Securing the Town
November 17, 2004
As more municipalities light up wireless initiatives, security vendors like AirDefense are trying to plug the vulnerabilities while keeping the network easy to use—a difficult task at best.
As more cities and wireless operators roll out urban Wi-Fi connectivity, security vendors are stepping forward to meet what some say could be significant vulnerabilities within this emerging wireless business model.
Some analysts see the deployment of large-scale outdoor WLAN as a powerful business opportunity. Blanket downtown in Wi-Fi, the logic goes, and consumers will be ever more apt to log in. But there's a red flag here, says JupiterResearch senior analyst Julie Ask.
"The thing that comes to my mind is the diversity of security requirements needed by the various constituents or potential customers. A bank has very different needs from a café, which has very different needs from my mother," she explained.
"There are also so many aspects of security," she said. "There's the issue of protecting the network from viruses. There's the issue of encryption: Typically, this is turned off for public deployments. The more potential consumers, the broader the target audience, the harder it will be."
Defining the Problem
Consider for example the Town of Addison, Texas, population 50,000. City authorities have been laying the infrastructure for widespread Wi-Fi since the spring. They expect police and fire departments to use the network at first, with a further rollout in the next year or so opening up the network for broad public access.
Security in this scenario requires a delicate balance. "In these large-scale deployments in public environments, you are looking for easy accessibility, so you cannot layer in a lot of encryption techniques and security techniques," explained Peter Evans, vice president of business development and sales for AirDefense, the company working with the town to lock down the network.
Use heavy-duty security tools, "and those can becomes a barrier to usability," said Evans. "At the same time, because it is such a large scale environment with a technically unaware public, people may not understand the security risks in that environment."
Zeis Djaja, a network specialist for the Town of Addison, has the job of striking this balance."You have to consider the residents. If you make it too hard for them to hook up, changing the WEP key every week or whatever, they are not going to want to sign up," he said. Yet the security need cannot be overstated. "Say we are trying to upload a video file from the police car. That video is not public, and we worry that somebody could tap into that file over the wireless network. On the fire-department side, we have to comply with HIPAA regulations, where any personal [medical] data has to be heavily encrypted and protected."
While vendors have only just begin to gear their services toward these emerging demands, Evans sketches the outline of what he says could make for a viable solution.
AirDefense's proposed solutions include a security barrier that relies foremost of intrusion detection. It looks not just for signs of attempted break-ins, but also at the interrelationships between devices and their behaviors. If someone's device has been commandeered without their knowledge, if for instance an unexpected ad hoc connection has been formed, the system should be able to spot the irregularity.
At that point the service provider could automatically disable the suspect connection, or notify the user of the potential breach. For this to work, though, the provider will have to set certain expectations for the user up front. "Obviously your users are going to have to understand when they sign up for the service that the service provider may take certain actions on their behalf," Evans said.
Alternately, the service provider can deliver a "personal agent," a laptop client that works in conjunction with a centralized security system. The agent could receive policy information from the central server and then sit in the background watching for risky scenarios. In case of trouble an icon would flash red to notify the user that a potentially compromising situation has emerged.
These are but a few of the many security propositions likely to emerge in the comings months as urban Wi-Fi becomes a reality. Analysts say that while the security side of the equation can ultimately be solved, other vital details remain hazy.
Specifically: What does it all mean to the bottom line?
"DSL and cable providers serving enterprises, small businesses and consumers today have tackled these [security] challenges," Ask said. "An entity doing so wirelessly will have even more challenges [and so] security will drive cost into projects."
Who will cover the added expense, in addition to the costs of initial installation and ongoing maintenance? It all remains unclear at this point.