Your SlideShare is downloading. ×
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1

1,014
views

Published on

Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1

Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1

Published in: Education

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,014
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Applied Networking-IV (2231114) Lecture Week-5 Mobile Security-1 Lecture by: Djadja.Sardjana, S.T., M.M. Djadja.Sardjana, www.slideshare.net/djadja Djadja.sardjana@widyatama.ac.id 18-Mar-10 18-Mar- Widyatama University-Informatics University- 1
  • 2. Mobile Security-1 Security- Mobile Security 18-Mar-10 18-Mar- Widyatama University-Informatics University- 2
  • 3. The New Age of Risk Ubiquitous internet protocol-based protocol- technology (Almost) everything connects to the ‘Net Many vulnerabilities awaiting exploitation Mobility of people / information / devices Cyber crime: real and increasing Terrorist threat: physical now….blended later? 18-Mar-10 18-Mar- Widyatama University-Informatics University- 3
  • 4. Hostile World 9-11, 3-11, 7-7 and other major terror attacks 3- 7- Wars and insurgencies SARS / Bird flu - global impact of disease SE Asia tsunami disaster Katrina hurricane disaster in USA Tomorrow’s headlines…? 18-Mar-10 18-Mar- Widyatama University-Informatics University- 4
  • 5. Convergence Of Legal, IT, And Business Laws/Regulations Technologies Stakeholders EU Data Web / Internet Customers Protect Databases Competitors GLB/HIPAA/Patriot Sarbanes-Oxley Collaboration Governments U.S. Identity Theft Law(s)? Wireless Suppliers/ Partners Mobile Devices Employees Pressure mounting on organizations to prove compliance with an increasing array of laws and regulations. This makes information security much more challenging. 18-Mar-10 18-Mar- Widyatama University-Informatics University- 5
  • 6. Dissolution of Perimeter Hostile Internet Environment Joint Ventures Contract Manufacture “Organization Community” Contract Design Parts Un-trusted Un- Intranet “Point defenses” Customers Services s Transportation 18-Mar-10 18-Mar- Widyatama University-Informatics University- 6
  • 7. Current State of Network Security Home/Remote Users Business Systems Manufacturing Research/Development Intranet Labs Legacy Systems HR Systems Communication/ Messaging Systems Users Finance/SOx Eroding Firewall Perimeter Eroding Firewall Perimeter Strategic Partners Suppliers Vendors Etc… Hackers Hackers Mobile/Wireless 18-Mar-10 18-Mar- Widyatama University-Informatics University- 7
  • 8. Mobile Viruses on the rise 2004 2005 06-15-04: Cabir A 06-16-04: Cabir B 01-10-2005: Lasco A 01-10- 07-10-2004: WinCE/Dust 02-01-2005: Locknut.A 02-01- 08-06-2004: Brador 03-07-2005: Commwarrior 03-07- 11-19-04: Skulls A 03-04-2005: Dampig.A 03-04- 11-29-04: Skull B 12-09-04: Cabir C 03-18-2005: Drever 03-18- 12-09-04: Cabir D 04-04-2005: Mabir.A 04-04- 12-09-04: Cabir E 12-21-04: Cabir F 12-21-04: Cabir G 12-21-04: Skulls C 12-21-04: MGDropper 12-26-04: Cabir H 12-26-04: Cabir I 18-Mar-10 18-Mar- Widyatama University-Informatics University- 8
  • 9. Wireless Enabled & Mobile Attacks Blue- Blue-jacking, bugging, snarfing, sniping Wardriving Malicious Mobile Code (Virus, Worms, Trojans) RFID Sniffing Denial of Service Web Application Spyware Social Engineering 18-Mar-10 18-Mar- Widyatama University-Informatics University- 9
  • 10. Securing the Mobile Workforce As the person responsible for an organization you only have “control” in this space But mobile employees move throughout the entire set of possibilities 18-Mar-10 18-Mar- Widyatama University-Informatics University- 10
  • 11. Effective Security is Complex PKI Manager Centralized Security Token Card Other Security Many parts & pieces Manager Entity Manager Policy Manager Complex components Certificate Authority Digital Signature OS Security Management Single Sign-on Too few qualified personnel Tools Interface Interface Tools ~.005% of employees Network Security Event Lack of standards Virus Interception Security Policy Cyberwall/Firewall Report Host-based & Correction Distributor Rule Base Writer(s) Protection programs “custom Encryption Application-based built” VPN Session or Connection Application Proxy Facilities for Tunnel Manager Manager and Logging Implementations Network Connections Authentication Failure of weakest link (s) Cryptography VPN IPSec and VPN Security Traffic Application Intrusion Connection Event Analyzer Logging Facility Logging Anti-Virus Manager Intrusion Detection Security Event Security Integrity Intrusion Intrusion Logging Manager Prevention Auditing Detection Security Management Stateful Packet Frame Application Inspection Inspection Inspection Inspection Security Network Access Real-time Control Interception Frame Filter Engine and Enforcement Management Facility 18-Mar-10 18-Mar- Widyatama University-Informatics University- 11
  • 12. Security Must Make Business Sense OPTIMAL LEVEL OF SECURITY AT MINIMUM COST COST ($) SECURITY LEVEL COST OF SECURITY COUNTERMEASURES TOTAL COST 0% COST OF SECURITY 100% BREACHES 18-Mar-10 18-Mar- Widyatama University-Informatics University- 12
  • 13. Next Generation Security Zones and compartments Extensive use of cryptography Identity and access management “Opt in” for more protection Essential to enable seamless security ! 18-Mar-10 18-Mar- Widyatama University-Informatics University- 13
  • 14. Next Generation Design Internet Legacy Zone e.g. manufacturing Collaborative Systems General Purpose Systems Intranet Zone MOT ISP Seamless Mobility Secure Zone Not subject to Regulation Personal Regulated Systems Data Systems SOX Compliant Systems Availability Not Critical Systems Custom Zone Stand Alone High Sensitivity Zone Trade Secret, Race, age, ethnicity DMZ QZ Zone Zone 18-Mar-10 18-Mar- Widyatama University-Informatics University- 14
  • 15. Security is a Process Not a Product! Security is achieved by the combination of People Process Technology Protections Address: Prevention Detection Response Recovery 18-Mar-10 18-Mar- Widyatama University-Informatics University- 15
  • 16. Traditional security programs align people, processes and technology to protect enterprise networks With seamless mobility, security must now expand to encompass the extended enterprise. People Processes Policies QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. Technology RFID CHIP 18-Mar-10 18-Mar- Widyatama University-Informatics University- 16
  • 17. Securing Seamless Mobility: Wireless/Mobility Risk Management Business- Business-focused understanding and prioritization of risks, vulnerabilities and countermeasures Include technical vulnerabilities as well as other key elements of the security program Assures most effective use of limited resources 18-Mar-10 18-Mar- Widyatama University-Informatics University- 17
  • 18. Securing Seamless Mobility: Network Design Understand existing “wired” environment Build security into wireless network foundations Focus on points of connectivity, firewalls, DMZs, intrusion detection/prevention, VPNs and encryption Maximize wireless network availability, operational security and performance Secure devices in a system designed for security 18-Mar-10 18-Mar- Widyatama University-Informatics University- 18
  • 19. Approach to Information Security INTERNAL IT Ensure the Confidentiality, Integrity, and Availability of Product Security Motorola I/T Services include Assets Support PROTECTING assets, development of DETECTING hostile more secure activities, RESPONDING to Wireless Security Motorola incidents, and Services products RECOVERING to limit adverse business impacts Leverage our expertise to provide customer services 18-Mar-10 18-Mar- Widyatama University-Informatics University- 19
  • 20. Tugas Mobile Security 1. 0606022 - FIRMANSAYH APNET4 Mobile Security 2. Genta Gemilang-Mobile Security Gemilang- 3. Hillman Nurrachman-Mobile Nurrachman- Security Software 4. Mobile Security - Farhan Atsani - 0606P02 18-Mar-10 18-Mar- Widyatama University-Informatics University- 20
  • 21. Conclusion & Final Words Mobile Security Demo 18-Mar-10 18-Mar- Widyatama University-Informatics University- 21
  • 22. Conclusion Threats to organizations are real and increasing, seamless mobility requires careful security planning Security incidents involving mobile and wireless environment are increasing Securing seamless mobility requires holistic approach that address people, process and technology 18-Mar-10 18-Mar- Widyatama University-Informatics University- 22