Mobile Device Security Solutions | Modes of Authentication
Verifying an individual’s claimed identity through user authentication is the first line of defense against unauthorized use of a mobile handheld device. Three basic techniques commonly used to verify identity involve either proof by knowledge (e.g., passwords), proof by possession (e.g., tokens, such as smart cards), or proof by property (e.g., fingerprints). Multiple modes of authentication that involve one or more basic authentication techniques are also a possibility.
Implementing authentication solutions [..]
Mobile | Electronic Tracking | Cloning | Server-Resident Data
Electronic Tracking
Several companies offer location tracking services for registered cell phones to allow the whereabouts of the user to be known by friends and family . It is also touted as a means to track employees’ whereabouts .
Registration can take place quickly, making temporary misplaced devices or unattended devices a possible target. Some tracking services periodically send the phone a notification for the user that monitoring is taking place, and [..]
Mobile – Electronic Eavesdropping
Attempts to access and eavesdrop on transmitted information are another possible threat. The most direct way is to install spy software onto a device to collect and forward information onto another phone or server .
Such applications exist for certain phone models and are commonly advertised as a means to monitor a spouse or child’s activities. The capability to remotely turn on the microphone and listen or record conversations in the [..]
Smartphones and PDAS – Threats
A simple way to consider threats to handheld devices is to compare them with those for desktop computers, which are more familiar to everyone and documented elsewhere. Essentially, the threat profile for handheld devices is a superset of the profile for desktop computers.
The additional threats for cellular handheld devices stem mainly from two sources:
- Their size and portability
- Their available wireless interfaces and associated services.
Size and portability can result in the loss [..]
PDA and Smartphones – Bluetooth Communications
Bluetooth Communications: Bluetooth is a Personal Area Network (PAN) standard that enables wirelessconnections between electronic devices in the 2.4 GHz range over short distances, as an alternative to cables.
Designed to be power efficient, Bluetooth has become a common feature in cell phones. Since wireless communications is inherently insecure, a number of basic security provisions have been defined for this standard to mitigate the risks involved. The three basic security services [..]
Computer Security – Definitions
Application-Proxy Gateway Firewall: An advanced firewall that combines lower layer access control with upper layer functionality, and includes a proxy agent that acts as an intermediary between two hosts that wish to communicate with each other.
Boundary Router: A router located at the organization’s boundary with an untrusted external network. In the context of this document, a boundary router is configured to be a packet filter firewall.
Circuit-Level Gateway: A form of [..]
Firewall planning | General Recommendations
The following recommendations for firewall planning and implementation will help administrators plan for firewall placement and implement their firewall policies:
- Placement and Deployment
- Place a packet-filtering firewall at the edge of each discrete network in the organization.[..]
Firewalls | Deploy and Manage
Deploy
Once testing is complete and all issues have been resolved, the next phase of the firewall planning and implementation model is deployment, which should be done in accordance with organization policies.
Before deploying the firewall, administrators should notify users or owners of potentially affected systems of the planned deployment, and instruct them who to notify if they encounter any problems.Any changes required to other equipment, such as changing default routes, should [..]
Firewall Planning
The planning phase for choosing and implementing a firewall can begin only after an organization has determined that a firewall is needed to enforce the organization’s security policy. This typically occurs following a risk assessment of the overall system.
A risk assessment includes :
- the identification of threats and vulnerabilities in the information system;
- the potential impact or magnitude of harm that a loss of confidentiality, integrity, or availability would have on the [..]
Firewalls | Policies Based on Applications
Most early firewall work involved simply blocking unwanted or suspicious traffic at the network boundary. Inbound application proxies take a different approach—they let traffic destined for a particular server into the network, but capture that traffic in a server that processes it like a port-based firewall.
The application proxy approach provides an additional layer of security for incoming traffic by validating some of the traffic before it reaches the desired [..]