Mobile-proofing your network |
 |
By Douglas Schweitzer, Contributing Writer
03 Apr 2005 | SearchSecurity.com |
|
|
A stolen laptop made public last week by the University of California, Berkeley contained unencrypted personal data on nearly 100,000 graduate students and applicants and is just the latest case to underscore the need for increased protection of personal information.
"Since mobile devices are subject to all sorts of threats including both technological [viruses, worms, spam] and physical [lost or stolen], it is essential that organizations that allow the use of these instruments devise corporate policies regarding their use and further document courses of action if exposed to these kind of threats," said Dave Wreski, CEO of Guardian Digital in Allendale, N.J. Wreski believes that the policies and procedures should include the following:
- Utilize advanced encryption and security standards, including Wired Equivalent Privacy (WEP) to minimize the occurrence of WLAN-related vulnerabilities;
- Password-protect all mobile devices;
- Encrypt sensitive documents that are stored on the device;
- Minimize access to sensitive internal information by using firewalls;
- Back-up data regularly on all mobile devices; and
- Implement antivirus software on all mobile devices.
Security and patch management on mobile devices is a most trying task for system administrators. With an ever greater number of corporations relying on mobile computing, this
|
| Sound off! |
| Have wireless security tips for your peers? Share them by clicking on the link at the top of the page. |
|
|
|
|
has also become one of the most important, yet still overlooked areas of information technology. Traditionally, the security of corporate servers has received the foremost priority status. However, as malicious code continues to evolve and begins to attack not only laptops, but PDAs and cellular phones, it's just as important that appropriate measures are taken to ensure that corporate data stored on those devices is kept as secure, if not more so, than that housed on servers and office desktops.
When it comes to patching mobile devices, there are several methods an organization can adopt. According to Dr. Gary Hinson, CEO of IsecT Ltd. in West Sussex, U.K., "You can leave it to end users to self-patch, which is not very reliable, yet is the least costly option. You can distribute patches and updates when systems connect up by using Systems Management Server (SMS) or login scripting." Another option is to prevent further network access until the system is patched. While this is a better option than leaving it up to the user, it is also more difficult to configure and comes at a steeper monetary cost. To ensure compliance, "you can "sheep-dip" [mobile devices] every so often; i.e., insist they are brought on site to patch," Hinson added.
Another alternative is to maintain a DMZ [demilitarized zone] on
|
| More on mobile security |
|
Peril in the wireless world
Despite security improvements, two men who helped shape 802.11i warn wireless networking is still a risky business.
Isolate this: Security quarantines grow
Security quarantines are becoming increasingly popular as a tool to deal with an ever-growing mobile workforce whose PCs lack up-to-date antivirus signatures. |
|
|
|
|
a separate physical port on the gateway device to which your laptops or other mobile devices such as PDAs are connected. "This protects the network, ensuring that they cannot immediately infect other machines on the LAN. It gives the server/IT manager time to update and scan for viruses," said Simon Heron of Network Box, a U.K.-based Internet threat prevention company in Nottingham. The laptops are then connected into the network in a managed fashion.
While it is important to have in place a wireless and mobile security program, it is equally important to also have secure server solutions to which these devices connect. In addition, be sure that all servers have their OSes and applications patched regularly and that AV and IDS signatures are always up to date.
|
|
|
|
