The wireless phone environment is no more or less secure than the wireline environment, reports In-Stat. Many users are concerned with security problems based upon technology that has generally, although not universally, been replaced, the high-tech market research firm says.

The greatest threats today are mostly within the control of the end-users, such as not losing their equipment and taking care to change passwords and default settings. This exposes critical company data applications, not just email, to unauthorized access.

“A majority are concerned about Electronic Serial Number (ESN) theft through the ‘cloning’ of their phone’s information and the ability of stalkers to track their location. But carriers addressed these situations as far back as a decade ago,” says Bill Hughes, In-Stat analyst.

Recent research by In-Stat found the following:

• Smartphone users lose their devices 40 percent more often than mobile phone users.
• Too many organizations allow users to decide what technology they will use for mobile data, regardless of security implications.
• Carriers should differentiate their offerings through security training for their customers.

The research, “Mobile Security 2007: End Users Are Losing It“, covers the state of mobile voice and data security.

For WiFi networks, a new consortium is hoping to make 802.1x more pervasive by developing an enterprise-class open source 802.1x client.

OpenSEA (Open Secure Edge Access) will be dual-licensed under the BSD and GPL open source licenses, enabling the effort to be used by both commercial and open source entities.

OpenSEA members include Aruba Networks, Extreme Networks, Identity Engines, Infoblox, Symantec, TippingPoint and Trapeze Networks.

“For 802.1x you have the network infrastructure, which needs to be 802.1x-capable in your switches, cards and access points,” Sean Convery, CTO at Identity Engines and OpenSEA board member, told internetnews.com. In 802.1x jargon, the supplicant, or client, allows the end point to connect to the infrastructure.

IEEE 802.1X (wikipedia) is an IEEE standard for port-based Network Access Control. It provides authentication to devices attached to a LAN port, establishing a point-to-point connection. It is used for certain closed wireless access points, and is based on the EAP, Extensible Authentication Protocol.

Windows XP and Windows Vista support 802.1X for all network connections by default and it’s a component of Wi-Fi Protected Access (WPA and WPA2). WPA implements the majority of the IEEE 802.11i standard and is designed to work with all wireless network interface cards. WPA2 implements the full standard, but will not work with some older network cards or access points.

Posted by Sam Churchill on Monday, May 14th, 2007 at 1:41 pm.