Many people think of computer security in terms of secrecy or confidentiality. Equally important to computer security are data integrity, authentication, and systems availability. In mobile location services, it is not only important to keep customer information and commerce transactions confidential, but to keep account records from being corrupted or modified and to make sure that the system is resistant to denial of service attacks. Denial of service attacks can prevent service delivery, and are the most potentially devastating attack a mobile location service application can face. Security breaches damage consumer confidence and brand equity.
When considering security for your mobile location services architecture, it is important to think about the following components that interact to provide a complete security infrastructure:
It is important that these components be integrated to improve the quality of the security system. The process category includes corporate security policies and procedures for creating, using, storing, and disposing of data, including the networks and systems on which the data resides. Examples of physical security include key cards, door locks and keys, identification badges, security cameras, cages, and security guards. The platform category focuses on the application-level access controls of the client and server software. Finally, the network category includes routers, switches, firewalls, and remote access devices, which are used to monitor and protect data traversing the network or using an application. A complete security infrastructure is beyond the scope of this book. Although wireless technologies have various limitations with regard to security, for the most part, standard security procedures still apply. This chapter focuses on how wireless is different, and the specific wireless authentication and security issues to be aware of in developing a mobile location service application. Figure 6.1 illustrates the application server security component of the platform layer of your mobile location services architecture.