A new publication from the National Institute of Standards and Technology (NIST) provides technical guidance to government agencies and other organizations interested in mitigating risks with WiMAX (Worldwide Interoperability for Microwave Access) networks.
WiMAX is a wireless network protocol that can cover an area of a few square kilometers, such as a college campus or a small town. Its reach is greater than the more familiar "WiFi" networks employed in offices, homes or coffee shops—with typical ranges in the tens of meters—but smaller than wireless areas covered by cell phones. The technology, guided by standards issued by IEEE, originally was designed to provide last-mile broadband wireless access as an alternative to cable, digital subscriber line (DSL) or T1 service. In recent years, its focus has shifted to provide a more cellular-like, mobile architecture to serve a broader audience.
Emergency WiMAX nets have been used in disaster zones where the communication infrastructure was destroyed, such as along the coast of the Gulf of Mexico after Hurricane Katrina.
Special Publication 800-127 "Guide to Security for WiMAX Technologies" discusses WiMAX technology's topologies, components, certifications, security features and related security concerns. It covers the IEEE 802.16 standard for WiMAX and its evolution up to the 2009 version.
The main threats to all wireless networks are denial of service attacks, eavesdropping, message modification and resource misappropriation.
SP 800-127 recommends taking advantage of built-in security features to protect data confidentiality on the network. It also suggests that organizations using WiMAX technology should:
- Develop a robust WiMAX security policy and enforce it.
- Pay particular attention to WiMAX technical countermeasure capabilities before implementing WiMAX technology.
- Use WiMAX technology that supports Extensible Authentication Protocol methods as recommended in NIST SP 800-120 (available at http://www.csrc.nist.gov/publications/PubsSPs.html#800-120.)
- Implement Federal Information Processing Standards-validated encryption to protect their data communications.
Special Publication 800-127 "Guide to Security for WiMAX Technologies" is available online at http://csrc.nist.gov/publications/PubsSPs.html#800-127.