Wireless Network Security (Windows Embedded CE 6.0)
1/6/2010
Unlike wired networks, wireless networks can reach beyond the walls of buildings. In many deployments, wired network security depends on the physical security of the networks behind locked doors of the buildings. You need to pass through the building security to get access to the network. On the other hand, wireless networks can be monitored and attacked from outside the walls of buildings.
To mitigate security risks, many wireless networks provide ways to encrypt transmissions. You can use simple static encryption (WEP) network keys or more advanced techniques that generate and rotate the WEP keys to provide privacy. For the most advanced protection, specifically for 802.11, you should use 802.1X industry standard as defined by IEEE. It provides for individual authentication and privacy by being able to generate and plug-in WEP keys. Furthermore, these WEP keys can be generated per user and rotated often based on the policy. For detailed information, see the IEEE Web site.
Note
802.1X is intended only for enterprise deployments. Windows Embedded CE does not support mutual authentication in wireless networks.
Windows Embedded CE uses a number of authentication methods that can be plugged in to 802.1x to customize the authentication methods. You can use simple username and passwords, certificates, smartcards, or biometrics. The EAP-MD5 supports username and passwords and the EAP-TLS supports certificate-based authentication. You can also develop your own authentication scheme. For more information, see 802.1x Authentication and the IEEE Web site.
In addition, Wi-Fi Protected Access (WPA) can be used to provide enhanced security for wireless networks. For more information, see WPA.
You should be aware of another potential security risk that is not software related. Basic interference can cause a network to slow down or stop altogether, if the RF spectrum of the network is jammed with RF noise. Although this intrusion does not compromise privacy, it poses a denial of service risk. You should work with your wireless vendor to determine the best approach to mitigate this risk.