network so that others could use the device. In the Jini architecture, each new device that is added to the network immediately defines itself to the network device registry. Thus, when users plug in devices such as printers, storage devices, and speakers, every other computer, device, and user on the network immediately knows that a new device has been added and is now available. In the future, Jini may serve as a form of TTP, operating on a host device (e.g., a laptop computer or PDA) to authenticate devices on the network. Jini may also monitor device usage by tracking device authentication and network access. As Bluetooth technology matures over the next few years, the built-in security features will mature and additional add-on solutions will appear in the market. 4.6 Bluetooth Security Checklist Table 4-5 provides a Bluetooth security checklist. The table presents guidelines and recommendations for creating and maintaining a secure Bluetooth wireless network. For each recommendation or guideline, three columns are provided. The first column, the Best Practice column, if checked, means that this entry represents something recommended for all agencies. The second column, the "Should Consider" column, if checked, means that the entry's recommendation is something that an agency should carefully consider for three reasons. First, implementing the recommendation may provide a higher level of security for the wireless environment by offering some additional protection. Second, the recommendation supports a defense-in-depth strategy. Third, it may have significant performance, operational, or cost impacts. In summary, if the "Should Consider" column is checked, agencies should carefully consider the option and weigh the costs versus the benefits. The last column, the "Status" column, is intentionally left blank and allows an agency to use this table as a true checklist. For instance, an individual performing a wireless security audit in a Bluetooth environment can quickly check off each recommendation for the agency, asking, "Have I done this?" |
Find more freelance jobs
|
