Mobile Security Threats and Issues -- A Broad Overview of Mobile Device Security
|
|
- Louise Eustacia Bond
- 8 years ago
- Views:
Transcription
1 Mobile Security Threats and Issues -- A Broad Overview of Mobile Device Security Lei Zhang Tian Jin University, Tian Jin, China Abstract Mobile security draws more attention when mobile devices gain its popularity. Malware such as viruses, botnets, worms become a concern of using mobile devices since they leak sensitive information stored at or transmitted by mobile devices. This paper investigates malware in different platforms of mobile devices including Bluetooth, iphone OS, and Blackberry. Countermeasures of vulnerability and attacks in mobile devices are also discussed to protect security and privacy of mobile devices. Keywords: mobile security, Bluetooth, blackberry, iphone An overview of mobile device security In today s world, mobile devices are becoming more and more popular. As these devices have begun to spread, the demand for more and better functionality has come with them. However, more functionality leads to more complexity of the operating systems in various mobile devices. However, when involving in an operating system, the mobile devices are much more vulnerable to bugs, crashes, and security holes. When a system adapts to different functions, these functions might mess up with each other unexpectedly and cause it work strangely or improperly. With the plain fact that mobile devices are completely integrated into almost every aspect of our live, they leave a question, is security an issue? This question was answered by the first virus for a mobile computer, the cabir worm. Viruses, worms, and other malwares are always concerns since they can steal information and render devices useless. Since the mobile devices always access to the websites, wirelessly connected to different devices, many severe security issues have been raised. To tackle the security issues, we have to understand different concepts of security. As defined by [], malware is software designed to infiltrate a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean various forms of hostile, intrusive, or annoying software or program codes. When applying this term to mobile devices, it is in essence the same thing, but is even harder to tackle the serious problems caused by it. There are many different operating systems, and even more diverse functionality of each one, it is hard to have a powerful antivirus software that will run on all of the different operating systems and kill all kinds of viruses. It has been thought by the companies that the complexity a virus has to achieve makes it difficult to create a big number of viruses. This misleading security ignorance creates fundamental security risks for the software systems. Just like people said If we don t know a back door exist means we will not look for it. This idea is the foundation of many the problems in mobile security. History of mobile malware As mentioned in [3], Cabir, a computer worm developed in 004 is designed to infect mobile phones running Symbian OS [], which is an operating system designed for mobile devices and smartphones. It is believed to be the first worm that infected mobile phones. When a phone is infected by Cabir, the message "Caribe" is shown on the phone's display, and is appeared every time when the phone is turned on. The worm then attempts to spread out to other phones in the area using Bluetooth technology. The worm was not sent out into the wild, but sent directly to anti-virus firms, who believed Cabir in its current state is harmless. However, it does prove that mobile phones are also vulnerable to the viruses. Experts also believe that the worm was developed by a group who call themselves 9A, a group of international hackers. They created a "proof of concept" worm in order to catch world s attention. The worm can attack and replicate on Bluetooth enabled Series 60 phones. It tried to send itself to all Bluetooth enabled devices that support the "Object Push Profile". It can also infect non-symbian phones, desktop computers and even printers. Cabir does not spread if the user does not accept the file-transfer or does not agree with the installation. Some older phones would keep on displaying popups. Cabir persistently re-sends itself and renders the User Interface until yes is clicked. Even though the Cabir virus is credited as the first mobile device virus, it was only regarded as a concept virus. All the virus did was to show that a virus could be created based on the Symbian operating system. The codes were written to spur the development of operating system s creator, so that the security level of the operating system can be improved. However the source codes were leaked into the internet and modified, which made the virus more malicious than originally intended. About a month after the cabir worm struck, the next mobile virus, called Duts appeared. Duts was the first virus for the windows CE platform, and the first file infector for mobile devices. The duts virus would infect the executables in the root directory of the device if user permitted. Soon after duts, the brador virus came out. The Brador virus was the first backdoor virus for mobile devices. Backdoor is an open port
2 that waits for a remote host to connect to it. The viruses get into the system through the backdoor without being discovered [9]. After the brador virus, there were a large number of viruses for the Symbian Operating System, most of them are Trojans. The reason these kinds of virus accomplished is because the operating system allowed games and other programs downloading. During the time, the codes were altered to include the virus that changes customizations on the phone and render it useless. Table Summary of Mobile Device Malware [9] Name Date detected Operating system Functionality Worm.SymbOS.Cabir Jwune 004 Symbian Propogation via Bluetooth Infection Number of Variants Vector Bluetooth Virus.WinCE.Duts July 004 Windows CE File infector (File API) Backdoor.WinCE.Brador August 004 Windows CE Provides remote access via network (Network API) Trojan.SymbOS.Mosquit August 004 Symbian Sends SMS SMS Trojan.SymbOS.Skuller November Symbian Replaces icon file OS 004 Worm.SymbOS.Lasco January 005 Symbian Propagates via Bluetooth, File Bluetooth, file infector API Trojan.SymbOS.Locknut February Symbian Installs corrupted OS 005 applications Trojan.SymbOS.Dampig March 005 Symbian Replaces system OS applications Worm.SymbOS.Comwar March 005 Symbian Propagates via Bluetooth, MMS Bluetooth, MMS Trojan.SymbOS.Drever March 005 Symbian Replaces antivirus applications boot function OS Trojan.SymbOS.Fontal April 005 Symbian Replaces font files OS Trojan.SymbOS.Hobble April 005 Symbian Replaces system OS applications Trojan.SymbOS.Appdisabler May 005 Symbian Replaces system OS applications Trojan.SymbOS.Doombot June 005 Symbian Replaces system OS applications, installs Comwar Trojan.SymbOS.Blankfont July 005 Symbian Replaces font files OS 3 3 Vulnerabilities and threats of mobile ile devices Mobile devices security is a relatively new technology because there is still not a large focus on it. Sadly enough, the only way that the security is going to develop is by the appearance of a large amount of mobile devices malwares which need to be dealt with immediately without further avoidance. This is not to say that the current devices do not have any form of security, sometimes users are uneducated and render these measures ineffective [9]. Until people are properly taught what to do or what not to do, they will be more aware of security issues. Certain things like Bluetooth or Wi-Fi often time enabled by default on new mobile devices which are huge security risks. There are simple solutions for these problems; installing the newest firmware on devices, turning Bluetooth off when not in use, not connecting to unsecured wireless networks, not opening strange s, and not running programs that you don t know what they do. These are the simple precautions people can take that will
3 eliminate the great majority of the mobile device vulnerabilities. This should be regarded as an extreme concern because of the nature of mobile devices. Often time triggered viruses are designed to make money off the ads or the other schemes. It is almost impossible to completely avoid the time triggered viruses if they are put onto a mobile device. This makes the mobile devices very attractive targets to the hackers. Most threats to mobile devices are in the form of worms, a self-replicating virus. This is the biggest issue since mobile devices are designed to communicate with other devices. For this reason, the virus on the compromised mobile device spreads out, is now in leads to a possibly very devastating virus [9]. 4 Security threats and countermeasures While mobile phones are becoming more and more ubiquitous, they also have involved in more than just phones. They can be treated as a personal computer, video camera, portable media player, GPS, and more. This results in each mobile phone storing a lot of private information, which lead to the more frequent occurrence of the security issues. 4. How Bluetooth works Today mobile phones usually come with an advanced built-in technology known as Bluetooth. Bluetooth is a wireless communication standard that allows up to eight Bluetooth enabled devices to communicate with each other within a range of 0 meters, creating a Personal Area Network (PAN). The Bluetooth protocol works at.4ghz frequency spectrum and uses low power mode. Bluetooth can handle device interferences, by using a frequency hopping technology where the transmitters change frequencies,600 times every second (). Bluetooth technology can connect various devices such as a laptop computer, PDA, smart phone, not only two similar devices. Whatever the devices are, their connection setup can always be placed into two categories, a master-master connection and a master-slave connection. In master-master connections, both devices have input devices and can dynamically communicate with each other. In master-slave connections, one device does not have an input device while the other does. An example of this kind of connection would be a mobile phone and a wireless Bluetooth headset. The headset relies on preprogrammed instructions to complete setup and communication [3]. 4. Discovery, pairing and binding In order for two Bluetooth devices begin communicating, they first need to locate each other. This can be done through a process known as discovery. During the discovery process, one Bluetooth device scans for the other within its transmission range. Once the Bluetooth devices discover each other, the two devices will complete the next process known as pairing. Pairing is similar to networking TCP/IP handshaking. The devices exchange messages such as address, version, and pairing code. The pairing code can be thought as a password. In a master-master connection, both device users have to enter the pairing code. In a master-slave connection, the slave device will automatically read the pairing code from its preprogrammed code. Once identical pairing codes are entered, a link key is generated. The link key is used for authentication. Based on the link key the two devices dynamically generate and share an encryption key. The encryption key is used in the final process known as binding. The key binding connection means no other device can interfere or snoop on the connection. Although these three processes can keep Bluetooth connections safer, not all Bluetooth communication channels require them [3]. 4.3 Bluetooth security modes Every Bluetooth device has three major security modes in which it can operate on. The first mode is known as nonsecure security mode. In this mode, the features such as authentication, encryption, and pairing are not enforced. The second mode is known as the service-level security mode. In this mode, a central security manager restricts access to the device by performing authentication. The last mode is called the link-level security mode. In this mode, authorization and security procedures are enforced and implemented before an establishment of a communication channel. This mode typically involves in using the previously described processes of pairing and binding. Overall, Bluetooth has transformed wireless communication as it is widely implemented and supported. Unfortunately, like many protocols, it suffers from security threats and vulnerabilities [8]. 4.4 Bluetooth attacks One of the least serious and harmless Bluetooth attacks is called BlueJacking. This attack takes advantage of a small loophole in the messaging protocol and allows a Bluetooth device to send an anonymous message to a target Bluetooth device. When two Bluetooth devices wish to communicate with each other they must first perform an initial handshake process in which the initiating Bluetooth device must display its name on the target Bluetooth device. Instead, an attacker can send a user-defined field to the target device. BlueJacking takes advantage of this field in order to send the anonymous message [3]. A much more dangerous case, and one of the best known Bluetooth attacks, is BlueSnarfing. BlueSnarfing is the process in which the attacker connects to the victim s mobile phone through Bluetooth without the victim s attention. This attack is dangerous because the attacker can gain access to private information such as the address book, messages, personal photographs, etc. Furthermore, the attacker can initiate as well as forward phone calls. The attacker can complete this BlueSnarfing easily within 0 meters of the victim by using software tools such as Blooover, Redsnarf, and BlueSnarf [3].
4 4.5 Countermeasures Even though mobile phones face security threats from Bluetooth attacks, there are still effective countermeasures that can be used for protection. The simplest action can be taken is to disable Bluetooth completely on the mobile phone. Alternately, the mobile phone s Bluetooth settings can be switched to an undiscoverable or hidden mode. It is important to be aware of Bluetooth attacks and take countermeasures, as Bluetooth attacks are one of the primary ways mobile phone data is compromised [8]. 4.6 Mobile denial-of-service Compared with Bluetooth attack, Mobile Denial-of- Service (MDoS) attacks can be the worst attacks on a mobile phone. One of the major ways the attack is completed is through a Bluetooth enabled device. An MDoS attack can render a mobile phone useless. MDoS attacks can congest available bandwidth causing all data transfers stop, leading the phone to freeze, crash, or even restart. While there are different types of MDoS attacks, they all usually follow a similar pattern on how the attack is implemented. The attacker first uses some sort of packet-generation software in order to create infinite and sometimes malicious packets. These packets can then be sent to the victim s mobile phone using a specified protocol. One reason these attacks are considered dangerous is that they are easy to be executed. MDoS ready-to-go tools can easily be found on the Internet and downloaded. These attacks are possible if there is a loophole found in Bluetooth communication. Bluetooth technology does not have a way to handle incoming packets, and therefore does not inspect them at all. Compared with a normal mobile phone user, the problem seems to be more serious to a business mobile phone user, since he or she who depends on the phone for work can be devastated during an MDoS attack. The attack could limit their ability to access important data, significantly slow down their connection speed, and could even cause entire disconnection. Mobile phone users need to be aware that MDoS attacks can and do happen [3]. 4.7 Mobile denial-of-service attacks BlueSmacking is a common type of MDoS attack. The basic idea behind the attack is to send oversized data packets to the mobile device. Mobile devices using Bluetooth have a size limit on the packets that they can receive. This size difference depends on the manufacturer and model of the phone. This means that the devices cannot handle packets that are greater than the size limit. The attacker takes advantage of this weakness and sends oversized data packets to the target device. The device will not be able to handle numerous, constant, oversized packets thus resulting in a denial-ofservice [3]. The second MDoS attack, although not very popular, is called Jamming. As described earlier, Bluetooth works in the.4ghz frequency range and it handles interferences by frequency hopping. In a Jamming attack, the entire frequency band has to be jammed so that the Bluetooth device has no available frequency to use. The amount of work the attacker has to put in for a Jamming attack is not feasible resulting in the attack s unpopularity [3]. The third common MDoS attack is called a failed authentication attack. This attack prevents two Bluetooth devices from establishing a connection with each other. In order for the attacker to be successful, the hacker must flood the target device with spoofed packets while the target device is trying to connect with a desired device. In doing so, the target device s resource becomes congested and the target device is unable to make the connection with the desired device [3]. 4.8 Countermeasures Mobile phone users should be aware of MDoS attacks and also realize that there are countermeasures that are available in order to protect themselves from these attacks. One of the simplest things a user can do is to keep their phone up to date by downloading and installing the latest patches and upgrading their mobile phone. Another countermeasure is simply not to accept an unknown incoming message via Bluetooth. Users should only pair their mobile phone with known devices []. 5 Mobile operating system 5. iphone OS The iphone operating system has had several documented vulnerabilities so far; however they are generally fixed very quickly. The app review process is the main reason why there are not many documented cases of malware for the iphone. All of the applications that have permission to run on the iphone are very carefully inspected by apple and insured not have any viruses hidden inside or security risks. This is a double edged blade. With the very strict process, there is a much more limited base on what could be brought out for the phone if any application could be used on it [4]. The main security risk in the iphone is when the system has its root password cracked by jail breaking. The reason this is a problem as it gives the users root access to the phone with a username and password, but if people forget to change the username and password then it is easy to log in. With root access, it enables programs or processes to access any part of the system and modify them [4]. The world s first iphone worm was found in early November 009. The worm would replace the background on the iphone with a picture of Rick Astley and the words ikee is never gonna give you up. Once installed, the malware will
5 search the phone network for other vulnerable iphones and infect them []. The worm is a breakthrough purely because it is the first worm for one of the world s most prominent cell phone, iphone. Hopefully, it will force people to take more care of their phone and remember to change their passwords. The second worm infecting iphone takes advantage of the same security hole as the previous one. This worm will redirect customers Dutch online bank to a phishing site that will capture their information [0]. 5. Blackberry Architecture Overview The Blackberry smart phone was developed by Research in Motion (RIM) and introduced to the public as a two-way pager in 999. In 00, RIM released the blackberry with updated feature like push , mobile telephone, text messaging, internet faxing, web browsing and other wireless information services. RIM developed a proprietary software platform named BlackBerry OS for its BlackBerry line of handhelds. BlackBerry OS provides multi-tasking and makes heavy use of the devices specialized input devices, particularly the trackball or touch screen []. BlackBerry OS uses the Java to provide an open platform for third-party wireless enterprise application development. Using BlackBerry MDS Studio and the BlackBerry Java Development Environment (JDE), the BlackBerry Enterprise Solution lets software developers create third-party Java applications for BlackBerry devices. After the application is written in Java, it is compiled into Blackberry proprietary.cod files. The Java byte code is "pre-verified" as valid on the PC side (in accordance with JME standards) before being compiled into a.cod file. It can then be transmitted to the BlackBerry for execution []. By default, unsigned applications have very limited access to this enhanced functionality. Applications must be signed by RIM in order to perform actions, which are deemed sensitive such as enumerating the Personal Information Manager or reading s. Even signed applications may require user permission to carry out sensitive actions such as initiating phone calls. RIM provides a way for third party applications to gain full access to the Blackberry API by signing it with a hash function. For developers to obtain signatures for their applications they must first fill out an online form and pay a 00 USD fee to receive a developer key. RIM provides a signing tool that sends the SHA hash of the application to RIM. Once this hash is received by RIM they will in turn generate a signature. This signature is then sent back to the developer and appended to the application []. 5.3 Blackberry Vulnerabilities Since 007, there were known vulnerabilities that affected the blackberry Smartphone. Five of the vulnerabilities were cause by an error within the PDF distiller (KB78, KB79, KB5770, KB5766 and KB837). Three were caused by an error within ActiveX (KB648, KB6469, KB34). One vulnerability was caused by the Microsoft GDI component that BlackBerry products use (KB5506). Two Vulnerabilities exist in the Session Initiation Protocol (SIP) implemented on a BlackBerry 770 Smartphone running BlackBerry Device Software 4.0 Service Pack Bundle 83 and earlier (KB700, KB707). KB78, KB5770, KB5766 and KB79: the PDF distiller of some released versions of the BlackBerry Attachment Service. This vulnerability could enable a malicious individual to send an message containing a specially crafted PDF file, when opened on a BlackBerry Smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on. KB837: multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. These vulnerabilities could enable a malicious individual to send an message containing a specially crafted PDF file, when opened on a BlackBerry Smartphone associated with a user account on a BlackBerry Enterprise Server, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service component of that BlackBerry Enterprise Server. KB648: an exploitable buffer overflow exists in the BlackBerry Application Web Loader ActiveX control that Internet Explorer uses to install applications on BlackBerry devices. KB6469: A buffer overflow exists in the DWUpdateService ActiveX control that could potentially be exploited when a user visits a malicious web page that invokes this control. KB34: When using Internet Explorer to view the BlackBerry Internet Service or T-Mobile My web sites that use the TeamOn Import Object ActiveX control, and when trying to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the system. KB5506: These vulnerabilities expose the BlackBerry Attachment Service and the BlackBerry Desktop Manager to attacks that could allow a malicious user to cause arbitrary code to run on the computer on which the BlackBerry Attachment Service or the BlackBerry Desktop Manager is running. o If a BlackBerry Smartphone user is on the BlackBerry Enterprise Server or BlackBerry Professional Software is with BlackBerry Attachment Service running, and the user tries to use the BlackBerry Smartphone to open and view a WMF or EMF image attachment in a received message sent by a user with malicious intent, the computer on which the
6 BlackBerry Attachment Service is running could be compromised. o If the BlackBerry Smartphone user uses BlackBerry Media Sync to synchronize an image created by a user with malicious intent, the computer on which BlackBerry Media Sync is running could be compromised. KB700: The BlackBerry 770 Smartphone user receives a malformed SIP INVITE message. When the BlackBerry Smartphone user tries to make a call using the Phone application, the following problems occur: o An uncaught exception error message is displayed. o When the BlackBerry Smartphone user tries to initiate a call, the following error message is displayed: Cannot connect. Call in progress o The BlackBerry Smartphone cannot receive incoming calls. The BlackBerry Smartphone does not ring or display any indication of incoming calls. KB707: A BlackBerry 770 Smartphone receives a malformed SIP INVITE message. The following problems occur on the BlackBerry Smartphone: o The BlackBerry Smartphone user cannot make a call using the Phone application o The BlackBerry Smartphone may ring when it initially receives the malformed message, but does not receive incoming calls afterward (i.e. the BlackBerry Smartphone does not ring or display any indication of incoming calls). Spoofing: A situation where there is the opportunity to spoof information upon which the user will make a decision which may impact the security of the device. Data Interception or Access: A situation where data can be intercepted or accessed by malicious code that is on the device. Data Theft: A situation where data can be sent out of the device by malicious code that is on the device. Backdoor: A situation where malicious code resident on the device is able to offer functionality that would allow an attacker to gain access at will. Service Abuse: A situation where malicious code resident on the device is able to perform actions that will cause the user higher service cost. Availability: A situation where malicious code resident on the device is able to impact the availability or integrity of either the device or the data upon it. Network Access: A situation where malicious code resident on the device is able to use the device for one or more unauthorized network activities. This may include port scanning or alternatively using the device as a proxy for network communications. Wormable: A technology can be utilized by malicious code on the device to further help in its propagation in a semiautonomous fashion [8]. The following table shows for each of the areas analyzed their susceptibility to these attacks, and how they may be mitigated: 6 Blackberry Attack Surface There are multiple attack surfaces an attacker can exploit to compromise the confidentiality, integrity and availability of the blackberry smart phone. Table Vulnerability surfaces and misuses []
7 The chart shows attacks requiring malicious code to be present on the device. The only way for malicious code to get into the device is through user interaction. Ignorant users may trigger action of malicious code through user interaction. These facts highlight the need for user education about safe computing practices when using all kinds of computing devices including mobile devices. 7 Future development The largest problem with mobile security is there is no enough time dedicated to it when designing a mobile device. For the most part, the malware can only access if the user does something to make the system vulnerable in some way or fashion. Be it running a program that has the malware hidden in it, or cracking the system so that the built in security is removed. Many experts argue that the only thing that will make users more aware is a large amount of malware forcing people to become educated or else leave them unable to use their devices. The reason for this is because in the early 000 there were a large number of viruses that completely debilitated networks. This in turn made people understand the importance of antivirus and their threats that they don t recognize. Since then, people have been much more careful with their computers. Due to this positive response, many people think this is the only way to make people pay attention to mobile devices security. In example, there have been many proofs of concept viruses that target phones just to show it can be done and explain it could have been even worse; however this generally is circulated through the technical world and never reaches the end users on a large scale. evices-article-facn_greenhills_apr009-html.aspx [7] O'Connor, J. Attack Surface Analysis of BlackBerry Devices. White Paper: Symantec Security Response, 007. [8] Sanpronov, K. Bluetooth, Bluetooth Security and New Year War-nibbling. Retrieved December, 009, from VirusList.com: [9] Shevchenko, A. An overview of mobile device security. September, 005. Retrieved December, 009, from Viruslist.com: [0] The Register. IPhone Worm Infects Devices and Redirects Duth Online Bank. Retrieved December, 009, from CyberInsecure.com: [] The Register, Sophos. World's First IPhone Worm Hits IPhone Ownders In Australia. Retrieved December, 009, from CyberInsecure.com: 8 References [] BlackBerry Internet Service. Feature and Technical Overview, 009. [] Fadia, A.. Hacking Mobile Phones. Course Technology PTR, 005. [3] Franklin, C., & Layton, J. (n.d.). How Bluetooth Works. Retrieved December, 009, from HowSuffWorks.com: [4] Kabay, M. E. iphone security, Part. Retrieved 009, from Network World: c.html?page= [5] Kabay, M. E. iphone Security, Part. Retrieved December, 009, from Network World: c.html?ry=gs [6] Kleidermacher, D. The future of mobile devces. Retrieved December, 009, from Hearst Electronic Products:
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationE-BUSINESS THREATS AND SOLUTIONS
E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationLecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security
Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationOnline Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
More informationWICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise
WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents
More informationMobile Devices and Malicious Code Attack Prevention
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationBlackBerry Device Software. Protecting BlackBerry Smartphones Against Malware. Security Note
BlackBerry Device Software Protecting BlackBerry Smartphones Against Malware Security Note Published: 2012-05-14 SWD-20120514091746191 Contents 1 Protecting smartphones from malware... 4 2 System requirements...
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationTrust Digital Best Practices
> ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationBLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE
BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE About the Author. Acknowledgments. Introduction. Chapter 1 Understanding the Threats. Quantifying the Threat.
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationBasic Computer Security Part 2
Basic Computer Security Part 2 Presenter David Schaefer, MBA OCC Manager of Desktop Support Adjunct Security Instructor: Walsh College, Oakland Community College, Lawrence Technology University Welcome
More informationAttacks against Smartphones
Attacks against Smartphones Adnan Waheed Muzammil Zareen Khan Email: {adnwa060, muzkh007}@student.liu.se Supervisor: Anna Vapen, {annva@ida.liu.se} Project Report for Information Security Course Linköpings
More informationOCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
More informationSmartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices
Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices Daniel V. Hoffman, CISSP, CEH, CHFI Chief Technology Officer Page 1 Global Threat Center Exploit Research and Development
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationFive Tips to Reduce Risk From Modern Web Threats
Five Tips to Reduce Risk From Modern Web Threats By Chris McCormack, Senior Product Marketing Manager and Chester Wisniewski, Senior Security Advisor Modern web threats can infect your network, subvert
More informationANTIVIRUS BEST PRACTICES
ANTIVIRUS BEST PRACTICES Antivirus Best Practices 1. Introduction This guideline covers the basics on Antivirus Software and its best practices. It will help to have an overall understanding of the subject
More informationSecuring mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationINSIDE. Malicious Threats of Peer-to-Peer Networking
Symantec Security Response WHITE PAPER Malicious Threats of Peer-to-Peer Networking by Eric Chien, Symantec Security Response INSIDE Background Protocols New Vector of Delivery Malicious Uses of Peer-to-Peer
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationNetwork Incident Report
To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850
More informationG/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy
For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform
More informationGuideline for Prevention of Spyware and other Potentially Unwanted Software
Guideline for Prevention of Spyware and other Potentially Unwanted Software Introduction Most users are aware of the impact of virus/worm and therefore they have taken measures to protect their computers,
More informationPerception and knowledge of IT threats: the consumer s point of view
Perception and knowledge of IT threats: the consumer s point of view It s hard to imagine life without digital devices, be it a large desktop computer or a smartphone. Modern users are storing some of
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationClosing Wireless Loopholes for PCI Compliance and Security
Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop
More informationThe Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager
The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager Mobility -we have come a long way and where is it going? Image: Word Press Mobility To achieve mobility, two
More informationNetwork Security: Introduction
Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has
More informationWORLD LOTTERY ASSOCIATION GUIDELINES
WLA Mobile Phones WORLD LOTTERY ASSOCIATION GUIDELINES Mobile Phone Lottery Playing Guideline The Security and Risk Management Guideline on Mobile Phone Lottery Playing for the Lottery Industry worldwide
More informationSpam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning
Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans
More informationThe smartphone revolution
Mobile Applications Security Eugene Schultz, Ph.D., CISSP, CISM, GSLC Chief Technology Officer Emagined Security EugeneSchultz@emagined.com ISSA-Los Angeles Los Angeles, California January 19, 2011 Emagined
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationWhite Paper. Three Steps To Mitigate Mobile Security Risks
White Paper Three Steps To Mitigate Mobile Security Risks Bring Your Own Device Growth The Bring Your Own Device (BYOD) trend caught on with users faster than IT expected, especially as ios and Android
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationSuccessful Mobile Deployments Require Robust Security
By: Maribel D. Lopez FIRMS MUST BUILD SECURITY ENABLED MOBILITY Mobility is no longer considered a luxury within enterprise but a critical part of a networking strategy as 9irms look to increase productivity
More informationWhen a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationCyber Security Awareness
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
More informationWEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project
WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure
More informationUnderstanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them
Lab Exercises Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Review Questions 1) In class, we made the distinction between a front-door attack and
More informationTIME TO LIVE ON THE NETWORK
TIME TO LIVE ON THE NETWORK Executive Summary This experiment tests to see how well commonly used computer platforms withstand Internet attacks in the wild. The experiment quantifies the amount of time
More informationwww.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach
100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationDesktop and Laptop Security Policy
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
More informationCyber Security: Beginners Guide to Firewalls
Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationCOB 302 Management Information System (Lesson 8)
COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this
More informationplatforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential
Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationTechnical White Paper BlackBerry Security
Technical White Paper BlackBerry Security For Microsoft Exchange Version 2.1 Research In Motion Limited 2002 Research In Motion Limited. All Rights Reserved Table of Contents 1. INTRODUCTION... 1 2. ARCHITECTURE...
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationCyber Security Awareness
Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure
More informationIJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat.
Intrusion Detection in Cloud for Smart Phones Namitha Jacob Department of Information Technology, SRM University, Chennai, India Abstract The popularity of smart phone is increasing day to day and the
More informationNetwork Security and the Small Business
Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationCountermeasures against Bots
Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationReferences NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household
This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of
More informationUsing TS-ACCESS for Remote Desktop Access
Using TS-ACCESS for Remote Desktop Access Introduction TS-ACCESS is a remote desktop access feature available to CUA faculty and staff who need to access administrative systems or other computing resources
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationGetting a Secure Intranet
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationEndUser Protection. Peter Skondro. Sophos
EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationCyber Security Beginners Guide to Firewalls A Non-Technical Guide
Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.
More informationPersonal Data Security. Grand Computers Club New Technologies SIG May 21, 2014
Personal Data Security Grand Computers Club New Technologies SIG May 21, 2014 Topics Meeting Overview New Tech Newsletter Main Topic: Personal Data Security Open Discussion Questions 2 Overview Data privacy
More informationLectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003
Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while
More informationWhite Paper. Security: Cortado Corporate Server for BlackBerry. Information on the Cortado infrastructure and Bluetooth printing
White Paper Security: Cortado Corporate Server for BlackBerry Information on the Cortado infrastructure and Bluetooth printing This white paper provides information about the security of BlackBerry and
More informationPC Security and Maintenance
PC Security and Maintenance by IMRAN GHANI PC Maintenance and Security-Forecast. Major sources of danger. Important steps to protect your PC. PC Security Tools. PC Maintenance Tools. Tips. PC Security-
More informationThe Mobile Malware Problem
The Mobile Malware Problem Eddy Willems Security Evangelist G Data Security Labs Director Security Industry Relationships - EICAR eddy.willems@gdata.de Introduction Security Evangelist at G Data: Privately
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationENISA s ten security awareness good practices July 09
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
More information1. Threat Types Express familiarity with different threat types such as Virus, Malware, Trojan, Spyware, and Downloaders.
Threat Protection Tools and Best Practices Objectives 1. Threat Types Express familiarity with different threat types such as Virus, Malware, Trojan, Spyware, and Downloaders. 2. Threat Vectors Be familiar
More informationHardware Inventory Management Greater Boston District
Hardware Inventory Management Greater Boston District Audit Report Report Number IT-AR-15-004 March 25, 2015 Highlights Management does not have an accurate inventory of hardware assets connected to the
More information1 Introduction. Agenda Item: 7.23. Work Item:
3GPP TSG SA WG3 Security S3#34 S3-040682 6-9 Jul 2004 updated S3-040632 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040583 based on the comments in SA3#34 meeting Source:
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationIQware's Approach to Software and IT security Issues
IQware's Approach to Software and IT security Issues The Need for Security Security is essential in business intelligence (BI) systems since they have access to critical and proprietary enterprise information.
More informationWindows Phone 8 Security Overview
Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationSecurity Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationDSL and Cable Modems: The Dangers of Having a Static IP Address
DSL and Cable Modems: The Dangers of Having a Static IP Address By Joe Edwards ECE 478 Spring 2000 1.0 Introduction As computer technology continues to rapidly progress, more and more people are abandoning
More information