1 / 15

Handhelds & Wireless Devices What’s the threat?

Handhelds & Wireless Devices What’s the threat?. Eric Peterson Vice President STAR COMPUTERS epeterson@starcomputers.com. Agenda. Wireless Technology Timeline Common Terminology Home and Business Devices Common Types of Wireless Security Real World Concerns and Threats

mabli
Télécharger la présentation

Handhelds & Wireless Devices What’s the threat?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Handhelds & Wireless DevicesWhat’s the threat? Eric Peterson Vice President STARCOMPUTERS epeterson@starcomputers.com

  2. Agenda • Wireless Technology Timeline • Common Terminology • Home and Business Devices • Common Types of Wireless Security • Real World Concerns and Threats • Wireless Security Best Practices • Questions

  3. TimeLine • Fall of 1999 wireless 802.11b products start shipping • 2000 Microsoft releases Windows 2000 with built in Wireless Support • 2001 Starbucks announces Hotspot launch • 2002 Lucent Technologies demonstrates a seamless handoff between Wi-Fi and 3G cellular networks, enabling users to roam between the two without interrupting their Internet sessions • 142.8 million total smartphone users by end of 2011.

  4. Wireless Terms • 802.11 (802.11b) (802.11g) (802.11n) - this is WiFi • WLAN - wireless local area network • Bluetooth – a wireless technology used to connect devices to each other, short range • SSID- service set identifier, a 32-character unique identifier attached to the header of packets sent over a WLAN. The SSID differentiates one WLAN from another • Hotspot –a site that offers Internet access over a wireless local area network through the use of a router connected to a link to an Internet service provider • AP -Wireless access points (APs or WAPs) are specially configured nodes on wireless local area networks (WLANs). Access points act as a central transmitter and receiver of WLAN radio signals.

  5. Wireless Everything • Mobile/Smart Phones • Laptops/Tablets • Printers/Scanners • Televisions/Appliances • Credit Card Machines • Video/Surveillance Cameras

  6. SmartPhones • Smartphones are mobile phones(personal devices) with: • Internet access • Easily-programmable OS • Rich sensing and communication capabilities • Extra capabilities: Sensors: camera, motion, GPS (location) • Communications: cellular, Bluetooth, Wi-Fi • PC-like functionality

  7. Handheld Devices • Blackberry • IPOD/IPAD • Droid O/S Devices • Windows Phone • Palm • Symbian

  8. Wireless Security Types • OPEN – is exactly that open to all without any security • WEP – (Wired Equivalent Privacy) WEP has three settings: Off (no security), 64-bit (weak security), 128-bit (a bit better security). WEP is not difficult to crack, and using it reduces performance slightly • WPA/WPA2 – (Wi-Fi Protected Access) successor to WEP that is more difficult to crack. WPA is comparable to having a single lock on your front door, and giving a key to everyone you want to give access to. Keys can be shared. The challenge with WPA is removing someone requires the entire network to be re-keyed and new keys re-distributed to valid users. • 802.1.x - enterprise-level security frequently deployed by Fortune 500 companies with a RADIUS Server, eliminates the common key problem by providing a unique key for each valid user every time they enter the network.

  9. Why be concerned? • Sensitive information often exists on these devices. • Employees want to access enterprise data and applications from personal devices. • The use of personal devices increases the risk to any information that is stored on or that can be accessed by those devices. • Regulations associated with sensitive information (HIPPA)(SOX) drive the need for certain controls

  10. Threats • Users ability to copy information to the devices or send information from the devices • Direct attack over a network connection • Malicious software • Rogue AP’s • Conduit for exploits to LAN • Iphone (bad apps) jailbreaking • Physical loss or theft of the device ……

  11. Lost! • 30% of mobile devices are lost each year (SANS Institute) • 31,544 mobile phones were left in NYC taxicabs during a 6 month period in 2008 (Credant Technologies) • These devices contain: corporate data, corporate e-mail and contacts lists, enterprise access rights • Threat of Bluetooth exploits: bluejacking and bluesnarfingBluejacking: unsolicited image, text, etc. sent to mobile phone over Bluetooth • Bluesnarfing: unauthorized phone access via Bluetooth, can result in theft of contacts, calendar, etc.

  12. Best Practices • Enable Auto-Lock • Enable Passcode Lock and power on lock • Keep device up to date • Provision for Remote device Wipe • Known Ap’s with WPA (Wi-Fi Protected Access) Security • Deactivate unnecessary wireless interfaces such as Bluetooth (only way to prevent bluesnarfing)

  13. Best Practices cont.. • Use Mobile Device Management Systems: Blackberry Enterprise Server, Good Technology • Establish policies on what information can and can not ne stored on devices • Consider Company supplied devices vs. supporting employee owned devices

  14. Conclusion • Handhelds no more or less vulnerable then any computer • Currently few malware or virus exploits in the wild…….. expect an increase • Keep device up to date • Strong passwords, remote wipe, and use of WPA • Though the iPhone has made some significant gains in recent days toward become a suitable business smartphone, its target user is still the consumer use third party security package

  15. Questions???? • epeterson@starcomputers.com

More Related