What Are the Greatest Risks to Wireless and Mobile Networks

Mobile devices are powerful because they are "mobile" – they tin can motility around and interact with many environments and systems.

This strength is also a weakness. Every bit they move, smartphones and tablets can be exposed to more security threats than stationary hardware, such every bit desktops.

When small businesses welcome the devices onto their networks, they too welcome the added risk of mobile security threats. If not carefully managed, they can put the company's systems and information in jeopardy.

See the top seven types of mobile threats below and how to preclude them, via the NIST guidelines on mobile security in the enterprise.

Mobile Security Threat #1. User-Managed Devices

Most pocket-size businesses have a "bring your own device" policy that allows employees to bring personal smartphones or tablets into the function.

Unfortunately, personal mobile devices are often insecurely configured or improperly maintained.

Vulnerabilities may include:

• Malware infections

• Rooted or jailbroken operating systems

• Apps downloaded from shady, 3rd-party sources

• Unpatched and obsolete software

The best approach to these security threats is to assume all personal mobile devices are insecure.

Tips to manage them on small business networks:

• Restrict or prohibit BYOD devices on the network. Permit access to just low-risk environments, such as guest wifi on an isolated network

• Require a secure sandbox for BYOD devices to perform whatsoever visitor-related business concern

• Securely configure company-provided devices before deployment (more than tips on this below)

• Periodically scan devices and review their configurations

Mobile Security Threat #2. Theft and Loss

Portable engineering science adds massive convenience to our lives and businesses – merely it'due south also convenient for thieves.

Smartphones can easily skid into a thief'south pocket. Desktops, servers, and even laptops are a much harder to sneak away.

Likewise, mobile devices are left everywhere – including in cars, hotel rooms, and restaurants. This creates more opportunities for a device to be stolen than if it were left locked in an part building.

Assume It Will Be Stolen

Start with the assumption that whatsoever mobile devices that connect to your network or handle your information will 1 day achieve the hands of a malicious party.

Mobile security tips to mitigate the risk:

• Require authentication to unlock the device

• Automatically lock subsequently five minutes of inactivity

• Encrypt the device's information (tips for Android and iOS), or prohibit the storage of sensitive information

Mobile Security Threat #three. Untrusted Networks

Mobile devices – particularly smartphones – can access the internet in at least ii ways:

1. Cellular information connection
2. Wifi connectedness to a local network

If a device is owned by an employee, the organization has no control over its cellular data connexion.

Without whatsoever way to ensure the cellular network is secure, it'due south best to consider it untrusted and exposed to man-in-the-eye attacks and other mobile security threats. Any data transmitted on the network is at risk.

Mobile devices that are allowed to go out the office – such equally those taken domicile or on the road – are also exposed to unknown wireless networks. These networks must not be trusted, either.

A few ways to mitigate the risks of access to untrusted networks:

• Require the apply of virtual individual networks (VPNs) to encrypt information sent on untrusted networks and ensure mutual authentication of client and server

• Disable whatever network interfaces not necessary for business organization use (such as an unneeded cellular data connection)

• Prohibit the employ of wireless networks that rely on insecure protocols, such as WEP

Mobile Security Threat #4. Insecure Apps

The manufacturers of mobile devices and operating systems make it easy to install applications.

This is at odds with security principles, who see unnecessary applications every bit unnecessary risks. Each is a potential artery for malicious actors to compromise a device and the resources it can access.

As with the above topics, presume third-party mobile applications cannot be trusted.

Security practices for handing mobile apps:

• Prohibit the installation of third-party apps

• Practice application whitelisting – or, more just, maintain a listing of allowed applications

• Grant but the necessary permissions to applications

• Create a secure sandbox on the device to handle company resources and data

Users can also admission spider web-based applications through spider web browsers. Nevertheless again, you should assume these applications are unsafe.

Security tips to handle browser-based apps:

• Restrict browser access on the device

• On the business network, forcefulness mobile traffic through secure gateways, such as AccessEnforcer, to assess URLs before connections are allowed

• Require the employ of a separate browser inside a secure sandbox

Mobile Security Threat #v. Unsafe Systems

Mobile devices have thousands of uses – many of which crave connecting to another arrangement, such every bit by:

• Tethering 2 mobile devices together so they can share a network connection

• Plugging a mobile device into a workstation to serve as data storage

• Connecting with a remote service to back up or sync the device'south data

Fifty-fifty plugging a device into a charging station exposes it to another system.

Many of these systems – whether the workstations, mobile devices, or other services – are not nether the organization's control.

That ways (yous guessed it) you lot should assume they are a security threat and will expose the organisation'southward information to an insecure environment.

Steps you can have:

• Restrict the systems to which a mobile device can connect

• Add access controls to the organization's desktops, laptops, and servers to forbid connection with a mobile device

• At the gateway, block the domains and IPs of whatever services you practise not want accessed past a mobile device

• Instruct users to not utilize untrusted charging stations or other services

Mobile Security Threat #six. Untrusted Content

Mobile devices tin interface with the real-world in a number of ways. One of them is with QR codes.

By using a device's camera, a user tin can scan a QR code to trigger an action on the device. Ordinarily a web browser opens and navigates to the encoded URL.

QR codes are piece of cake to make and tin can point to any given URL, whether beneficial or malicious. Since they are rarely used in small businesses, y'all can take steps to limit or prohibit their use:

• Require the QR codes' content (i.e. the URL) to be displayed before executing

• At the gateway, validate URLs earlier allowing connections

• Restrict or prohibit the apply of the device's camera

Mobile Security Threat #7. Location Services (GPS)

Almost mobile devices include GPS, which can share the device'south location to allowed services.

This can exist a boon for security. GPS can be used to deploy location-based security policies, which tin utilize different security controls based on whether the device is in the office or another location.

If attainable to would-be attackers, GPS can besides exist a powerful tool, indicating the location of the device and the beliefs of its owner – such equally the people and systems the person can physically access.

Steps you can take:

• Disable location services

• Limit the use of location services to a gear up list of apps, or restrict specific apps such equally those used for social networking or photo publishing

• Prohibit the use of location services for particular apps

• Train users to disable GPS when in sensitive locations

Related Resources

Mobile Malware: four Biggest Myths and How to Stay Safe

NIST Special Publication 800-124: Guidelines for Managing the Security of Mobile Devices in the Enterprise:

Damage Control: 10 Ways to Cut Toll of Data Breach

New Types of Malware May Be Hiding in Your Network

sargentvoure1946.blogspot.com

Source: https://www.calyptix.com/technical-insights/mobile-security-threats-to-your-network-top-7-and-tips/

Share this post