Today’s enterprises are mobile enterprises. So deploying effective tools and policies to thwart the growing number of malicious attacks that can not only impair mobile devices, but also potentially breach enterprise security, compromise proprietary data, negatively impact regulatory compliance and legal agreements i a top priority for all such enterprises. What is important is to enable IT professionals to implement and support security in their wireless networks and mobile devices…
With the widespread proliferation of computing devices and the mobilisation of corporate workforces, organisations are constantly on the lookout for ways to leverage mobile and wireless technology capabilities. One of the most valuable ways to increase field employee productivity is to enable enterprise applications on mobile devices. What is more important is to enable IT professionals to implement and support security in their wireless networks and mobile devices.
According to Andrew nAmbokA, by extending this data out to the field, employees can enjoy the benefits of being in the office while working directly with their customers. Historically, increased productivity has resulted in increased revenue by enabling quicker response to customer requests, better quality and faster service, improved sales and renewal rates, and faster and more accurate billing, resulting in improved cash flow.
Today’s smartphones have the computing; display and memory resources of ‘Lite’ open-system computers and can download software updates and Java applets. These multimodal devices are therefore making the mobile office a reality. Access to the Internet is wireless in many offices and homes; we take ‘anytime, anywhere’ telephony for granted; and companies expect their mobile employees to function as well in the field as they do at their desk. That expectation is justified because they have complete wireless toolset devices, access services and applications.
Wireless Security Solutions for SMBs
In Volume 10 of SDA Asia Magazine, Matt Kolon talks about how wireless networks empower Small and Medium-sized Businesses (SMBs). Wireless Local Area Networks (WLAN) offer great potential to businesses, providing users with increased efficiency and productivity. The goal of WLANs is to enable users to connect to a network without having to be physically attached to it, speeding up mobility and workstation deployment. Unfortunately, because WLANs were designed with access in mind, not security, the implementation of WLANs can open up a network to risks. Two Keys to Success
The two primary areas to pay attention to in a WLAN deployment are data encryption and access authentication. Wireless Data Privacy
When shopping for a suitable solution, the router’s encryption technology is the most basic security feature an SMB should examine. Data encryption is used to protect messages from unauthorised viewing in case they are intercepted in the air. Wi-Fi routers often support the following wireless confidentiality mechanisms:
Wired Equivalent Privacy (WEP)
WiFi Protected Access (WPA) (Advanced Encryption Standard (AES) or Temporal Key Integrity Protocol (TKIP))
Internet Protocol Security (IPSec) (Triple Data Encryption Standard (3DES) or AES)
According to Matt, older authentication protocols (especially key exchange methods) are relatively more vulnerable to attack compared to newer methods. Routers may include these older encryption methods for compatibility with previously installed wireless solutions. Depending on specific needs, stages of implementation, and deployment scenarios, administrators may choose between minimal security of WEP-PSK, or maximise protection using a variant of WPA-TKIP or WPA-AES with IEEE 802.1X and both client side and server side certificates, where feasible. By supporting older security mechanisms devices allow older clients to be upgraded to these new protocols via a flexible migration.
While WLANs empower SMBs with significant business advantages, these benefits must be tempered with the use of security technologies to ensure that only appropriate people can gain access to the organisation’s valuable resources. In deploying WLANs, it is important to consider access, authorisation, confidentiality, data integrity and attack containment. When SMBs are able to leverage WLANs to bolster their success, the chances are higher these SMBs can expand into larger organisations with the resources to more fully develop customised WLAN security solutions that help pave the way for continued success.
Security for Mobile Devices
In the latest issue of SDA Asia Magazine, Ooi Szu-Khiam sys that mobility and security challenges, best practices, and technologies. Mobile devices such as smartphones, PDAs, and laptops have been an incalculable productivity boon for today’s enterprises. Mobile devices are prized for the flexibility and convenience they provide, while at the same time presenting significant challenges for IT administrators charged with managing their companies’ data and networks and keeping them secure particularly as mobile devices and networks have become more sophisticated and ubiquitous. IT managers must take a long, hard look at the ways these devices access and store corporate data to ensure they don’t pose a security risk. Know Your Options
Despite the high numbers of mobile devices that go missing, companies are apparently not doing enough employee education to help secure their mobile assets. The problem is not unique to the United States only. A recent survey in the United Kingdom revealed that nearly two-thirds of UK business users do not use a password when they log-on to their laptops, and of the users who do use passwords, 15 percent use their name and 10 percent give password details to colleagues. A third of the respondents have not changed their passwords in the past year.
The ideal solution would be to prohibit all confidential data from being stored on mobile devices, but that is neither realistic nor practical. Of course, developing company policies and procedures to minimise the risk of theft or compromised data on employees’ mobile devices should be the foremost precaution taken by IT or IS administrators.
The following safety measures could reduce the risk that confidential information will be accessed from lost or stolen mobile devices:
Provide training to personnel using mobile devices: people cannot be held accountable to secure their information if they haven’t been told how
Remove data from devices that aren’t in use: several incidents have occurred by people obtaining 'hand-me-down' mobile devices that still had confidential company data
Establish procedures to disable remote access for any mobile devices that are lost or stolen: many devices store user names and passwords for web site portals, which could allow a thief to access even more information than on the device itself
Centralise management of your mobile devices: maintain an inventory so that you know who’s using what kinds of devices
Patch management for software on mobile devices should not be overlooked: this can often be simplified by integrating patching with syncing, or patch management with the centralised inventory database
"Fortunately, security products that can detect malicious code exist for most mobile device operating systems. Security technologies that can protect both the organisation and the various types of mobile devices should also be implemented. Native mobile device security such as light encryption, basic passwords, and physical locks may deter some hackers, but rarely stymie a determined criminal", Ooi Szu-Khiam says.
According to him, a multi-layered approach to security is important; securing the end point, gateway, and network is the key. Endpoint security must go with security at the edge and core of the enterprise network; they are complementary and address different threats and entry points. That said, mobile enterprises should seriously explore the following security solutions:
Intrusion detection solutions act as a ‘security force’ inside the perimeter to spot intruders that penetrate the outer defenses
Message security solutions filter spam and other undesired messages and content at the gateway and are essential to an overall e-mail security solution
Integrated firewall/VPN and virus protection/content filtering solutions offer protection from Internet-borne threats for the desktop and can protect data without slowing performance
Anti-spyware solutions can provide real-time scanning, automatic detection and removal, and integrated tools for remediating the side effects that spyware can have on a user’s system
Policy compliance management solutions help define and enforce policies from a central location as well as probe for network vulnerabilities and suggest remedies
Administration solutions facilitate the management of hardware and software assets, and provide a way to plan, track, and apply system changes
Smartphones, PDAs, and laptops are increasingly being used in much the same way as desktop computers, putting these devices at risk of the onslaught of threats that has been seen in recent years on PCs. Today’s enterprises are mobile enterprises, and deploying effective tools and policies to thwart the growing number of malicious attacks that can not only impair mobile devices, but also potentially breach enterprise security, compromise proprietary data, negatively impact regulatory compliance and legal agreements, should be a top priority. To ensure that devices are protected against new threats, users should be able to download the latest virus protection updates when the device has access to a wireless connection.
The subject of wireless and mobile security is dealt with in detail in the latest issue of SDA Asia Magazine. This issue also focuses on how to avoid the trappings of technology churn, Information Lifecycle Management and Application Lifecycle Management, XML data management and VoiceXML. The Special Supplement on IT for Banking focuses on a spread of topics that are of particular urgency for banking – implementing Basel II internal rating systems, best practices to win the war against identity theft, practical guidelines for banks to protect customers’ confidentiality from phisers, effective tips for combating money laundering, and using SOA to bring about dramatic improvements in areas such as customer retention, compliance, and operational efficiency.
print
save
email
comment
Copyright @ 2004 Software & Support Media
Powered By Media Teknologi Informasi Corp.
Privacy PolicyTerms of Use
