The Network Sweet Spot
Biometric option helps to make wireless networks more secure
- By Gary Bradt
- Sep 01, 2006
THE shelves in the Wi-Fi network candy store are filling up with the newest products fresh from the factory. These products are primed, promising to sweeten every Wi-Fi network administrators' palate with prized, golden tickets of the best Wi-Fi network security features. And biometrics technology seems to be the flavor of choice for network integration.
Amid all of the security threats, breaches and worry, Wi-Fi and mobile devices continue to progress. Laptops have been outselling desktops in the United States for more than a year, according to the research firm Current Analysis. A significant indicator is most likely due to the majority of laptops featuring Wi-Fi capabilities.
However, even with the constant invention and upgrade of Wi-Fi network (WLAN) security, overall public and corporate paranoia about security threats continues to build. Late last year, Gartner, an IT research and advisory company, asked 200 business technology groups in North America and Europe how they felt about WLANs. The response was that 64 percent plan to increase wireless deployments in the next six months; nonetheless, security is still their top concern.
Continued security threats and actual breaches can give cause to worry whether your laptop or PDA is really secure from hackers in a home Wi-Fi network, corporate or public hotspot. Take into consideration that Gartner estimates two-thirds of critical corporate data resides on employee workstations or notebooks, not on servers, intensifying the worry.
According to Computer Associates, a producer of IT management software, almost 85 percent of large U.S. enterprises admit to having suffered an IT security incident over the past 12 months, and the number of breaches continues to rise by 17 percent since 2003.
Amid all of the security threats, breaches and worry, Wi-Fi and mobile devices continue to progress. Laptops have been outselling desktops in the United States for more than a year, according to the research firm Current Analysis. A significant indicator is most likely due to the majority of laptops featuring Wi-Fi capabilities. The proliferation of mobile devices, as well as home, public and enterprise WLANs is sure to continue. According to JiWire, a provider of information and services to help mobile professionals and computer enthusiasts find and connect to the wireless Internet, there was an 87-percent increase in hotspots worldwide from 2004 to 2005.
Yes, mobility is great for the majority of users, but it can be troubling for IT security personnel and the unlucky users who have had their devices and data hacked, cracked, pirated and destroyed. IT professionals are not just concerned about the security of their corporate WLAN, but the many hotspots that mobile employees are working within, including their home WLANs.
Last year, a virus was created that could jump from cell phones to PCs. And, according to McAfee, more than 200 malware programs appeared in 2005 that were designed specifically for mobile devices.
Of course, viruses, malware and spyware are only a few of the security threats, or data destroyers, that the mobile computing society must be prepared for and fight against. Identity theft and corporate terrorism have become very real and tragic events, not just hot buzzwords.
An Armory of Security
Although the growth of Wi-Fi looks promising, manufacturers and service providers are still trying to find security measures that can actually prevent security breaches.
Users want to employ traditional, in-the-box network defense solutions, such as firewalls and VPNs, and be able to layer that with intrusion prevention and authentication on access points and mobile devices.
Even with these measures in place, a major concern is that unauthorized users are able to connect to the network and misuse enterprise resources. Due to such concerns, many enterprises either use the evolving security technology reluctantly or have postponed its use until all security issues are adequately addressed, measures proven, and complexity and costs to implement greatly reduced.
There is a numerous amount of security measures that have been invented and employed, including those based on the 2004 Wi-Fi security standard (the IEEE's 802.11i) and the Wi-Fi Alliance's closely-related implementation protocol, the Wi-Fi Protected Access 2 (WPA2).
Both users and providers can do a lot to layer security measures on a Wi-Fi network, from firewalls to passwords. First, employ the list of security measures that are suggested in manuals that come with access points and other Wi-Fi infrastructure products. Also, consider measures such as using a VPN, keeping a clean wireless networks preferred list, enabling security on your router, picking a new password, enabling Web-mail security, refraining from supplying your SSID, turning on MAC addressing, disabling ad-hoc mode, enabling WPA encryption instead of WEP and disabling remote administration.
Who Are You, Really?
This multi-layered, Wi-Fi security approach still does not answer the question that should be asked of everyone trying to access a network: "Are you really who you say you are?"
Identity management with biometric authentication has evolved as the highest form of security to answer this question. This evolution is helping drive the growth of devices with embedded biometric scanners and plug-and-play, biometric Wi-Fi peripherals. Most of these devices feature scanning technology of the most historically popular human identifier, the fingerprint.
Microsoft, the International Biometric Industry Association (IBIA) and BioAPI are of the entities driving market growth. In fact, Microsoft is integrating biometric authentication technology into its next version of Windows®, which further validates the technology and its broad adoption.
The greatest advantage of biometric identity management technology is based on who you are, rather than what you possess or what you know, such as an ID card or password. Biometrics is not necessarily supposed to replace the existing methods of identification, but to strengthen them or to build upon them.
The use of a fingerprint for authentication has been on the rise, as people have discovered many problems with password and token-based systems. In the last few years, the number of online accounts each user has increased significantly. It is not uncommon for people to have 15 online accounts, and remembering this many passwords is not an easy task, especially for accounts that are not frequently accessed. To solve this problem, people typically write their account information on paper. The difficulty in managing many passwords also results in an increasing number of calls to IT support departments for help. A similar problem occurs with hardware tokens for authentication.
This leaves users carrying many tokens --one for each account. In addition, it is easy to lose hardware tokens. Fingerprint-based authentication provides a solution to all of the problems associated with passwords and hardware tokens. Since fingerprint technology has become affordable and reliable, its use in user authentication is on a rapid rise.
Enter Biometric Fingerprint Technology
Market growth of fingerprint technology also has been dependent on the demand for a quick, cost-effective and secure way to identify people. These demands also are major considerations for Wi-Fi access and use. Recent developments to match these requirements in Wi-Fi network fingerprint technology has produced a DSP-based network authentication device that connects to Wi-F,i WPA-compliant access points.
This Wi-Fi network biometric security device communicates directly with fingerprint readers connected to mobile devices to control access at the first point of contact to the network -- the Wi-Fi access point. SX-650 NetGuard from Silex Technology is the latest in Wi-Fi network biometric security technology.
Wi-Fi network owners need a secure way of authenticating users, not just their equipment, and answer very specifically who is using their equipment to connect to the network, where they are getting access from, and what data they are accessing on the network or on the Internet. Forcing users to physically authenticate themselves using the fingerprint reader helps prevent others from accessing the network while roaming spots such as a campus, house, hotel room, a seat next to you or in a car.
Exponential Acceleration
Biometric fingerprint technology can be used for numerous applications such as financial services for secure checking or ATM transactions or for government employee identification.
Biometrics will continue to evolve and drastically influence many private enterprises and the government. By combining its capabilities and benefits with Wi-Fi, concern over common WLAN security issues concedes to confidence, and both technologies can flourish, even tempting those who do not have a sweet tooth to the Wi-Fi network candy store of innovation.
This article originally appeared in the September 2006 issue of Security Products, pgs. 66-67.