Along with the comprehensive security built into the GSM/GPRS, EDGE, and UMTS/HSDPA network technologies, AT&T has enhanced its network with additional security features. Resulting key benefits include:
- Protection of user identities
- Protection against unsolicited data at the mobile station
- Authentication of the mobile station against credentials stored in the Subscriber Identity Module (SIM) card
- Use of passwords for user access (optional)
- Encryption of user data over the radio link
- Use of dynamically generated encryption keys (per session) between the mobile system and the network (periodic key updates also possible)
- Alternative secure options (frame relay and Virtual Private Network) to connect customer networks to the AT&T networks
- Radius authentication for subscriber validation (UMTS only)
Looking at security over the entire network, from the mobile station to the fixed-end system, the connection has three segments, each with its own security mechanisms:
- Radio link. Employs authentication and encryption mechanisms built into the network technologies.
- GPRS/EDGE/UMTS infrastructure network. Employs a private network and firewalls to block unsolicited traffic.
- GPRS/EDGE network to customer network connection. Relies on two different secure fixed-end connection options, frame-relay permanent-virtual circuits, and Virtual Private Network (VPN) connections via the Internet. AT&T supports both these options.
The security mechanisms present in each segment make AT&T's wireless network security sufficient for most applications. You can also deploy your own end-to-end security mechanisms (for example, client-based VPN technology) at the application level. AT&T has successfully tested its network for compatibility against most of the major VPNs used in the wireless industry.
Security in Enterprise Applications
If you are using a VPN for your enterprise application, you might want to consider a wireless-specific VPN solution as these offer performance advantages through data compression and mobility management that allows you to maintain sessions even as you change the underlying network, such as moving from a WLAN coverage area to a UMTS coverage area.