Mobile devices today are so commonplace that few people pay much mind to them, but mobile devices can pose threats to your network that must not be ignored. Here I'll explain how they can harm your network and what you can do to prevent exploits.
New storage features call for greater precautions
Mobile devices can threaten your network by allowing hackers to haul away sensitive data or letting malicious freeloaders into your space. Let me explain. PDAs have a much greater storage capacity now than they previously had, in a sense acting as portable hard drives. For instance, an unhappy user or unknown intruder who connects a PDA to an office PC could potentially copy sensitive files from the network to the PDA and walk right out the door with them. He could also use a PDA to bring in virus-infected files, whether it be intentional or accidental, or to copy and install a small application on an office workstation.
The fact that many people do not think of mobile devices as security concerns is a major issue. These days, viruses and Trojans are specifically designed to attack mobile devices. This becomes a problem when a device is used to connect to a corporate network over a VPN, Wi-Fi or dial-up link. If a mobile device is infected with a keystroke logger, access credentials to the network can be stolen and transmitted to a server on the Internet, compromising a user's authentication credentials for potential hack attempts.
Locking down mobile devices
To protect your Windows network from mobile threats, create a corporate policy that bans the use of privately-owned mobile devices. If anyone in the company has a legitimate need for a mobile device, it will be the company's responsibility to provide that device. This will cost the company some money up front, but I believe the benefits outweigh the cost.
The first benefit is that you know exactly who is authorized to use mobile devices, and you can take steps to prevent anyone else from attaching a mobile device to the network. Since many mobile devices attach to PCs through a Universal Serial Bus (USB) or Firewire port, try a product like GFI Software Ltd.'s Portable Storage Control to prevent users from attaching mobile devices or any other portable storage device to their PCs.
Company ownership of mobile devices also enables you to dictate what must be running on the devices, insuring the devices are used properly. Insist that the mobile device is running all of the latest patches and the latest antivirus definitions (yes, there are antivirus programs for mobile devices).
Following those steps should greatly increase mobile device security in your organization, but I also recommend occasionally performing random device audits. Check for unauthorized mobile applications, such as hacker tools, and anything else that might compromise security. People tend to have a personal attachment to their mobile devices and might be reluctant to allow the IT department to inspect them. Remember though that the device is company property, and you have the right to inspect it anytime you feel like it.
Mobile devices pose one additional risk, which is what could happen if the device were lost or stolen. If a user has passwords cached within the device, whoever finds it can instantly access your network using that information. Insist that mobile device users have power-on passwords (if supported), and prevent them from caching passwords for connecting to your network, the Internet or anything else. Some users have been known to create text files of passwords, ATM PINs and other highly sensitive information. Make it clear to your users that such files are a very bad idea.
As you can see, mobile devices can easily threaten the integrity and security of your network unless they are properly secured.
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.
This tip originally appeared on our sister site, SearchWindowsSecurity.com.
