Mobile-proofing your network

By Douglas Schweitzer, Contributing Writer 03 Apr 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

A stolen laptop made public last week by the University of California, Berkeley contained unencrypted personal data on nearly 100,000 graduate students and applicants and is just the latest case to underscore the need for increased protection of personal information.

"Since mobile devices are subject to all sorts of threats including both technological [viruses, worms, spam] and physical [lost or stolen], it is essential that organizations that allow the use of these instruments devise corporate policies regarding their use and further document courses of action if exposed to these kind of threats," said Dave Wreski, CEO of Guardian Digital in Allendale, N.J. Wreski believes that the policies and procedures should include the following:

• Utilize advanced encryption and security standards, including Wired Equivalent Privacy (WEP) to minimize the occurrence of WLAN-related vulnerabilities;
• Password-protect all mobile devices;
• Encrypt sensitive documents that are stored on the device;
• Minimize access to sensitive internal information by using firewalls;
• Back-up data regularly on all mobile devices; and
• Implement antivirus software on all mobile devices.

Security and patch management on mobile devices is a most trying task for system administrators. With an ever greater number of corporations relying on mobile computing, this

Sound off! Have wireless security tips for your peers? Share them by clicking on the link at the top of the page.

has also become one of the most important, yet still overlooked areas of information technology. Traditionally, the security of corporate servers has received the foremost priority status. However, as malicious code continues to evolve and begins to attack not only laptops, but PDAs and cellular phones, it's just as important that appropriate measures are taken to ensure that corporate data stored on those devices is kept as secure, if not more so, than that housed on servers and office desktops.

When it comes to patching mobile devices, there are several methods an organization can adopt. According to Dr. Gary Hinson, CEO of IsecT Ltd. in West Sussex, U.K., "You can leave it to end users to self-patch, which is not very reliable, yet is the least costly option. You can distribute patches and updates when systems connect up by using Systems Management Server (SMS) or login scripting." Another option is to prevent further network access until the system is patched. While this is a better option than leaving it up to the user, it is also more difficult to configure and comes at a steeper monetary cost. To ensure compliance, "you can "sheep-dip" [mobile devices] every so often; i.e., insist they are brought on site to patch," Hinson added.

Another alternative is to maintain a DMZ [demilitarized zone] on

More on mobile security Peril in the wireless world Despite security improvements, two men who helped shape 802.11i warn wireless networking is still a risky business. Isolate this: Security quarantines grow Security quarantines are becoming increasingly popular as a tool to deal with an ever-growing mobile workforce whose PCs lack up-to-date antivirus signatures.

a separate physical port on the gateway device to which your laptops or other mobile devices such as PDAs are connected. "This protects the network, ensuring that they cannot immediately infect other machines on the LAN. It gives the server/IT manager time to update and scan for viruses," said Simon Heron of Network Box, a U.K.-based Internet threat prevention company in Nottingham. The laptops are then connected into the network in a managed fashion.

While it is important to have in place a wireless and mobile security program, it is equally important to also have secure server solutions to which these devices connect. In addition, be sure that all servers have their OSes and applications patched regularly and that AV and IDS signatures are always up to date.

Tags: Mobile Device Security,  Mobile Policies and Procedures,  Mobile Security Software and Tools,  Hackers and Threats to your Mobile Enterprise,  Mobile Authentication and Encryption,  Managing Mobile Users,  Mobile Access,  Mobile Policies,  Mobile Management Tools,  Mobile Synchronization,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Device Security Fingerprint recognition and mobile security Traditional security threats coming soon to mobile device near you Securing your Windows Mobile devices Mobile security: Protecting your data, not just your devices Prevent mobile malware: Learn how to protect your enterprise and devices Podcast: The truth about network security and mobile device access Protecting data on your BlackBerry Going green: Recycling and energy saving tips for mobile devices -- podcast New challenges in mobile device discovery Quiz: Mobile Device Security -- Who else can hear me now? Mobile Device Security Research Mobile Policies and Procedures Securing corporate data on your laptops Podcast: FAQs on mobile policies Developing and instituting corporate mobile device policies Mobile security: Asserting control over mobile devices Mobile security culture starts at the top Detecting rogue mobile devices on your network Mobile security policies Defining your mobile security policy Government regulations and mobile security policies Mobile security policies: Why a policy is important Mobile Security Software and Tools Sybase offers enterprise-ready iPhone solution on the App Store Fingerprint recognition and mobile security Traditional security threats coming soon to mobile device near you Prevent mobile malware: Learn how to protect your enterprise and devices In-the-cloud defenses for mobile malware On-device defenses for mobile malware Sybase adds antivirus and firewall to mobile management suite Detecting rogue mobile devices on your network Symbian: Protect your data, not just your device Mobile devices: Corporate security strategies

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary mobile VPN  (SearchMobileComputing.com) real-time location system (RTLS)  (SearchMobileComputing.com) screaming cell phone  (SearchMobileComputing.com) SMiShing  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary