I read that mobile broadband modems are popular vectors for attacks because of their lack of authentication. What...
alternatives does my company have to using these modems? If we have to use them, what is the best way to ensure security on them?
With the pervasiveness of mobile computing, there's no getting around the need for anytime, anywhere connectivity. These vulnerabilities are a great example of, "If it has a URL or IP address and it's made available on the Internet, then people are going to play with it" -- and exploit it if they can.
And, simply put, if your business depends on mobile devices to connect to the Internet or your internal network, you can't just stop using mobile broadband modems.
I'm confident that most organizations have much bigger security problems on their own network hosts, applications and mobile devices than any cross-site request forgery or DNS poisoning flaws that may or may not be present on their users' mobile broadband modems, but that doesn't mean the issue should be ignored.
Rather than dropping everything you're doing -- like many people in the industry will assert is the best tactic -- I suggest taking a methodical approach to this potential risk and integrating it into your ongoing security assessment program. Be sure your enterprise asks itself:
- What mobile broadband modems are employees using?
- Are they known to be vulnerable?
- What are the vulnerabilities?
- How can they be exploited?
- What information, people, and processes are ultimately at risk?
By taking this approach, you'll likely find that the sky is not falling after all. But perhaps, if the problems are bad enough, you can justify changing your standard and policy on which mobile broadband modems can be used. There may even be patches that can be applied. Every situation will be different; however, locking down your endpoints with personal firewall software and advanced malware protection, as well as requiring VPN connections for all Internet access, is a great start. As for alternatives to actual modems, that's a question for your organization's cable provider. Alternatively, you could switch to a different technology altogether such as business DSL, T1, etc. That said, you may not want to go backwards in time by using these technologies, or they may be out of your budget altogether.
Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your question now via email! (All questions are anonymous.
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.