Note: Sample below may appear distorted but all corresponding word document files contain proper formattingExcerpt from Essay:
Mobile Device Security
Factors and Implementation of Mobile Device Security
Mobile devices have become ubiquitous and its usage is only going up from here. With such an extensive usage of mobile devices for personal and business use, its security becomes an important question. Most devices ado not have the security mechanism in place in the case of a theft, loss or intentional breach of the network and this makes the data present it in extremely vulnerable. This paper examines the importance of mobile security and how it can be implemented for greater protection.
Wireless technology has undergone tremendous improvements in the last few years. The capacity and performance have increased multifold and today, the amount of applications and services that can be accessed through the mobile device is staggering. Many different media can be stored and retrieved easily and more importantly, these can be uploaded and downloaded from the internet within minutes. All these functionality have led to an increased need for security because there is a high chance for the data and network to be compromised. Security has to be implemented at different levels to ensure that users have access to all the functionality and information without ever having to worry about rogue hackers and network vulnerabilities.
The Modern Mobile Devices -- Tablets and Cellphones
There has been an explosion in the usage of tablets and cellphones as users are increasingly turning to them for personal and business use. The number of users accessing these devices have been increasing worldwide, thanks to the presence of multiple wireless providers and improved networks.
There are four main kinds of wireless connectivity and they are Wireless Wide Area Network (WWAN) used by GSM and 3G phones, Wireless Metropolitan Area Network (WMAN) used by suburban households and businesses, Wireless local area network (WLAN) used within a floor to connect all workstations and computers and Wireless Personal Area Network (WPAN) used by bluetooth and infrared devices (Urbas & Krone, 2006). Each of these connectivity pose challenges in terms of security identification and implementation and service providers are constantly working on ways to enhance the security of these devices.
BYOD and security risks
Bring Your Own Device (BYOD) is a trend followed by many employees. They bring their own personal mobile phones and tablets to workplace and access company email and confidential information through it. One of the primary drawback of BYOD is the increased vulnerability and data breaches that can occur when confidential information is accessed through public networks. Most 3G and mobile phone networks are unsecured and can be hacked into easily and this is one of the biggest problems facing corporate security specialists today.
The number of wireless access spots also known as hotspots are increasing around the world to give people more connectivity. They are available in airports, hotels, coffee shops, libraries and other public places to appeal to people to come to their businesses. Unfortunately, these public networks have also increased the security vulnerabilities leading to more viruses and hackers.
This is partly due to the lack of security measures implemented in these networks. A survey shows that 60% of the public networks had little to no security and they did not use any form of encryption (Chenoweth, Minch and Tabor, 2010). So, the responsibility is on the user to protect their information and safeguard it from malicious intruders.
Security Threats against mobile devices
Wireless networks offer a high degree of convenience and flexibility to access information on the move. However, they also make the user vulnerable to malicious programs such as viruses and intrusion by other users. The primary difference between a wired and wireless device is its level of security. While a wired device such as computers can be accessed only by the intended users, wireless networks are open and can be accessed by anyone who knows the system. This makes mobile phones more vulnerable to security attacks. Some of the security threats of mobile devices include:
Since these networks are openly available to the public, there is a higher chance for someone to hack into the device and obtain confidential information. One way to avoid this kind of intrusion is to use encryption and passwords, but this means there will be greater efforts from outsiders to steal the passwords.
The bandwidth of any user can be used by others easily and this will not only result in decreased speeds for the user, but will also increase the cost due to higher bandwidth usage. This kind of threat is called leeching and is fairly common among unsecured networks.
Networks can be misused to attack companies by sending unwanted files such as pornography, viruses, trojans or other illegal content. They can also be used to generate a denial of service (DoS) attack.
Impersonating or spoofing is the process of using the authentic person's ID to obtain data and financial gain and this is one of the biggest risks on mobile security today.
Eavesdropping and monitoring the usage details is a passive attack that does not pose an immediate threat to the user. Nevertheless, it is a breach of privacy that the information collected can be used in a detrimental manner.
Most users who access the network illegally are well-versed in technology. They begin by discovering a network and its vulnerability and then use a wide range of methods to connect to it. This process is called LAN-jacking and they use the necessary tools such as jail-break codes and encryption codes to break the security and encryption of these networks (Urbas & Krone, 2006).
Due to the high-level of vulnerability of mobile device, numerous measures should be used in tandem to avoid security-related problems. One option is to enforce laws to prosecute those who access the wireless networks. Though it can be effective to some extent, its enforcement becomes difficult. Wireless networks give hackers a good measure of anonymity and it makes it tough to identify the individual, prove the charges and prosecute him or her. So, these laws can deter the novice hackers to some extent, but can be ineffective against experienced and professional hackers.
Other approaches include tackling this problem with appropriate software and avoiding threats by the use of common sense and some simple usage practices.
Many different kinds of software can be used to prevent or limit attacks on mobile devices and some of them are:
Intrusion Prevention Software - This software will examine all the data that comes through mobile phones and will warn the users if any unauthorized app is looking to access information.
Anti-virus software -- Though most people are skeptical about anti-virus software for mobile devices, it can nevertheless provide a fair measure of protection. Advanced anti-virus software is being developed and this can prove beneficial in the future.
Bluetooth - This technology uses short-range radio signals to transmit information. The advantage with this technology is that it is fast and robust. It is more secure than long-distance wireless networks because they are allotted a unique 48-bit device address and the users can communicate only in one hop range (Choi, Kim, Park, Kang & Eom, 2004). So, the chances for hackers to get into the network is slim.
Avoiding security threats
The first step towards avoiding security threat is to educate users on the security issues and the possible sources through which outsiders can access the users' information. For example, there are some ports in Windows operating system that are open and allow file and printer sharing. Outsiders can send malicious files to the computer through these ports when the device is connected to a public wireless network (Chenoweth, Minch and Tabor, 2010). Also, users should understand the threats to confidential corporate information when they use BYOD option or access work-related devices through a wireless network.
There are some simple techniques that users can implement for better protection and they are:
Identify the right device -- Some devices have better security options than others and so, its important users take some time to research these security options. This is especially important if they plan to use it for business too.
Encryption and password -- The first line of defense against a security threat is the use of passwords and encryption. This can keep the casual outsiders from accessing the information on your device. These passwords also help in the case of a lost phone because it is not easy for an outsider to break the code and get information.
Involve the IT security staff -- If a mobile device is used for work, then its important to involve the IT security staff and give them remote access to wipe off confidential data in the event of an attack or loss of the phone.
Limiting the use of unauthorized apps -- There are thousands of apps for smartphones today and some of these apps come from companies whose main intent is to hack into the device. So, its a good idea to limit the use of apps, especially those…[continue]
"Mobile Device Security Factors And Implementation Of" (2012, June 16) Retrieved December 7, 2016, from http://www.paperdue.com/essay/mobile-device-security-factors-and-implementation-80653
"Mobile Device Security Factors And Implementation Of" 16 June 2012. Web.7 December. 2016. <http://www.paperdue.com/essay/mobile-device-security-factors-and-implementation-80653>
"Mobile Device Security Factors And Implementation Of", 16 June 2012, Accessed.7 December. 2016, http://www.paperdue.com/essay/mobile-device-security-factors-and-implementation-80653
Second, the specific connection points throughout the network also need to be evaluated for their levels of existing security as well, with the WiFi network audited and tested (Loo, 2008). Third, the Virtual Private Networks (VPNS) and the selection of security protocols needs to be audited (Westcott, 2007) to evaluate the performance of IPSec vs. SSL protocols on overall network performance (Rowan, 2007). Many smaller corporations vacillate between IPSec
Mobile Computing: A Disruptive Innovation Whose Time Has Come The pervasive adoption of mobile computing devices, combined with cloud computing and the quantum gains in application software are creating a globally diverse collaborative platform. These elements taken together are deliver an exceptionally fast and pervasive level of disruptive innovation across all sociocultural and technology sectors (Bernoff, Li, 2008). The impact of this disruptive innovation is so significant that IT departments have
Security Information security is a primary concern for consumers and businesses. In "IT security fails to keep pace with the rise of cloud computing," the author claims that in spite of the advancements in cloud technology, information security has not kept pace. This assessment is rooted firmly in fact and best practices in the information security industry. Although their analysis is thorough, the authors would do well to point out the
To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not
wireless Web is truly' the next major wave of Internet computing A its potential for bringing people together and expanding commerce is even greater than that of the wired Internet." Edward Kozel, board member and former CTO of Cisco systems (AlterEgo, 2000, p. 12) The integration of the Internet into our modern culture as a driving force behind business, convenience, services and merchandise acquisition has created a new set of desires for
Organizational security strategies must be designed for agility and speed through the use of state-of-the-art systems that can quickly be reconfigured to match changing roles in an organization. Organizational security will be defined through role-based access, configurable through authenticated, clearly delineated processes that can be administered at the administrator level (Hone, Eloff, 2002). The organizational security strategy will also be designed on the empirically validated Confidential, Integrity and Availability (CIA)
They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and