Scribd
Upload
42 views

Mobile Computing and Security

The document discusses mobile devices, wireless communication, and examples of mobile devices. It describes how wireless networks work and some advantages of wireless technology. It also discusses risks of physical theft, data loss, and wireless networks, and provides mitigation strategies and common sense solutions.

Uploaded by

david munene
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
42 views

Mobile Computing and Security

The document discusses mobile devices, wireless communication, and examples of mobile devices. It describes how wireless networks work and some advantages of wireless technology. It also discusses risks of physical theft, data loss, and wireless networks, and provides mitigation strategies and common sense solutions.

Uploaded by

david munene
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 27

Mobile Devices and Wireless

What is a Mobile Device/Wireless?

 Mobile Device: a device that is easy to


use, enables remote access to business
networks and the internet, and enables
quick transfer of data.

 Wireless Communication: the transfer of


information over a distance without the
use of electrical conductors or wires
What are some examples of
Mobile Devices?
 Laptops  Garage Door Opener
 Cell Phones  GPS
 PDAs  Cordless phone
 Flash Drives  Cameras
 Bluetooth  Graphing Calculator
 Mouse/Keyboard  Nintendo Wii (game
 Mp3 Players controllers)
How does Wireless Work?
 Wireless networks use electromagnetic radiation
as their means of transmitting data through
space.
 An access point (AP) device is physically
connected to the LAN (typically a router)
 The AP has an antenna and sends and receives
data packets through space
 A wireless device then connects to the WLAN
using its transmitter to connect to the AP, and
then to the LAN.
Growing Popularity
 Used for day to day activities
 Affordable
 Necessary to keep up with competitors
using the same technology
 Convenient Size
What are the Advantages?
 Enhanced productivity
 Portability: Stay connected even away
from home or office, resulting in a more
flexible work life
Risk: Physical theft/loss of device
 Laptop theft accounted for 50% of reported
security attacks.
CSI, The 12th Annual Computer Crime and
Security Survey, 2007
 Lost or stolen laptops and mobile devices
are the most frequent cause of a data breach,
accounting for 49% of data breaches in 2007.
Ponemon Institute, U.S. Costs of a Data Breach,
November 2007
Mitigation
 Cable Locks
 Never leave hardware unattended
 Make hardware as inconspicuous as
possible
 Invest in tracking/recovery software
Risk: Data loss/leakage
 7 out of 10 government mobile devices are
unencrypted.
Government Accountability Office (GAO), IT
Security: Federal Agency efforts to encrypt
sensitive information are under way, but work
remains, June 2008
 The cost of recovering from a single data
breach now averages $6.3M - that’s up 31
percent since 2006 and nearly 90 percent
since 2005.
Wireless networks

 Infrastructure Mode
 Ad-hoc mode
Mitigation

 Encryption
 Authentication
Common Sense Solutions
 Understand what is really at risk
 Take controls seriously
 Don’t be too trusting of people
 Use technology for help
 TEST!
IS Auditing Guideline – Mobile
Computing
 Planning
 Obtain information regarding: intended use (business
transactions or personal productivity), technology
used, risk analysis, and policies used to manage
computing
 Conduct interviews and document analysis
 If a 3rd party is used to outsource IS or business
function, review the agreement
 Relate risks to the criticality of the information stored
on the mobile devices
Risk Analysis
 Auditor should consider the following when performing the risk
analysis:
- Privacy – examine protocols and procedures that protect sensitive
information on mobile devices (such as physical access controls)
- Authentication – certificate indicated verification by a certification
authority
- 2 Factor Authentication – verifies that the device and the end user
are authorized
- Data Integrity – detect changes in content or message during
storage or transmission
- Non Repudiation – user cannot deny processing a transaction
- Confidentiality and Encryption – using algorithms to transform data
- Unauthorized Use
Work Plan & Performance
 Work Plan
 Auditor documents how risks threaten
business, security, and IS objectives, and the
controls put in place to address the risks
 Identify weaknesses
 Performance of Audit
 If control weaknesses exist, additional
procedures may be necessary
 Consider discussing the audit with
stakeholders prior to issuing report
Auditing Wireless Networks
 Access control, transmission control, viruses, and monitoring
access points are important risks to consider
 Firewall generally secures information but WLAN creates new
challenges because it easier to access. Therefore control is
more important.
 (Ex) If an employee were to bring in an unauthorized router in to
work, unauthorized users could potentially access the network
from outside the building
 Access Point (AP) – security of APs is crucial for wireless
network auditing, consider unauthorized access, unauthorized
APs, improperly configured APs, and Ad Hoc networks
 An Auditor might walk around the building looking for markings
left on the ground by hackers indicating a spot in range of a
wireless network
 Wireless auditor – an automated system that detects anomalies

You might also like