Cloud Computing Security
book with ISBN: 1461194067, is now available.
- Mobile security
- Common mistakes
- Security Measures provided to customers
- Understanding wireless security
- Mobile Security policies
Things to look out for and gain control of:
1. Not knowing what is really at risk. Most employees and managers haven't really thought about what there is to lose—especially when it comes to the lack of physical security controls with mobile devices. People aren't valuing business assets and treating the threats and vulnerabilities seriously enough. Making matters worse, many in business don't know what information they have, where it is located, or even what it is worth. In most cases, this stems from management's failure to instill a culture of privacy and security—often leading to security oversights and unfortunate breaches that create business level problems.
2. Not taking the complexities involved seriously enough. It is easy to assume that mobile security is simply achieved. You just encrypt wireless traffic and laptop hard drives and all's well, right? Not really. It is all in how encryption is used and when it is used.. There is also this problem of islands of unstructured files scattered about laptops and handhelds. It's everywhere and then means a literally unlimited attack surface against sensitive information.
With the lack of physical controls, unauthorized usage is very difficult to prevent or trace back. Finally, the whole problem of policies and people is underestimated—that is, the security policies, processes and user buy-in required to keep mobile systems secure. The software side of mobile security is complex and it cannot be taken lightly.
3. Being too trusting of people. Many in IT and upper management are too trusting of employees and even outside contractors and other visitors. They are often given a lot of privileges with mobile devices, both on and off the network, but no one really knows how they're using them. Quite often, we're depending on these users to do the right thing and help limit mobile security weaknesses, but that is not likely to happen, considering that this is the last thing on the minds of people who have a hundred other things to worry about during their workday.
4. Not using technology for help. There is a great over-reliance on policies to keep information safe—especially at the management level. The assumption is that a policy is in place, so everything is safe and sound.
There are lots of security controls that come free with most computers, handhelds and wireless LAN systems.
From power-on passwords to BitLocker drive encryption in Windows Vista, from WPA encryption to the Microsoft PPTP VPN (among other freebies), many solutions exist. The key is making the choice to use them. If the controls you need are not there by default, there are solutions available (at reasonable prices relative to the consequences) to keep mobile systems secure from the elements.
5. Not understanding how the bad guys work. A lot of mobile systems (wireless LANs included) aren't being properly tested for security exploits. In fact, mobile systems are often outside the scope of security assessments. We look at firewalls, operating systems, Web apps and databases but tend to ignore mobile systems because some basic controls are in place. Of the testing that is being done, it is often checklist audit with no in-depth testing ethical hacking to find out just what controls can be bypassed and exploited. Looking at mobile systems with a malicious attitude and good tools is absolutely necessary to find the real problems.
Mobile security problems aren't going away. Whether or not mobility is supported by management, it is probably still present in some form. Most mobile weaknesses are out of sight and out of mind. But don't be fooled—they're still there.
To receive your Mobile Devices Security Assessment, please submit your payment of $99.00.
B E T T E R: Please submit your payment of $999.00 for a complete Mobile Devices Assessment of your entire business. Extra, if more than 100 miles travel required.