Current Security Issues Posed By Mobile Devices - IJERT
International Journal of Engineering Research & Technology (IJERT)Current Security Issues posed by Mobile DevicesISSN: 2278-0181Vol. 2 Issue 1, January- 2013Syed Abdul Wahab AsifAssociate Professor,Nizam Institute of Engineering and Technology.Dr.D.VasumathiAssociate Professor,JNTU College of Engineering and Technology.JNTUH,Kukatpally.Zeeshan Fatima ArmeenAssistant Professor,Nizam Institute of Engineering and Technology.Shaik Abdul RasheedAssistant Professor,Nizam Institute of Engineering and Technology.Current Security Issues posed by Mobile Devicesgreater flexibility and convenience offeredby mobile devices, including those that arenot owned or directly controlled by theenterprise.IIJJEERRTTAbstractThe majority of mobile and remote userdevices, including home PCs, notebooks,PDAs and smartphones, are not adequatelyprotected. The growing business use aldevicefunctionality and storage capabilities, aremaking mobile security an increasinglyserious problem for enterprises. The greaterthe functionality of the device, and the lowerthe level of influence that the ITorganization has over the device and itsuser, the greater the risk. User-owned IT isa reality, even in the most-conservative andrisk-averse organizations, but its risks canbe contained — if they are understood.Enterprises' greatest concern about mobiledevices is the potential for data leakagecaused by an unauthorized person gainingaccess to sensitive information. Loss ofaccess to information — whether temporaryor permanent — represents a greater risk.The good news is that a growing variety oftechnical controls are available to safelyaccommodate the urgent demand for theKeywords: Mobile Security Issues in aCorporate Environment, The PerfectProtection Strategy, Protecting Yourselfagainst Attacks1. INTRODUCTIONAs you might expect, mobile data usersmove faster than the rest of the businessworld. They adopt new tools quickly. Theyadapt to new policies and protocols readily.They overcome obstacles with pragmatismand speed. Keeping up with the mobileworkforce has kept network administratorson their toes. But looking ahead, ITdepartments are looking far beyond theirrole as fleet managers for a fringe group.They must now address the growing numberof mobile users at all levels of theirorganization and look to provide more thansimply access. They must now reach thiswww.ijert.org1
International Journal of Engineering Research & Technology (IJERT)ISSN: 2278-0181Vol. 2 Issue 1, January- 2013mobile workforce through specializedservices and custom-developed applications.At the heart of all mobile activity is theparamount importance of security. As userstake on multiple devices (tablets, smartphones, etc.), connect to an increasing menuof wireless peripherals (storage drives,printers, etc.) and flirt with an explosion ofexciting new applications, the need to secureevery endpoint has forced IT directors toreassess their entire mobile strategy andarchitecture.To help you plan for the coming year, GoodTechnology has identified six trends thatwill drive mobile security issues.1.1 Data SecurityMobile devices are aimed at workers andconsumers not working from a wired outlet.The mobile device category is expanding byleaps and bounds, and includes everythingfrom cell phones, feature phones and smartphones to laptops, mobile Internet devices(MIDs), tablet computers and ultra-mobilePCs (UMPCs). Mobile devices arebenefiting from the growth of 3G networksand will become even more ubiquitous as4G grows. There is more diversity in thetypes of devices and operating systems thanin the desktop world.1.4 Network SecurityNetwork security is a broad term thatencompasses the protection, integrity andcontinuity of network-based assets, whichinclude hardware, software and data, alongwith related network services. Key elementsof network security include strong userpolicies, network-access controls, andintrusion-prevention systems, which fend offmalicious attacks through the Internet ordetermine access to shared networksoftware. Wireless networks require an evenmore intricate security matrix.IIJJEERRTTData security is keeping all the informationthe enterprise controls safe, includingeverything stored on cell phones, laptopsand other devices in the field. Sound hard?Well, it is - and getting harder. The bestapproach is defense in depth, which relies onmany approaches at many levels. While thedetails are complex, defense in depth relieson the common-sense assumption thatmalware or intruders that elude one levelwill be caught by another.1.3 Mobile Devices1.5 Security Policy1.2 Mobile Device SecurityMobiledeviceshavetheirowncharacteristics and unique security issues.Security threats that go hand in hand withmobility include data exposure through theWLAN, exposure of your network throughunsecured public-access points, lost orstolen devices, mobile viruses and othermalware.Mobile-devicemanagementsoftware offers an umbrella solution, butstrong user policies and basics, such as dataencryption, remain key elements in asuccessful mobile security plan.An organization's security policy is its basicplan to protect data, devices and its network.The key is to determine what data anddevices are the most sensitive and workbackward to data and devices that are lesscritical. Among many other elements,security policies cover access rights ofemployees and outsiders, how to handlemobile workers, procedures for quicklyterminating access rights of people who arefired or quit and security maintenanceprocedures such as updates and patches.2www.ijert.org2
International Journal of Engineering Research & Technology (IJERT)ISSN: 2278-0181Vol. 2 Issue 1, January- 2013nagging sense of lack of control for a devicethat is so personal.1.6 Strategic PlanningSimply put, strategic planning determineswhere an organization is going over the nextyear or period of time, how it's going to getthere, and how it will know if or when itgets there. Often even more important thanthe actual plan produced, the process helpsthe organization clarify its plans and ensurethat key leaders are all on the same page.Beyond merely defining the organization'spurpose and goals, such planning alsoincludes ways to measure whether and howthose goals are achieved.2. Top Five Privacy Issues Facing MobileIn 2013One specific areas of focus is likely to bereaching children via mobile devices, withthe Federal Trade Commission expected toaddress how children use mobile apps andsmartphones. New rules or guidelines couldsignificantly impact mobile marketing.Location-based services and apps will alsobe an important part of the discussionsurrounding mobile and privacy in 2013 asthe need for geo-based information toprovide certain mobile services clashes withconsumer desire for privacy.IIJJEERRTTGiven the personal nature of mobile as wellas its ability to collect data about users, 2013will be a perilous time as the industry facesgrowing scrutiny around mobile privacyfrom regulators.“People already feel this way about theirPCs but they tolerate it. It seems less likelythat people will tolerate a device that is intheir pocket as being anything less thansomething they are in control of.”The mobile industry could see greaterenforcement around mobile privacy this yearon a couple of different fronts, includinglocation-based data and privacy policies forchildren. In an interview with MobileMarketer, director of The Future of PrivacyForum Jules Polonetsky talks about whyprivacy is such an important issue in 2013.“The reason I think privacy is going to becritical to mobile is that we are seeing suchrobust use of data,” Mr. Polonetsky said.“We are starting to see companies emergingthat are appending third-party data, trackingusers across many apps and integratingsmarter uses of location.“Making sure that users feel mobile devicesare becoming more useful to them and arenot tracking them is important,” he said.“We cannot afford for consumers to have aBelow, Mr. Polonetksy addresses what willbe the top five privacy issues facing themobile industry in 2013.What areprivacy?thechallengesinmobileFolks are struggling to figure out whatidentifiers should be used because there areno ubiquitous cookies in mobile as there arefor desktop. This has helped create aninfrastructure for desktop that providescontrols for users.In mobile, people have cobbled togetherwhat they can but the opt-out framework isnot there. People are looking for digitalfingerprints, something that allows trackingand gives users a choice.It is important to address this issue becausethe data is there, people are buildingwww.ijert.org3
International Journal of Engineering Research & Technology (IJERT)ISSN: 2278-0181Vol. 2 Issue 1, January- 2013databases. But, to opt out today in mobilecan be challenging.age of 13, you are going to have to getpermission.In some cases, you have to copy the 40character unique identifier code for a phoneand submit it.The FTC has said it does not think mobile isany different from the Web when it comes toprivacy policies. They do not care what kindof device is used, they are complainingabout Web site privacy policies and thatcovers any place, including mobile.What is the mood in Washington towardsmobile and privacy?On the Hill, everyone is sitting on the edgeof their seats because we expect the releaseof two major privacy documents in theupcoming weeks and months. This could bethe first time any White House has gone onrecord supporting a comprehensive privacylaw.What do marketers need to know aboutlocation and privacy?Location services are one of the big trends inmobile this year but, are these services likelyto run afoul of regulators? How is locationbeing shared is that something that needs tobe resolved.IIJJEERRTTPreviously, the White House supported selfregulation for everything other thanhealthcare and financial services The WhiteHouse is expected to endorse a privacyframework that would see stakeholders inspecific sectors coming up with selfregulation.We are already seeing some companies thattrack mobile and Web usage dropping kid’ssites because suddenly it is too risky.If the Federal Trade Commission thinks therules determined by a sector are adequate, itwould endorse them and have the authorityto enforce them as if they were law.How might any changes to COPPA affectmobile companies?The FTC has proposed an update toChildren’s Online Privacy Protection Act.Folks were worried that they would raise theage but they are keeping the age at 13. TheFTC is proposing changes around trackingon a children’s Web site that deems theinformation personal, so children wouldneed a parent’s permission.If you are going to collect personalinformation from those who are under theIf I am an app developer and I don’t needlocation for my service, should I be askingfor location? If I am asking just for the ads,should I be making that clear to users?If I do have geographic integration, can Igive the information to my ad network andlet them use it and sell it?There is not yet a good set of rules for whatyou can do with location to makeadvertising more effective and this is wherecompanies are going to invite controversy.Companies should not sell and trade awaythis information so that other services canbuild a profile of where a user has been overtime. Let us make the ad smarter for the userbut let us not lose control of the user’shistory.What's the best way to do mobile-friendlyprivacy policies?www.ijert.org4
International Journal of Engineering Research & Technology (IJERT)ISSN: 2278-0181Vol. 2 Issue 1, January- 2013Some companies are working on theseissues. Google apps enable users to requestthat AdMob not track their behavior whilethe iPhone gives users an option to not sendtheir location to iAds.There are still some problems aroundexecuting privacy policies in mobile,however. For example, an app developerwho wants to provide a privacy policy mighthave a hard time doing so in the Apple Storebecause of the way the content is controlled.There is a whole range of issues aroundgiving notice adequately, having a privacyfriendly way to tailor ads and good practicesaround location that the Direct MarketingAssociation and the Mobile MarketingAssociation are working on.3.1 The Dynamic Smartphone MarketAnyone looking closely at the smartphonemarket will notice that there is currently nooperating system which predominates, to theextent that Windows does for computers.Instead, as Canalys’ latest market analysisshows, several providers are well-positionedand are helping themselves to respectablepieces of the smartphone pie. Thanks to awide range of devices which span the pricespectrum, the Android platform has profitedmost from the recent market growth. With33.3 million Android smartphones, Googlehas secured itself a market share of 32.9percent, making it the market leader. Secondplace is, however, not occupied by Appleand its ubiquitous iPhone. Instead,Symbian’s market share of 30.6 percent (31million devices) puts it right behind Googleand clearly ahead of Apple. Only then doesthe iPhone operating system iOS enter thefield, with 16.2 million devices and a marketshare of “just” 16 percent.Next come the BlackBerry devices sopopular with business users, with a marketshare of 14.4 percent. Bringing up the rear isMicrosoft with its current Windowsoperating systems and a total market shareof 3.1 percent. The smartphone market alsopresents a challenge for analysts, asIIJJEERRTTIn a recent survey, we found that free appswere twice as responsible as paid apps interms of having privacy policies. Free apps,because they are ad supported, are morelikely to be explaining this to users with aprivacy policy.devices are becoming increasingly popularfor both business and private use.As a result, companies which don’tnecessarily require their staff to usesmartphones are becoming obliged by theiremployees’ usage and personal experienceof these practical devices to implement themfor business purposes.In many companies, employees are alsogiven their choice of end device as anincentive. The European InformationTechnology Organisation (EITO) predictsglobal sales of 1.4 billion mobile phones for2011.Overall, there is still a low rate of mobileapp developers that have privacy policies.If you do have a privacy policy, make sure itis easily findable.3. Mobile Security Issues in a CorporateEnvironmentThe smartphone market is accelerating at arapid rate. According to current estimates bythe industry association BITKOM [1], theglobal IT and communications market willgrow by 4.8 percent this year. Mobilecommunication devices – and smartphonesin particular – are leading this charge, withexperts predicting a huge 11.5 percentincrease in their sales. Sales of smartphoneshave even overtaken those of PCs, and thewww.ijert.org5
International Journal of Engineering Research & Technology (IJERT)ISSN: 2278-0181Vol. 2 Issue 1, January- 2013RIM(BlackBerry),14.40%iOS,16.00%Windows MobileSymbianWindowsMobile,3.10%3.2 Smartphone Protection Is MandatoryWhy, though, should companies incorporatesmartphones into their security strategies?The simple answer is that smartphones havemany uses, making it important to protectthese mobile platforms.In companies, smartphones are mostcommonly used to access communicationsnetworks – primarily phone and emailsystems, but also (and increasingly) othermessaging systems, including schedulingmanagement systems. They are also used togain comprehensive access to contactdatabases.In such cases, the confidentiality of sensitivecompany data must be ensured. Third partiesshould not be permitted access to businessemails, nor – of course – should they be ableto access customer or vendor information.IIJJEERRTTpredicting it is extremely difficult. Just ayear ago, iOS’s market share (16.3 percent)was similarly high.Last year, BlackBerry devices still retained afifth of the market, while Android, thecurrent leader, was bobbing around at theback with 8.7 percent. This put it just infront of Windows Mobile which, at the time,had 7.2 percent. A year ago, Symbian wasstill the market leader – and by a very largemargin, with 44.4 percent of the marketshare.As a current survey carried out by ForbesInsights shows, however, the smartphoneshare of the business market is now quitedifferent. 87 percent of management in UScompanies use laptops, and 82 percent alsoown smartphones. 28 percent are “dualdevice owners” who, in addition to aBlackBerry – the classic corporate mailmachine – also own an Android-basedmobile device or an iPhone. The smartphoneis the communication device of choice formore than half of those surveyed.Android,3.29%Symbian,30.60%AndroidiOSThe next step involves accessing corporatenetworks. Employees usually use a VPNconnection to dial into the corporatenetwork, from where they can access filesand business applications like ERP systems(Enterprise Resource Planning).It is important that companies must takeaction here to prevent unauthorized usersfromaccessinginternalcompanyinformation, siphoning off data, ormanipulating existing applications.For years, it has been common practice forcompanies to have protective strategies inplace to cover their servers, workstationsand other IT components. Protectingsmartphones used for business purposes is,unfortunately, not yet a fixed component ofcorporate security policies. Given thevarious smartphone uses listed above,protecting your company’s smartphoneswould be a wise move.Fig 1: Survey of Smart Phoneswww.ijert.org6
International Journal of Engineering Research & Technology (IJERT)ISSN: 2278-0181Vol. 2 Issue 1, January- 2013Loss dueto.Unauthorizedaccess by.MalwareTheftStressCo-workersThird partiesFamilymembersVirusesText ig 3: Three basic scenarios of protecting smartphone3.4 Protecting Yourself against Loss andTheftFig 2: Smart phone Security3.3 The Perfect Protection StrategyIIJJEERRTTThere are three basic scenarios againstwhich smartphones should be protected. Themost common is Case1: loss or theft.According to BITKOM studies, 10 millionGermans have already lost a mobile phone[4] and in a recently conducted surveyduring January 2011 across 4 Europeancountries, targeting mobile users from theage of 14 and upwards, 20% said theirmobile devices had either been stolen orlost. Case 2 is similar to Case 1: someoneelse gains complete access to your mobiledevice for a short time. Let’s take a popularexample: an employee leaves hissmartphone lying on his desk during thelunch break, and a co-worker or third partypicks it up. Here, too, the risk of misuse ofcorporate information through unauthorisedaccess is a real one. Case 3 combines all theother threat scenarios – including malwarespecifically designed for mobile devices,SMS attacks, and targeted data theft viaspecially-designed emails or websites. Whatmakes this case different, however, is thatthe attackers do not have physical access tothe device.If your smartphone is lost or stolen, a thirdparty gains physical access to your device. Ifthe finder is dishonest, he or she now has allthe time in the world to access theinformation stored on the smartphone. Notonly is the data stored on the mobile deviceitself valuable, but login information forcorporate networks or communicationsservices is also of interest. If VPN or mailserver passwords are stored in your phone,the thief only has to touch the appropriateapplication to gain access. Protectivesoftware like Kaspersky Endpoint Security 8for Smartphone contains special anti-theftfunctions to prevent third parties fromaccessing information on missing devices.Lost smartphones can even be blockedremotely using special managementsoftware. Devices with GPS receivers – afeature which is already built into mostbusiness smartphones – can also be located.Alternatively, you could take more drasticmeasures and use a delete command torestore the device completely to its factorysettings.While the lost device itself must still bereplaced, doing so does not pose a problemfor most companies, and resetting it preventssensitive corporate data from falling into thewrong hands.www.ijert.org7
International Journal of Engineering Research & Technology (IJERT)ISSN: 2278-0181Vol. 2 Issue 1, January- 20133.5 Protecting Yourself against AttacksThe perfect protective software for mobiledevices: Access blocksEncryptionPrivacy protection“Over-the-air“ managementSupport for rulesMulti-platform supportAccess blocksThe problem of mobile malware is onewhich is often dismissed. After all, thenumbers cannot possibly compare to thecurrent Windows situation. While malwarefor diverse mobile platforms do exist – suchas Trojans which send texts to premiumservices in order to run up huge bills for thephone owners, for example – there haveonly been a few major virus outbreaks todate. Caution is, however, advised, as theincreasing popularity of smartphones andtablets is making them interesting targets formalware authors. It is also worth noting thatnot all virus attacks are necessarily aimed atcausing media sensations. Security expertshave been observing the malware scene’sincreasing professionalization for years now.Quality comes before quantity, and ifsomeone is interested in the data on yourfield sales team’s smartphones, a targetedattack is a genuine risk. Our advice is to takeprecautions using mobile virus protection.Kaspersky Endpoint Security 8 forSmartphone protects mobile devices in realtime and performs scheduled malwarechecks of entire devices. This can preventdata thieves gaining a head start, thusnipping major threats in the bud. In additionto a mobile protection solution, an anti-spammodule is also important. Its functionalityshould not be limited to emails – instead, itshould also filter unsolicited texts and calls.IIJJEERRTTA professional thief will quickly takemeasures to avoid being detected. One of hisor her first acts, therefore, will be to removethe SIM card. Here, too, however,KasperskyEndpointSecurityforSmartphones has a solution: the SIM Watchfunction enables management software tokeep track of the device, even if the SIMcard is removed. Even the new mobilenumber is automatically texted to thephone’s rightful owner.But what if the smartphone can’t be lockeddown in time? In such cases, encryptioncomes in handy. This tried and testedmethod has proven effective in protectingdata on laptops for years. Files, folders andstorage media can be irrecoverablyencrypted using Kaspersky EndpointSecurity, insuring that only those with thecorrect password can access the managementSupport forrulesMulti-platformsupport3.6 Additional Security MeasuresWhile access blocks and encryption willhelp to conceal information, sophisticatedprotection software also has other usefultricks up its sleeve, including privacyprotection features. Kaspersky EndpointSecurity 8 for Smartphone, for example,enables users to hide individual contacts,call lists and texts.Fig 4: Six perfect protective softwares formobile deviceswww.ijert.org8
International Journal of Engineering Research & Technology (IJERT)ISSN: 2278-0181Vol. 2 Issue 1, January- 20133.7 Simple smartphone securitySmartphones can do a great many things,and the threats affecting them are diverse.Luckily, protecting these mobile allrounders is very easy to do. When s, companies should take intoaccount the following points. Ensure Robust Data ProtectionGet Multi-Platform SupportDeploy With EaseManage EffectivelySystem RequirementsSupported Management Platforms: Kaspersky Administration Kit 8.0 (version8.0.2121 or higher) Microsoft System Center Mobile DeviceManager 2008 SP1 Sybase Afaria 6.5Supported Operating Systems: Symbian S60 9.1-9.4 (only Nokia) Windows Mobile 5.0-6.5 BlackBerry 4.5-5.0 Android 1.5-2.38t2eReferencesIIJJEERRTT3.8 Management FunctionsConfiguring one smartphone manually iseasy. Configuring five or more can be anuisance, and configuring more than ten isuneconomicalwithouta centralizedmanagement interface which allows accessto mobile devices for maintenance purposes.This is precisely what Kaspersky EndpointSecurity 8 for Smartphone provides. Asadministration can also be performedremotely, the IT team retains total control ofthe devices at all times. This enables updatesand new programs to be installed easily andin a targeted manner. When choosing amobile security suite, you should also bearin mind that, as well as being sky Endpoint Security can also beintegratedseamlesslyintoexistingmanagement environments for mobiledevices –such as Microsoft’s mobile devicemanager, for example, or Sybase Afaria.Highlights1. px?id 1330312. /eid/mobile-eid3. /3.9 Protection for All PlatformsDon’t compromise when it comes tosmartphone security. The protectivesoftware you choose must support all themobile platforms your company currentlyuses. Kaspersky Endpoint Security 8 forSmartphone currently supports BlackBerry, Windows Mobile, Android andSymbian devices4. tion-technology/informationsecurity/TCH ITS ISC/117191-159282815. http://csrc.nist.gov/groups/SNS/mobile security/mobile forensics.html6. http://www.confidenttechnologies.com/news rt.org9
Mobile-device management software offers an umbrella solution, but strong user policies and basics, such as data encryption, remain key elements in a successful mobile security plan. 1.3 Mobile Devices Mobile devices are aimed at workers and consumers not working from a wired outlet. The mobile device category is expanding by
I. Ill-posed problems 1.1 Ill-posed problems defined 6 1.2 Notation for ill-posed systems 7 1.3 Sources of ill-posed systems 7 1.3.1 Power Spectrum Density 8 1.3.2 Computed Tomography 9 1.3.3 Ventilation/Perfusion Distribution 10 1.4 Methods of solving ill-posed problems 11 1.4.1 Minimum Norm 11 1.4.2 Maximum Entropy 13
problems, in a sense their deep structure, can be formal- ized: early vision problems are ill posed in the sense defined by Hadamard (1923). A problem is well posed when its solution (a) exists, (b) is unique, and (c) depends contin- uously on the initial data. Ill-posed problems fail to satisfy one or more of these criteria.
Red Hat JBoss Security on JBoss Database Security Resource IBM DB2 9.1 or 9.5 DB2 Product Family Library Microsoft SQL Server 2005 SP2 or 2008 Search the Web for "SQL Server 2005: Security" Search the Web for "SQL Server 2008: Security" MySQL 5 MySQL 5.0 General Security Issues MySQL 5.1 General Security Issues
AVG Internet Security 9 ESET Smart Security 4 F-Secure Internet Security 2010 Kaspersky Internet Security 2011 McAfee Internet Security Microsoft Security Essentials Norman Security Suite Panda Internet Security 2011 Sunbelt VIPRE Antivirus Premium 4 Symantec Norton Internet Security 20
Evaluation, Assessment, and Testing FEATURED ARTICLE 3 How Much is Learning Measurement Worth? Daniel A. Wagner, Andrew Babson, and Katie M. Murray . Current Issues in Comparative Education. 2 Current Issues in Comparative Education CURRENT ISSUES IN COMPARATIVE EDUCATION Volume 14, Issue 1 (Fall 2011)
Unit 7: Organisational Systems Security Unit code: T/601/7312 QCF Level 3: BTEC Nationals Credit value: 10 Guided learning hours: 60 Aim and purpose The aim of this unit is to enable learners to understand potential threats to IT systems and the organisational issues related to IT security, and know how to keep systems and data secure from theseFile Size: 206KBPage Count: 8Explore furtherUnit 7: Organisational System Security : Unit 7: P1, P2 .unit7organisationalsystemsecurity.bl Unit 7: Organisational Systems Securitywiki.computing.hct.ac.ukLevel 3 BTEC Unit 7 - Organisational Systems Security .wiki.computing.hct.ac.ukUnit 7: Organisational Systems Security Cybersecurity .jadeltawil.wordpress.comUnit 7: Organisational System Security : Unit 7: P6, M3 & D2unit7organisationalsystemsecurity.bl Recommended to you b
Created by the Security Area Working Group within the IETF Provides a good functional discussion of important security issues along with development and implementation details Covers security policies, security technical architecture, security services, and security incident handling Also includes discussion of the importance of .
Slack’s security team, led by our Chief Security Officer (CSO), is responsible for the implementation and management of our security program. The CSO is supported by the members of Slack’s Security Team, who focus on Security Architecture, Product Security, Security Engineering and Opera
