SmartAdvice: Managing Wireless Risk Part Of Overall Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure
Commentary
2/10/2005
08:50 PM
Commentary
Commentary
Commentary
50%
50%

SmartAdvice: Managing Wireless Risk Part Of Overall Security

Manage security for cell phones and PDAs proactively, The Advisory Council says. Also, telecommuting is a benefit to the company and employees when it's managed correctly.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected]


Question A: How can we secure our enterprise mobile phones and PDAs?

Our advice: The extension of the information network to handheld devices--mobile (cellular) telephones and PDAs--with their concomitant new and extended functions, raises the specter of additional vulnerabilities and risks. Furthermore, their very portability makes control all the harder. Nonetheless, like any information asset, the risks of these devices can be managed cost-effectively.

The main attacks against cellular phones are eavesdropping, cloning, and theft. The possibility of eavesdropping is greatly reduced by using digital communications, which have almost entirely replaced analog. The vendors also are improving their encryption technologies, though they're loathe to publish that (or any security information) in their public information. Press the vendor on that point and push for use of the latest security technology standards. Cloning, where an attacker makes an electronic copy of the cellular phone, is declining. It's used mainly for fraud, although it could be used for call interception. Check usage and bills frequently. The vendor should be responsible for clone use and cost. Physical theft or loss of cellular phones can lead to unauthorized use, information gleaned from telephone lists, messages, etc. Locking cellular phones using maximum PIN length provides some protection. Quick reporting of the loss is important. Never keep information so delicate on the phone that that loss of a cellular phone would cause considerable damage.

Related Links

Open Mobile Alliance

Personal Digital Assistant Vulnerability Assessment



As to call theft, i.e., from an attack in which a remote entity uses the organization's cellular phone illegally to access and use the cellular network for long-distance calls, Multimedia Messaging Service, etc., additional steps include, where possible, subscribing only to those services necessary for those users who need them, For example, that means no international calling for most users, and blocking sites such as 976 phone-sex lines. Since cloned phones are declining and are really the vendor's ultimate responsibility, it's mainly awareness of what to do if your phone is lost or stolen. The information in the phone such as client lists, schedules, passwords, and PINs, may be more valuable than the calls.

There are locking mechanisms on the cellular phones that require a PIN to access the phone. This would dissuade some attackers, foil others, but might not work against a well-financed and equipped attacker. An 8-digit PIN requires approximately 50,000,000 guesses, but there may be ways for sophisticated attackers to bypass it.

Those same products and techniques that now protect the network and the phones should continue to work. There's an option that provides end-to-end BlackBerry E-mail encryption that would help, although compromise of E-mail, while possible, isn't likely. Managing wireless and PDA risk is similar to and a part of the overall information-security program. It combines an informed constituency, immediate tactical actions, and a careful eye on the evolving technology and concomitant risks.

-- Richard Feingold

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll