Auto - Mobile Insurance

New mobile VPN technology seeks to ensure automatic security is available to the wireless world.

by / October 28, 2003
Since the 1950s, the United States has become an increasingly more mobile society. We are a culture of movers and shakers -- literally. The U.S. Census Bureau estimates 43 million people change residences each year.

That information, coupled with the fact that 58 percent of U.S. households now have two or more cars, should make it no surprise that wireless technology has become as instantly popular with Americans as bottled water or reality TV.

In fact, throughout the past decade, use of wireless technology has increased dramatically and research suggests there will be 21 million mobile users in the United States by 2007.

Cutting Wires
Freeing computers from the ties binding them to desktops means busy executives can continue to pound away on laptops and handheld devices even during a cab ride to the airport. Emergency workers can access information from the field, and public building inspectors or social workers can write up reports on location and submit them in a fraction of the time it would take to drive back to the office and complete an old-fashioned paper document.

One problem with the wireless world is simply that it is wireless. Information flowing between untethered devices shoots through the air on radio waves using the same basic technology that allows you -- every once in a while -- to overhear bits of your neighbor's cordless phone conversation.

With man's ability to control the airwaves dubious at best, security naturally concerns wireless users. The knowledge that important computer data was sharing the same public air space as microwave ovens and baby monitors only reinforced the idea that special security measures were vital to continuing wireless network proliferation.

In 1997, the Institute of Electrical and Electronics Engineers (IEEE) finally established an industry standard for WLAN operation. With the release of the 802.11 specification -- and two years later the 802.11b enhancement -- for the manufacture of WLAN devices operating in the 2.4 GHz spectrum, the wireless market explosion hit big bang proportions.

About that time, several technology innovators -- including 3Com, Nokia and Aironet (now Cisco) -- formed the Wireless Ethernet Compatibility Alliance (WECA) to ensure the rapid adoption of 802.11b products.

The group created the Wireless Fidelity (Wi-Fi) logo, so items certified as interoperable could easily be identified. Wi-Fi quickly became part of the modern lexicon, and the WECA became the Wi-Fi Alliance shortly thereafter.

Included in the new standards was an encryption mechanism designed to secure wirelessly transmitted data. Wired equivalent privacy (WEP) was supposed to make a WLAN as secure as a wired LAN, and to some extent, it worked.

Although the requirements for WEP compliance with U.S. government export restrictions for encryption have been lifted, the system remains adequate for most home or small office users.

Security Nightmare
But government agencies and large businesses sending substantial amounts of sensitive data across the airwaves continue to fret about the vulnerability of their wireless networks.

What appeared at one time to be IT paranoia actually had some merit. As wireless product use surged, a new brand of malicious hacker took to the streets -- and the air.

Known as "war drivers," "war chalkers" and "war flyers," the new age miscreants use their cars -- or even planes -- along with laptops, global positioning systems (GPS), wireless network interface cards (NICs) and antennas to locate unsecured WLANs.

Once discovered, vulnerable WLAN locations are sometimes designated by symbols chalked on the sidewalk or on the side of a building, and/or published on Internet databases along with corresponding service set identifiers (SSIDs).

Unsecure WLANs are vulnerable to stolen data, viruses, spam or attacks by other computers. Of course, just because a WLAN is located doesn't mean it is not secure. Public agencies and big businesses are securing their wireless networks with a new generation of protection methods, including wireless virtual private networks (VPN).

Virtual private network technology has existed for more than a decade and provides proven security among remote locations via the Internet. In fact, VPNs have proven so reliable and flexible, they are now being utilized as wireless solutions.

However, legacy VPNs were designed for use by stationary and point-to-point networks. Unfortunately that means traditional VPNs do not support roaming from one network to another -- LAN to Wi-Fi for example.

Another problem is VPNs do not support session persistence as needed by wireless networks. Further, legacy VPNs require manual intervention to enable and disable security.

Supply and Demand
But as with any new technology, it was only a matter of time before manufacturers caught up with the demands and needs of consumers. A new wave of wireless security systems -- mobile VPNs -- is just reaching consumers.

"A legacy VPN is just that -- legacy," said Bill Cole, CEO of Ecutel, makers of Viatores, a mobile VPN product.

Ecutel's mVPN technology consists of client-server software based on the industry standards, Mobile IP and IPSec. The system allows mobile users to move through different networks -- including wired or wireless, public or private -- without losing their connection. Viatores also allows mobile devices to roam across disparate networks as if those networks were a single network, Cole said.

"Part of the challenge for Ecutel has been convincing people that such technology is possible," Cole said.

IT staff in Glendale, Calif., didn't need any convincing, said Scott Harmon, assistant director of information services for the city, especially when they found a potential security hole.

Prior to investing in mVPN technology, Harmon said Glendale IT specialists thought they would continue using their standard security system. However, when they discovered the encryption system they used to log onto their network became inactive once a connection was established, they knew something more was needed.

"Once we found out we transmitted unencrypted, we had to do something," said Harmon. "We're going to get police officers out there writing reports. We're going to get all kinds of stuff running across the wireless LAN, so we had to do something."

Many other government agencies just now plunging into the wireless mainstream are also searching for security solutions. Without a doubt, the inscrutable law of supply and demand will once again exert its force, as millions of wireless technology users demand better and further-reaching security for their personal and business data.

"Mobile and wireless security must be as secure as when a person is at his or her desk connected to a LAN," Cole said. "We anticipate that all users will eventually need to be on a mobile VPN."
Kris Middaugh Staff Writer