Chapter 10 Exercise 29

29. The company would like to give wireless devices to the medical staff to give them access to the data while talking with patients. Research the potential security issues and describe a solution that would protect the privacy and security, and remain usable.

The overarching issue with wireless is that it is a broadcast that can be easily intercepted. Since the main problem arises in data transmission, the solution is to encrypt all data flows. Wireless standards are evolving, but still somewhat limited. Two or three wireless encryption standards exist. Most suffer from problems with key distribution. If you use the wireless devices to handle security, the most effective is a Radius server to handle authentication and key distribution. However, a simpler solution exists. Build the application as a Web application and install a security certificate on the server. All transactions�whether wireless or wired�will use SSL to connect to the application; which encrypts the data at the browser level before it even gets to the network. (So you can answer the question without even looking at wireless issues.)