W&M 2009 – Top Ten Wireless Security Myths

www.liplc.comCommercial In Confidence

Top 10 Myths of WirelessComputing

[email protected]


GSM Coverage


• Estimated that 80% of Global Marker uses GSM

• 3 Billion Users

• 212 Countries

• Data Services– GSM Release '97 = GPRS– GSM Release '99 = EDGE– 2001 = First Commercial Use of 3G

Some Statistics


With a 20 year history andWith a 20 year history andsuch a ubiquitous use of technologysuch a ubiquitous use of technology

surely Wireless Computing issurely Wireless Computing iseasy?easy?


Goal of Presentation

Outline top 10 Myths of Wireless Computing


• Myth 10• Myth 9• Myth 8• Myth 7• Myth 6

– Myth 5– Myth 4

• Myth 3• Myth 2• Myth 1

Agenda


Myth 10

Mobile Data isEverywhere


Mobile Data is Everywhere

•YES IT IS!! But…

•3G Certainly isn’t•GPRS not always appropriate•WAN coverage not ubiquitous•Hot Spots not secure•Use of Enterprise & Private WiFi may lead to out of control policy


Myth 9

High SpeedData Access is Here!


High Speed Data Acess is Here

•Wireless is an inherently shared media and also…•Example 1 – 3G

•Max Stationary 14.4Mbps•Likely when moving in vehicle

•184Kbps•Example 2 – 802.11G

•Max 54Mbps•Likely when traditional cell planning applied 18/12/9 Mbps divided by 10,20,30 or more users..


Myth 8

WirelessData is pretty reliable these days


Wireless Data is Reliable

•Just like when your mobile voice call drops between cells, data connectivity will drop between cells.

•Data stream will be interrupted•Sessions will drop•IP Addresses will change•Persistence cannot be guaranteed


Myth 7

Private APN’sprovide endto endSecurity


Private APN’s = End to End Security

•Private APN’s secure databetween the SIM and the operator network

•By default backhauleddata is not secured


Myth 6

Traditional VPN’sWork wellFor MobileWireless Devices


Traditional VPN’s

•Traditional VPN’s inherentlydesigned for a connected world – have no comprehension of wireless considerations


Myth 5

IPSecworks wellForWirelessJust like on my desktop PC


IPSec

•Source IP Address needs to remain constant• Will not survive coverage gaps•Will not survive network media transitions WLAN>WWAN etc•New protocols such as MOBIKE suffer same underlying problems


Myth 4

SSL Works well for Wireless Just like on my desktop PC


SSL

•ActiveX, Java or Win32controls required that are not consistent across all mobiledevices•Can’t handle roaming without data loss•Can materially degradeperformance due to chatty nature of TCP – not great for GPRS..


Myth 3

ApplicationsNeed to beRe-writtenTo work well over Wireless


Application Re-Writes

•Actually this is traditionally true, however…

•There are specialist technologies out there that solve the problems of desktop applications being unaware of either poor or non existent bandwidth•These technologies can seamlessly keep applications working whilst on the move


Myth 2

Users will need re-training to make best use of wireless


User Training

•Well implemented wireless working should look and feel as normal as working at the desktop for a standard user

•Best Practice•Same authentication mechanisms.•Seamless roaming.•Same Apps.


Myth 1

Mobilising Workforces using wireless technologies is easy..


Mobilising Workforces is easy

Vast experience in best practice when it comes to getting folks mobile

Unique technology that keeps workers connected


Goal of Presentation

Outline top 10 Myths of Wireless Computing


www.liplc.com

W&M 2009 – Top Ten Wireless Security Myths

Technology

wireless data

mobile data

wireless technologies

wireless working

best use of wireless

mobile wireless devices

data loss

data connectivity