SECURING WiMAX WIRELESS COMMUNICATIONS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology U.S. Department of Commerce Many government and business organizations are using wireless networks, enabling their employees and contractors with wireless-enabled devices, such as smart phones, to connect to the Internet and theorganization’s networks. Wireless networks support increased flexibility for organizations, and easier and less costly installations than wired technologies. Wireless technologies use radio waves instead of direct physical connections to transmit data between networks and devices. While supporting ease of use and installation, and a mobile workforce, wireless networks like any other communicationnetwork are vulnerable to risks that could compromise the confidentiality, integrity, and availability of information systems and information. Without proper security precautions, information can be intercepted and altered more easily than when transmitted through physical connections. The U.S. Government Accountability Office (GAO) recently analyzed leading security practices of federalgovernment organizations for deploying and monitoring wireless networks and technologies in its report, Federal Agencies Have Taken Steps to Secure Wireless Networks, but Further Actions Can Mitigate Risk (GAO-11-43, November 2010). The GAO recommended that federal agencies implement additional practices to secure their wireless networks, and that governmentwide oversight of wireless networks be improved.The Information Technology Laboratory of the National Institute of Standards and Technology (NIST), which is responsible for developing standards and guidelines for information security under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347, has issued several publications explaining secure wireless communications and recommending good practices for protectingwireless transmissions; the most recent is NIST Special Publication (SP) 800-127, Guide to Securing WiMAX Wireless Communications. WiMAX is a widely used technology for communicating over wireless metropolitan area networks (WMANs). These networks, which provide services over an area approximately the size of a city, are usually operated by an organization such as an Internet service provider, agovernment agency, or a business. The term WiMAX was originally an acronym standing for Worldwide Interoperability for Microwave Access, but it is no longer used as an acronym. WiMAX is a trademark of the WiMAX Forum, an industry trade association that defines the content and scope of
WiMAX technology and publishes technical specifications, which are based on voluntary industry standards. NISTSpecial Publication 800-127, Guide to Securing WiMAX Wireless Communications: Recommendations of the National Institute of Standards and Technology Written by Karen Scarfone (formerly of NIST) and by Cyrus Tibbs and Matthew Sexton (of Booz Allen Hamilton), this publication provides information to organizations about WiMAX security capabilities. WiMAX is based on the Institute of Electrical andElectronics Engineers (IEEE) 802.16 family of standards, which were developed through consensus-based standards development processes. The guide discusses the security of the WiMAX air interface and of user subscriber devices, including security services for device and user authentication; data confidentiality; data integrity; and replay protection. NIST recommends specific courses of action thatfederal agencies can take to improve the security of their wireless communications; these recommended practices can also assist other organizations considering the implementation of WiMAX systems. NIST SP 800-127 explains the technology components that compose the WiMAX operating environments, the development of the IEEE 802.16 family of standards, and the product certification program conducted by...
Ler documento completo
Por favor, assinar para o acesso.