Software based threat management and secure access solutions will be as essential as ever, with a typical security infrastructure comprising components such as firewalls, virtual private networking (VPN), Internet key exchange (IKE) tunneling, and intrusion prevention systems (IPS), each of which reside at the application layer of WiMAX Infrastructure .
For example, in an WiMax mesh network installation where routers or gateways will operate as intermediaries, or hot spots linking client and base station, there is an increased potential of security vulnerabilities, as the intermediary routers that reside between base station and client are presentable and vulnerable to attacks. Popular application level services, such as voice over Internet protocol (VoIP), could be broken by hackers who can initiate the download of remote configuration settings and re synchronize clients’ CPE settings to their specifications. Hackers may also replicate, or spoof the address of the intermediary router or server and deceive other clients into believing their connection is secure, thus opening them up to malicious attack. These routers and gateways will require robust security measures to ensure that unprotected clients remain protected behind the intermediary access point. (Lei Han, 2006)
The majority of existing routers will have their own firewall components that provide Application Layer Gateway (ALG) functionality for the signalling protocols that support and keep multiple sessions. Any deficiency in the Application Layer Gateway (ALG) functionality could result in diminished QoS for low latency applications, such as VoIP and videoconferencing. OEMs must develop devices with Application Layer Gateways (ALG)s that permit inward call requests to the devices only from the device registered with the server and endpoints, while dynamically allowing inward media packets only on call set up. These media sessions are to be disabled on termination of the connection. (Lei Han, 2006)