Ten Top Tips For Mobile Security
The biggest danger to your network may be from unprotected mobile users. Here are ten on-the-road security scenarios, and how to keep users safe.
June 22, 2005
I never, ever leave my credit card out where people can easily take it. So why would I leave my data unprotected?
Unfortunately, many people do just that every time they use their mobile devices. The rapidly growing base of mobile users is drawing the attention of hackers, who use a variety of schemes to get at your data and personal information.
We all need to wise up and take measures to safeguard our mobile data. Let's take a look at how to be secure in some common situations that you'll likely encounter when you're on the road.
1. In a hotel room that offers both a Wi-Fi and an Ethernet connection, which should I choose?
Because Ethernet is a wired connection, it's natively more secure than Wi-Fi. Data goes from your laptop via an Ethernet cable to a hub located in the hotel room and then on to the Internet service provider (ISP) via a cable. A hacker needs to attach directly to the Ethernet system to have any possibility of compromising your data, which means that he or she must have physical access to the facility. A hacker equipped with an Ethernet sniffer could connect to the system from another hotel room and monitor your data traffic, depending on the configuration of the system.With Wi-Fi connections, data typically is sent unencrypted through the air between the mobile device and an access point near your room, making it very easy for hackers to sniff the data passively from as far away as the parking lot. That's not good, unless you implement proper security safeguards (refer to question #2 for more details). If you pay close attention to securing your network connection, then Wi-Fi is very secure.
By the way, you'll almost always find that Ethernet provides faster performance, mainly because most public Wi-Fi networks have lousy signal coverage. Low signal levels cause data rates and corresponding data throughput to be much lower than Ethernet. Wireless, however, allows mobility throughout the hotel room and other parts of the hotel.
For me, it's worth implementing additional security mechanisms in order to make use of Wi-Fi when staying at a hotel. I like the ability to relax from anywhere in the room and still access e-mail and the Web. In addition, Wi-Fi is generally available in other parts of the hotel, such as in the restaurant, bar, lobby, and convention area. You can pay for one day's service (or get it free at some hotels) and continue using Internet-based applications wirelessly after checking out of the room and, for example, attending a meeting in the convention center. Thus, Wi-Fi usually offers more value than Ethernet.
Of course, most hotels offer either Ethernet or Wi-Fi, not both, so you may not have a choice. Still, you could find out what a hotel offers before scheduling your trip and book according to your preferred connection type.
2. If I choose a Wi-Fi connection from a public facility, how do I ensure that the data is secure?
This is where you need to put on your tech hat to properly secure mobile data. Be very careful, because data sent over public Wi-Fi networks is usually totally insecure unless you take proactive security measures. Public networks do not provide encryption between your mobile device and nearby access points, so it's up to you to implement a form of end-to-end encryption between your laptop and the server that you're communicating with.Ensure that your e-mail login and e-mail transfer use SSL (Secure Sockets Layer) encryption. If not, hackers can read your e-mails as they're flying through the air. To do this, ask for help, either from your organization's help desk or from your software vendor.
Only use secure (SSL) Web sites when placing credit card orders over the Internet. Most sites offer SSL, but not all of them. Without a secure site, you're broadcasting credit card numbers to potential hackers in the area. You'll know you are using a secure site if a little icon that looks like a lock appears on the status bar of your Web browser.
When accessing corporate servers and applications, use VPN (virtual private network) client software on your mobile device. (Most larger companies require the use of VPNs when employees use Wi-Fi and Ethernet public networks.) The VPN client communicates with the corporate server and encrypts everything on an end-to-end basis. Thus, hackers sniffing the air for your data packets won't be able to read anything intelligible.
Maybe you don't work for a company that has VPN services? If this is true, then consider a for-hire VPN service. This is a good way to get on board with wireless security if your company isn't quite there yet.
3. If I decide to go with an Ethernet connection from a public facility, how do I ensure that the data is secure?
The answer to this question is essentially the same as securing Wi-Fi connections (see question #2), although it's not as critical because your data passes through a cable and not as easy to access by hackers. Regardless, be certain to use secure Web sites when shopping or entering personal information online, use secure e-mail, and employ VPN software when using corporate applications.
4. If I take my work laptop home and connect it to my home network, how do I ensure that my data is secure?Treat your home network (whether Ethernet or Wi-Fi) as you would a public network (see question #2). Don't trust your ISP.
With a Wi-Fi home network, you should also implement the optional encryption between your mobile device and the router or access point. If possible, enable WPA (Wi-Fi Protected Access), which automatically assigns and periodically updates encryption keys for each mobile device. WEP (Wired Equivalent Privacy) is not as secure as WPA, but it's better than nothing at all.
Also, assign a secret username and password to the Wi-Fi router's administration interface to keep hackers from configuring it to their advantage. You can also disable SSID (service set identifier) broadcasting on the Wi-Fi router, and manually set the SSID in the mobile device. This keeps your neighbors from finding (and using) your network.
5. How do I avoid prying eyes (and ears) on the road?
In a public place, even rock-solid data transmission security won't keep someone from simply watching over your shoulder for company-sensitive data on your screen or keystrokes as you type in usernames and passwords. I've seen so-called "security experts" beaming their data to many others in crowded public areas via their large, high-resolution laptop screens. This is more of a problem with laptops because they are easier to see, but be cognizant of others nearby even when using smaller mobile devices.
Avoid working on sensitive documents with your laptop screen in plain view of other people in public areas. You can also turn down the screen intensity, which makes it more difficult for others to see your screen. The batteries will also last longer.When talking over a cell phone or voice-over-Wi-Fi connection, keep your voice down. I'm not sure why, but many people talk very loudly over cell phones, so that anyone within fifty feet can hear clearly. If possible, send sensitive data through e-mail messages rather than discuss it over the phone, assuming your e-mail is secure. I find that e-mail is more efficient and less expensive for most situations anyway, especially when using smartphones.
6. How can I be sure my smartphone or PDA is secure?
Wireless carriers offer fairly good encryption and authentication, but it's important for you to understand where the service provider stores your data, such as e-mails, contacts, and photos. With enterprise Blackberry systems, your corporate e-mail server stores the data, making it as safe as your IT department is capable.
With personal service plans, however, your e-mail and contacts are probably on a central server within the service provider's facility. You can't depend on the service provider to protect your server-based data. In this case, you can take advantage of your account's auto-aging setting, which deletes your e-mail messages after a specific amount of time.
Change passwords periodically, and make them different than other accounts. I know that this is tough, but a smart hacker might observe you entering a username and password for a non-sensitive account, such as a club bulletin board, and then try that username and password on your bank account.
7. How do I protect myself from the loss or theft of my mobile device?
The key here is prevention. Treat your mobile device like a wallet or purse, always in sight and preferably within physical contact.To minimize problems if the device ends up in the wrong hands, implement a password-protected screen lock. Don't store sensitive information, such as usernames, passwords, social security numbers, bank account numbers, or credit card numbers on the device. With corporate systems, activate administrative device wiping so that an administrator can remotely destroy data and applications on the mobile device. Also, be sure to keep data backed up on a PC or server in case your mobile device is gone forever.
8. How do I ensure that my mobile device is secure when the wireless connection is not in use?
Not many people think about this, but your mobile device is vulnerable to attack even when you're not using any wireless connections. This is especially a problem with Wi-Fi and Bluetooth. For example, an active Wi-Fi card in your laptop may connect with a nearby public access point. A hacker connecting to the same access point becomes a node on the same network as yours. As a result, the hacker can take advantage of the network to find the data on your laptop. (This is, of course, what networks are meant to do.)
The best way to avoid this problem is to disable your Wi-Fi card, which shuts off the transceiver and makes it impossible for a hacker to get in. You can do this in Windows XP by right-clicking the wireless network icon in the system tray and choosing Disable from the pop-up menu. With the transceiver off, not only will your mobile device be safer, it will consume less battery power.
If it's not practical to disable the Wi-Fi card (because you might want to use it periodically), then be certain that the folders on your mobile device are not shared. In Windows XP, right-click the folder you want to secure and select Properties, then click on the Sharing tab and deactivate sharing.
You can also use a personal firewall, such as Norton Personal Firewall or ZoneAlarm, to block hackers from accessing your device.
9. How can I protect my smartphone from viruses?Most of you probably already use antivirus software on your laptop. If you don't, then do so immediately and keep the virus files up to date at least daily.
I'd be willing to bet that many of you don't have antivirus protection on your mobile phone or PDA, however. There are viruses attacking these devices, so don't wait. Install antivirus software such as F-Secure Mobile Anti-Virus or Trend Micro Mobile Security now.
Also, disable the installation of unsigned applications, which are the primary sources of viruses on mobile devices. And if you receive an e-mail from a company or person that you're not familiar with, don't open it. Instead, delete it.
10. When sitting on a plane working on my laptop, what should I do when getting up to use the bathroom?
Okay, most of you probably don't think about security in this situation -- you're more concerned with timing your dash to the bathroom when carts are out of the way and the seatbelt light is off. But what's the optimum security approach for a laptop when you're finally able to get out of your seat?
Should you shut off the laptop? This isn't a bad idea, but it takes considerable battery power and time to shut down the laptop and boot it up again. A feasible alternative is to implement a password-protected screen-lock, then simply shut the laptop lid and go. Just don't let the person sitting next to you see the password when you type it in!What about theft? Should I lock my laptop to the seat? This probably isn't necessary because everyone on a plane, assuming that it's in-flight, is a captive audience. You'll likely find the culprit who stole it. Theoretically, a thief could steal your laptop and dive out of the plane with a parachute, but I wouldn't lose much sleep over that possibility.
The most important thing to remember in any of these situations is never to let your guard down. Your data is valuable, so don't give hackers any chances to steal it.
Jim Geier is the principal of Wireless-Nets, Ltd., a consulting firm focusing on the implementation of wireless mobile solutions and training.
Read more about:
2005You May Also Like