News/Press
Company
Security Solutions
Security Services
Trainings
   
overview
Applications Security
Intrusion Prevention
Mobile / Wireless Security
Internal Security
Network Security
Vulnerabilty and Risk Management
bottom

cirosec – Mobile/Wireless Security

Mobile employees and their mobile devices present a wide variety of direct and indirect security problems. On the one hand, these problems can be caused by mobility in itself, i.e. the changing place of work – at the office, at home, at the airport, etc., and on the other hand the cause can be the many communications options offered by modern mobile devices.

Devices which are connected to the company network and to a non-secure network at the same time have always been a problem. For example, a field sales employee's notebook may be connected with the company via the Internet using VPN encryption, yet at the same time be vulnerable to attack in the Internet – this is only one variant which is already known, and to which people have become sensitized.

The situation is much the same if a state-of-the-art notebook is connected to the company network, and the user inadvertently activates the WLAN function by means of the keyboard shortcut. A hacker can use programs freely available on the Internet to imitate the known, "secure" WLAN access points. A notebook in the company network can automatically connect itself to this fake access point, thus becoming a gateway between the attacker's wireless signals and the normal cable-based company network. The classic countermeasures such as VPN encryption in the WLAN and strong authentication are useless for these problems, since they do not involve attacks on an officially structured WLAN, but rather attacks via unintended features in notebooks.

Other sources of risks are PDAs and smart phones. The software collections often found there contain not only appointment calendars and address lists, but generally also dictionaries, navigation systems and games which have been downloaded at home from the Internet without virus protection and then installed on the PDAs. These programs then come into direct or indirect contact with the company network the next time synchronization is carried out at the office.

Even the positive characteristics of mobile communication devices can end up hurting their owners: PDAs and smart phones have to be as handy as possible, i.e. not too big and above all lightweight. This characteristic means, however, that they are very frequently lost, or stolen without the owner noticing. Confidential data can thus get into the wrong hands quickly.

We would be happy to meet with you personally to present various possible solutions for securing notebooks, PDAs and PCs, which might even include "air surveillance".
image