Sergey Nivens - Fotolia
I read that mobile broadband modems are popular vectors for attacks because of their lack of authentication. What alternatives does my company have to using these modems? If we have to use them, what is the best way to ensure security on them?
With the pervasiveness of mobile computing, there's no getting around the need for anytime, anywhere connectivity. These vulnerabilities are a great example of, "If it has a URL or IP address and it's made available on the Internet, then people are going to play with it" -- and exploit it if they can.
And, simply put, if your business depends on mobile devices to connect to the Internet or your internal network, you can't just stop using mobile broadband modems.
I'm confident that most organizations have much bigger security problems on their own network hosts, applications and mobile devices than any cross-site request forgery or DNS poisoning flaws that may or may not be present on their users' mobile broadband modems, but that doesn't mean the issue should be ignored.
Rather than dropping everything you're doing -- like many people in the industry will assert is the best tactic -- I suggest taking a methodical approach to this potential risk and integrating it into your ongoing security assessment program. Be sure your enterprise asks itself:
- What mobile broadband modems are employees using?
- Are they known to be vulnerable?
- What are the vulnerabilities?
- How can they be exploited?
- What information, people, and processes are ultimately at risk?
By taking this approach, you'll likely find that the sky is not falling after all. But perhaps, if the problems are bad enough, you can justify changing your standard and policy on which mobile broadband modems can be used. There may even be patches that can be applied. Every situation will be different; however, locking down your endpoints with personal firewall software and advanced malware protection, as well as requiring VPN connections for all Internet access, is a great start. As for alternatives to actual modems, that's a question for your organization's cable provider. Alternatively, you could switch to a different technology altogether such as business DSL, T1, etc. That said, you may not want to go backwards in time by using these technologies, or they may be out of your budget altogether.
Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your question now via email! (All questions are anonymous.
Learn more about keeping mobile workers connected and ensuring mobile employee productivity
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading