Mobile Systems: A Threat to Corporate Security

posted onFebruary 20, 2005
by hitbsecnews

By: Fernando de la Cuadra

Note: This article has previously appeared on our affiliates site EBCVG. The original article can be found here.

In recent years, corporate security levels have significantly improved. There is much more effective control of Internet connections, security tools installed on networked computers, user training, etc. Nevertheless, at the same time as these factors are improving, technology is also advancing and conflicts are arising, in particular, between traditional security policies and the mobility of network users.

Today there is an increasing need for many company employees to have mobile devices: from laptops to latest generation cell phones. Such equipment spends long periods outside the ‘secure’ environment of the office, where corporate security policies won’t be able to protect them from possible attacks.

In the case of a sales rep, for example, one of their main concerns is to be able to receive email in a computer connected to the Internet in a hotel room. Accustomed to the secure office environment, security often tends to be something of an afterthought in such circumstances. The consequences however, could be extremely serious, as without the protection of a firewall, the laptop becomes an easy target for hackers and an out-of-date antivirus could result in a computer becoming a ‘zombie’.

The problems are compounded by the fact that these types of computers often contain vital strategic information: projects, offers for clients, customer databases, etc. This type of key data needs to be protected from competitors or unscrupulous hackers.

But there is also another factor which should be of concern to system administrators in corporate networks: sooner or later, this roaming computer will connect up to the corporate network, with all the material that it has picked up from the Internet along the way. Hacking tools, Trojans, spyware… all of these can directly enter the corporate network if the correct measures are not applied. Obviously there are tools that prevent the spread of this type of malicious code throughout the company, but nevertheless, a door has still been left wide open to them. Another problem that often goes unnoticed is that of third-party computers connecting to the network. As more services are outsourced from large corporations, many external contractors need to connect to the network with laptops, just as if they were another employee.

These computers would normally have some sort of security system installed, from antivirus products to firewalls, but how can you be sure they meet your company’s security policy? Network administrators have enough problems without having to go around checking subcontractors’ computers one-by-one (not to mention the problems arising from privacy rules that may vary considerably from one company to another).

All these circumstances reveal the need for specific control over the laptops and other mobile devices that connect to the network. In order to anticipate a user possibly breaking security rules, full, automatic security control needs to be applied to laptops when they connect, whether they belong to external personnel or roaming employees.

When a system connects to the corporate network, it is important to ensure that that system is secure, i.e. that it compiles with the security levels established by the network administrator. This means that malware won’t be able to enter the corporation through this type of connection. Access should be permitted or denied depending on the result, or if necessary, security levels of the device should be adapted to the company’s security requirements.

However, on many occasions these kinds of connections are anticipated and can be redirected to specific network segments or sets of permissions and restrictions can be established automatically without causing a conflict between the security policies of different companies.

So it is quite evident, the question of laptops and other mobile devices connecting to the corporate network is not without its problems, and needs to be controlled with great care. The tools for protecting these computers will shortly become a basic element for the proper implementation of corporate security policies.

1.) A Solution To Red Hat PIE Protection - Zarul Shahrin
2.) The Convergence of Hacking and Security Tools - Don Parker
3.) Testifying in a Computer Crimes Case - Deb Shinder
4.) How to Build a Simple Wireless Authenticated Gateway (SWAG) Using OpenBSD - Rosli Sukri
5.) Protecting the Administrator Account - Derek Melber
6.) Mobile Systems: A Threat to Corporate Security - Fernando de la Cuadra

Source

Tags

Articles

You May Also Like

Other Articles In This Section

Recent News

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone