Being able to connect any computing device to any other, irrespective of location, is a blessing coupled with security pitfalls. For an individual, free access to any resources on the Internet is enormously powerful. For anyone concerned with corporate security, it is a major headache exposing the trove of corporate confidential information assets, both to unauthorized access and potential misuse, as well as exposure to viruses, works, and other digital pollution.
If a remote LAN is
connected to the Internet it is almost certainly protected by a firewall. The
identification for access control and authority is normally the IP address of
the calling device. Thus the firewall for a corporate LAN is normally configured
to only permit external access by devices which have an IP address which is
within a predefined range, or has been uniquely registered. Where the device is
one which is normally used within the LAN, and is calling in via some form of
Remote LAN Access (RLA) technology, the firewall will identify it correctly and
thus grant access to the device. If the same device attempts to establish a
connection across the public Internet via an ISP, then it will normally inherit
a new IP address–allocated by the
ISP for the duration of the session–and thus look like a foreign and potentially unwelcome visitor.
The situation is
similar upon arrival of the mobile device at a remote site. In this instance,
the device is allocated a new IP identity within the subnet in order for it to
be accepted by, and receive network services from, the local routers and devices
within the subnet.
This situation is
further complicated by mobile devices which will exist within an IP subnet only
for as long as they are in transmission range of the subnet. Firewalls therefore
need to become a good deal more sophisticated in their recognition of mobile
devices, if the user is to obtain a consistent access and service experience in
accordance with their AAA (Authentication (who am I), Authorization (what am I
allowed to do), and Accounting (how do you charge me for it)) profile regardless
of their location.
There is much work
currently underway in the Internet Engineering Task Force (IETF) to define the
AAA requirements of mobile IP.
Many in the
telecommunications industry claim that the IETF work is a duplication of effort.
Cellular network operators have been able to authorize, authenticate, and
account (bill) for voice call roaming for nearly a decade, and GSM data services
such as SMS are already enabled for roaming across national boundaries with all
the inter-network and customer billing taken care of within the infrastructure
of the network. Notwithstanding these views, there is a clear need to bridge the
Internet and telecommunications world. It would appear that the Mobile Wireless
Internet Forum aspires to fulfil certain aspects of this need by bridging the
old world of customer service and billing and the all new IP-based networks of
the future.
The Open Group should
be to monitor closely the activities of the IETF Mobile IP and Security
working group and the Mobile Wireless Internet Forum (MWIF) to assess the extent
to which the problems of AAA in the wireless space are being effectively
addressed.
Existing Open Group
enterprise integration activities addressing Security and eCommerce (LDAP-based),
Directory Interoperability, and Enterprise Management are clearly synergistic
with the needs of the wireless environment. The Open Group is able to bring together
experts from the Mobile Management Forum and its existing programs to ensure
that the wireless needs are addressed in a way that ensures smooth integration
with existing enterprise systems.