Monday, October 10, 2005

Is RFID secure?

NETWORK WORLD NEWSLETTER: JOANIE WEXLER ON WIRELESS IN THE
ENTERPRISE
10/10/05
Today's focus: Is RFID secure?

Dear networking.world@gmail.com,

In this issue:

* Perform due diligence with RFID security
* Links related to Wireless in the Enterprise
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by CrossTec Corp

Try it Free: Secure NetOp Remote Control

Centralized security and logging help you meet today's auditing
and compliance requirements! Provides fast, secure LAN & WAN
remote access and support. Offers robust file transfers &
scripting, integrates with SMS & other management tools. Launch
NetOp from desktops, browsers, Pocket PCs or USB drives.
Download evaluation software today.
http://www.fattail.com/redir/redirect.asp?CID=117048
_______________________________________________________________
WHAT'S THE WIMAX STORY?

We've all heard the ebb and flow of WiMAX enthusiasm - ranging
from "it'll take over the world" hype to "it's already a bust"
anti-hype, and everywhere in between. If you are curious as to
where WiMax stands or need a refresher on what it is all about,
click here for the WiMAX story:
http://www.fattail.com/redir/redirect.asp?CID=117129
_______________________________________________________________

Today's focus: Is RFID secure?

By Joanie Wexler

At a seminar I recently attended, a roar of contention arose
over the state of security for enterprise-scale RFID systems.

Most notably, EPCglobal Gen 2 standards currently lack
over-the-air data-stream encryption between passive RFID tags
and readers, though there are provisions for locking RFID tag
memory and disabling tags. EPCglobal Gen 2 is the current
standard for how passive tags affixed to items and encoded with
information about them communicate wirelessly with readers,
which collect that information and pass it to upstream
applications.

Some of the start-up vendors at the seminar, sponsored last
month by the Silicon Valley - China Wireless Technology
Association, were willing to shrug the current state of RFID
security off as "good enough." Others warned that such an
attitude could be repeating the mistakes of Wi-Fi, where
overlooking security concerns early in the game could come back
to haunt.

Seminar presenter Vijay Sarathy, director of product marketing
and strategy for RFID from Sun, told me that without encryption,
"Anyone within range can query a tag and find out what's on
them. As we get better performing tags, the longer the range
will be over which the tag will transmit." The implication is
that longer range means more potential intruders.

Sarathy said RFID tag-to-reader encryption is "being worked on,"
but has been challenging because passive RFID tags are powered
by readers, then reflect back a signal communicating their
information, with little power left over to set up an encryption
channel.

However, Sarathy acknowledged that "you're not going to get a
whole lot of information by reading one tag or set of tags. You
need more information on movement in the supply chain."

But lack of encryption can aid in petty breaches, and might make
it possible to corrupt data.

Darren Suprina, chief security architect at Innovativ, a systems
integrator in Edison, N.J., suggests treating an RFID tag like
any other device connected to your IT infrastructure. For
example, consider encrypting the information on the tag, if you
believe the risk justifies it.

"Do due diligence for tag security as you do for servers,
workstations and Wi-Fi [devices]," he says. He notes that some
organizations may not care if a hacker discovers how many rolls
of paper towels they have in inventory, but a manufacturer of
avionics equipment might.

The top 5: Today's most-read stories

1. Microsoft sets roadmap for corporate malware software
<http://www.networkworld.com/nlwir8397>
2. Symantec AntiVirus Scan Engine has serious bug
<http://www.networkworld.com/nlwir8398>
3. Bank of America notifying customers after laptop theft
<http://www.networkworld.com/nlwir8399>
4. Cisco pushes new security software
<http://www.networkworld.com/nlwir8205>
5. WLAN QoS specification approved
<http://www.networkworld.com/nlwir8400>

_______________________________________________________________
To contact: Joanie Wexler

Joanie Wexler is an independent networking technology
writer/editor in California's Silicon Valley who has spent most
of her career analyzing trends and news in the computer
networking industry. She welcomes your comments on the articles
published in this newsletter, as well as your ideas for future
article topics. Reach her at <mailto:joanie@jwexler.com>.
_______________________________________________________________
This newsletter sponsored by Nortel
Building the Mobile Enterprise Online Expo

The workplace is changing rapidly. Employees need to be
untethered from their desks while remaining connected and
accessible. This online event helps you solve your enterprise
mobility challenges by bringing together industry leaders,
including Nortel's CTO and CIO and RIM's VP Enterprise Systems,
to discuss the hottest topics in enterprise mobility. Broadcast
live to your desktop on Nov. 8, 2005. Register today!
http://www.fattail.com/redir/redirect.asp?CID=117304
_______________________________________________________________
ARCHIVE LINKS

Archive of the Wireless in the Enterprise newsletter:
http://www.networkworld.com/newsletters/wireless/index.html

Wireless research center
Latest wireless news, analysis and resource links
http://www.networkworld.com/topics/wireless.html
_______________________________________________________________
EXCLUSIVE HOW-TO WEBCAST - Proactive Endpoint Security.

You can't have a winning endpoint security solution until you
can define it: Easy to deploy and manage, simple to use, minimal
user impact, real-time monitoring and notification, flexible
reporting and low total cost of ownership.
http://www.fattail.com/redir/redirect.asp?CID=117113
_______________________________________________________________
FEATURED READER RESOURCE

IT PROS SHARE THEIR TALES OF MAKING ITIL WORK

Running an enterprise network is challenging. IT organizational
change can be even more so if managers don't balance efforts
proportionally across people, process and technology.
Implementing best practices frameworks such as Information
Technology Infrastructure Library (ITIL) can help, but they
introduce their own set of challenges. Click here for more:

<http://www.networkworld.com/news/2005/092205-itil.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: networking.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)