Wireless and Mobile Device Security by Doherty Jim

Author:Doherty, Jim [Неизв.]
Language: eng
Format: epub
Publisher: Jones & Bartlett Learning LLC
Published: 2015-07-29T21:00:00+00:00

Access point coverage area, roaming, RF power, interference, and leakage should be part of any initial site survey. In addition, any future expansion projects should incorporate a further limited RF survey to ensure the correct design.

Client Security Outside the Perimeter

Securing the user’s wireless device—whether it be a laptop, smartphone, or tablet—is an important step, particularly because today’s network infrastructure has altered radically from legacy networks. Previously, a large network was designed with a hard perimeter to defend against external threats but little in the way of internal defense, allowing for easy access for insiders. The rationale was that the network’s hard exterior protected against real threats from the outside; inside, users posed a much lower risk. This concept is often referred to as an M&M design, in reference to an old ad campaign that claimed M&M candies were “crunchy” (hard) on the outside and “chewy” (soft) in the middle.

Experience has taught security professionals that this approach is problematic, and that both interior and exterior threats should be considered equal. One thing the M&M design did do well, though, was protect static devices such as PCs and servers from virus contaminations. It succeeded in protecting the inner network from contagions by having robust antivirus (AV) and intrusion protection systems that actively monitored traffic entering the network. By using deep packet inspection and recognizing attack signatures, the AV and IPS applications acted as gatekeepers that sterilized and quarantined suspect files and e-mail attachments. All traffic entering or leaving the network’s perimeter gateways went through AV, IDS/IPS, content URL filters, Web proxies, and application and Web firewalls. In this way, the traffic was kept free of viruses, worms, Trojan horses, rootkits, and all manner of nasty malware circulating the Internet. Any contagion that did make it through—typically brought into the network via external hard drive or USB thumb drive—was easily contained and removed by the client host’s AV and IPS.

The M&M perimeter security design worked well for many years because PCs and servers stayed behind the walled defenses and traffic flowed over predetermined links and entry and exit points on the network. Unfortunately, that legacy design is no longer viable. Devices are not hidden behind fortified network walls, but freely traverse the boundaries on a daily basis. In doing so, a device is exposed to threats from the outside world, like a thumb drive picking up all sorts of malware before being brought once more into the corporate network. However, a contaminated thumb drive would be scanned and cleaned as soon as it was plugged into a client network device. In contrast, a contaminated mobile phone, tablet, or other device connects to the network through its own interface. Moreover, if the device is not company owned, it might not comply with corporate security policy and may not have AV software installed, let alone an approved vendor and version.

For this reason, client security in wireless networks is an important aspect of overall network security and defense in depth (although defense in depth was developed and put into practice in many networks before mobility and Wi-Fi were major considerations).

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.