handhelds & wireless devices what’s the threat?
DESCRIPTION
Handhelds & Wireless Devices What’s the threat?. Eric Peterson Vice President STAR COMPUTERS [email protected]. Agenda. Wireless Technology Timeline Common Terminology Home and Business Devices Common Types of Wireless Security Real World Concerns and Threats - PowerPoint PPT PresentationTRANSCRIPT
Eric PetersonVice [email protected]
Wireless Technology Timeline Common Terminology Home and Business Devices Common Types of Wireless Security Real World Concerns and Threats Wireless Security Best Practices Questions
Fall of 1999 wireless 802.11b products start shipping
2000 Microsoft releases Windows 2000 with built in Wireless Support
2001 Starbucks announces Hotspot launch 2002 Lucent Technologies demonstrates a
seamless handoff between Wi-Fi and 3G cellular networks, enabling users to roam between the two without interrupting their Internet sessions
142.8 million total smartphone users by end of 2011.
802.11 (802.11b) (802.11g) (802.11n) - this is WiFi WLAN - wireless local area network Bluetooth – a wireless technology used to connect
devices to each other, short range SSID - service set identifier, a 32-character unique
identifier attached to the header of packets sent over a WLAN. The SSID differentiates one WLAN from another
Hotspot –a site that offers Internet access over a wireless local area network through the use of a router connected to a link to an Internet service provider
AP -Wireless access points (APs or WAPs) are specially configured nodes on wireless local area networks (WLANs). Access points act as a central transmitter and receiver of WLAN radio signals.
Mobile/Smart Phones Laptops/Tablets Printers/Scanners Televisions/Appliances Credit Card Machines Video/Surveillance Cameras
Smartphones are mobile phones(personal devices) with:
Internet access Easily-programmable OS Rich sensing and communication capabilities Extra capabilities: Sensors: camera, motion,
GPS (location) Communications: cellular, Bluetooth, Wi-Fi PC-like functionality
Blackberry IPOD/IPAD Droid O/S Devices Windows Phone Palm Symbian
OPEN – is exactly that open to all without any security WEP – (Wired Equivalent Privacy) WEP has three settings:
Off (no security), 64-bit (weak security), 128-bit (a bit better security). WEP is not difficult to crack, and using it reduces performance slightly
WPA/WPA2 – (Wi-Fi Protected Access) successor to WEP that is more difficult to crack. WPA is comparable to having a single lock on your front door, and giving a key to everyone you want to give access to. Keys can be shared. The challenge with WPA is removing someone requires the entire network to be re-keyed and new keys re-distributed to valid users.
802.1.x - enterprise-level security frequently deployed by Fortune 500 companies with a RADIUS Server, eliminates the common key problem by providing a unique key for each valid user every time they enter the network.
Sensitive information often exists on these devices.
Employees want to access enterprise data and applications from personal devices.
The use of personal devices increases the risk to any information that is stored on or that can be accessed by those devices.
Regulations associated with sensitive information (HIPPA)(SOX) drive the need for certain controls
Users ability to copy information to the devices or send information from the devices
Direct attack over a network connection Malicious software Rogue AP’s Conduit for exploits to LAN Iphone (bad apps) jailbreaking Physical loss or theft of the device ……
30% of mobile devices are lost each year (SANS Institute) 31,544 mobile phones were left in NYC taxicabs during a
6 month period in 2008 (Credant Technologies) These devices contain: corporate data, corporate e-
mail and contacts lists, enterprise access rights Threat of Bluetooth exploits: bluejacking and
bluesnarfing Bluejacking: unsolicited image, text, etc. sent to mobile phone over Bluetooth
Bluesnarfing: unauthorized phone access via Bluetooth, can result in theft of contacts, calendar, etc.
Enable Auto-Lock Enable Passcode Lock and power on lock Keep device up to date Provision for Remote device Wipe Known Ap’s with WPA (Wi-Fi Protected
Access) Security Deactivate unnecessary wireless
interfaces such as Bluetooth (only way to prevent bluesnarfing)
Use Mobile Device Management Systems: Blackberry Enterprise Server, Good Technology
Establish policies on what information can and can not ne stored on devices
Consider Company supplied devices vs. supporting employee owned devices
Handhelds no more or less vulnerable then any computer
Currently few malware or virus exploits in the wild…….. expect an increase
Keep device up to date Strong passwords, remote wipe, and use of
WPA Though the iPhone has made some significant
gains in recent days toward become a suitable business smartphone, its target user is still the consumer use third party security package