Tuesday, November 16, 2010

Five tips for protecting mobile devices

Attacks against information assets — government, corporate, and personal — have been going on for some time. Yet many users and organizations have blatantly ignored recommendations for protecting mobile devices, exposing themselves, their businesses, their customers, and often employees to harm. These devices in the hands of mobile workers are exposed to a variety of threats:
  • Hotel wired networks are often wide open to eavesdropping by cybercriminals or other guests. Jacking into a network frequently equates to sending and receiving information over a single collision domain. This means all packets for a set of rooms, a floor, several floors, or even the entire hotel/motel are seen by all other systems on the network. Unprotected packets are prime targets for capture, analysis, and data extraction.
  • Connecting to unencrypted hotel or other public wireless networks, sending sensitive information out into the ether, is a well-known problem. I won’t beat it to death.
  • Improper configuration of firewalls or the total lack of an end-user device security perimeter, allows anyone, anytime, and anywhere to use public networks to peruse private information on laptops, smartphones, or PDAs.
  • Some unencrypted stolen or lost devices are a treasure chest of information, including passwords, customer and employee information, and user identity data. In large, chaotic venues, it isn’t difficult to lose a laptop or PDA.

This is not a complete list of potential attack vectors, but proper attention to those four issues reduces risk to a reasonable and appropriate level. The following steps are a good start in preventing information or system compromise.


No comments: