This document discusses security challenges related to mobile and wireless devices. It covers the proliferation of these devices and trends in mobility. Some key security issues addressed include malware attacks on mobile networks, credit card fraud, and technical challenges like managing registry settings, authentication, cryptography, and securing APIs. The document emphasizes that properly configuring baseline security is important to address many mobile security issues.
Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
What is Cyber Security?
C
yber security, also known as computer security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators,whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of "smart" devices,including smartphones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.
Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.
Vulnerabilities and Attacks
Vulnerability is a system susceptibility or flaw, and much vulnerability are documented in the Common Vulnerabilities and Exposures (CVE) database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below.
Learn what is social engineering attack. It includes the social engineering techniques like shoulder surfing, eavesdropping, baiting, Tailgating, phishing, spear phishing and pretexting.
Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
What is Cyber Security?
C
yber security, also known as computer security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators,whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of "smart" devices,including smartphones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.
Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.
Vulnerabilities and Attacks
Vulnerability is a system susceptibility or flaw, and much vulnerability are documented in the Common Vulnerabilities and Exposures (CVE) database and vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities as they are discovered.
An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the categories below.
Learn what is social engineering attack. It includes the social engineering techniques like shoulder surfing, eavesdropping, baiting, Tailgating, phishing, spear phishing and pretexting.
This is a basic presentation about cybersecurity to share awareness about various security threats and how you can protect yourself from them. In the preview window the formatting is off, but when downloaded it can be viewed with no problems. This is for my Info Security Policy Management class at Governors State University.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
This presentation is about cybercrime. Here I trying to discuss what is cyber? What is cybercrime? Categories of cybercrime. Types of cybercrime. Hacking, Denial-of-service (DDoS), virus, Computer Vandalism, Software piracy, Ransomware, Phishing, Child Pornography and Cyber Crime in Bangladesh.
Cyber crime, or computer related crime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. ... Cyber crime may threaten a person or a nation's security and financial health.
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
Cyberterrorism is the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses.
Cyberterrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyberterrorism.
Cyberterrorism can be also defined as the intentional use of computer, networks, and public internet to cause destruction and harm for personal objectives.[1] Objectives may be political or ideological since this is a form of terrorism[citation needed].
There is much concern from government and media sources about potential damages that could be caused by cyberterrorism, and this has prompted official responses from government agencies.
This is a presentation i made about Denial of Service or a Distributed Denial of Service (DoS / DDoS) and the latest methods used to crash anything online and the future of such attacks which can disrupt the whole internet . Such attacks which are in TB's and can be launched from just single computer. And, there is not much that can be done to prevent them.
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
This is a basic presentation about cybersecurity to share awareness about various security threats and how you can protect yourself from them. In the preview window the formatting is off, but when downloaded it can be viewed with no problems. This is for my Info Security Policy Management class at Governors State University.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
This presentation is about cybercrime. Here I trying to discuss what is cyber? What is cybercrime? Categories of cybercrime. Types of cybercrime. Hacking, Denial-of-service (DDoS), virus, Computer Vandalism, Software piracy, Ransomware, Phishing, Child Pornography and Cyber Crime in Bangladesh.
Cyber crime, or computer related crime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. ... Cyber crime may threaten a person or a nation's security and financial health.
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
Cyberterrorism is the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses.
Cyberterrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyberterrorism.
Cyberterrorism can be also defined as the intentional use of computer, networks, and public internet to cause destruction and harm for personal objectives.[1] Objectives may be political or ideological since this is a form of terrorism[citation needed].
There is much concern from government and media sources about potential damages that could be caused by cyberterrorism, and this has prompted official responses from government agencies.
This is a presentation i made about Denial of Service or a Distributed Denial of Service (DoS / DDoS) and the latest methods used to crash anything online and the future of such attacks which can disrupt the whole internet . Such attacks which are in TB's and can be launched from just single computer. And, there is not much that can be done to prevent them.
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The Internet of Things (IoT) is thriving network of smart objects where one physical object can exchange information with another physical object. In today’s Internet of Things (IoT) the interest is the concealment and security of data in a network. The obtrusion into Internet of Things (IoT) exposes the extent with which the internet of things is vulnerable to attacks and how such attack can be detected to prevent extreme damage. It emphasises on threats, vulnerability, attacks and possible methods of detecting intruders to stop the system from further destruction, this paper proposes a way out of the impending security situation of Internet of things using IPV6 Low -power wireless personal Area Network.
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
12 IoT Cyber Security Threats to Avoid - CyberHive.pdfonline Marketing
As IoT (Internet of Things) devices weave into the fabric of our daily lives, from smart thermostats to connected cars, the need for robust IoT cyber security measures has never been more pressing. Let’s dive into 12 IoT cyber security threats that pose significant risks and offer guidance on navigating these digital waters safely. please visit: https://www.cyberhive.com/insights/12-iot-cyber-security-threats-to-avoid/
Cybersecurity In IoT Challenges And Effective Strategies.pdfRahimMakhani2
Explore the world of IoT cybersecurity. Expose challenges and discover effective strategies to secure your digital security. Stay secure in the dynamical landscape of cybersecurity in IoT.
Threats have never been more relevant than they are today. Nation states, adversaries, corporate and government espionage, hackers, etc. are all on the hunt for valuable information. The information they seek includes enterprise and individual details. Networks are only as secure as their weakest components. With the hyper-growth in connected devices including smart phones, tablets, wearables and Internet of Things (IoT) devices, networks are very vulnerable.
The wireless industry has baked security into our networks since the beginning, and works diligently to continually update and build on our security capabilities with every generation of wireless. Today’s 4G LTE networks have the most advanced security features to date, and 5G will further improve upon them.
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
Practical requirements for securely demonstrating identities between two handheld
devices are an important concern. The adversary can inject a Man-In- The-Middle (MITM) attack to
intrude the protocol. Protocols that employ secret keys require the devices to share private
information in advance, in which it is not feasible in the above scenario. Apart from insecurely
typing passwords into handheld devices or comparing long hexadecimal keys displayed on the
devices’ screen, many other human-verifiable protocols have been proposed in the literature to solve
the problem. Unfortunately, most of these schemes are unsalable to more users. Even when there are
only three entities attempt to agree a session key, these protocols need to be rerun for three times.
So, in the existing method a bipartite and a tripartite authentication protocol is presented using a
temporary confidential channel. Besides, further extend the system into a transitive authentication
protocol that allows multiple handheld devices to establish a conference key securely and efficiently.
But this method detects only the outsider attacks. Method does not consider the insider attacks. So,
in the proposed method trust score based method is introduced which computes the trust values for
the nodes and provide the security. The trust score is computed has a positive influence on the
confidence with which an entity conducts transactions with that node. Network the behavior of the
node will be monitored periodically and its trust value is also updated .So depending on the behavior
of the node in the network trust relation will be established between two nodes.
Similar to Chapter 3_Cyber Security-ccdf.pptx (20)
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Low power architecture of logic gates using adiabatic techniquesnooriasukmaningtyas
The growing significance of portable systems to limit power consumption in ultra-large-scale-integration chips of very high density, has recently led to rapid and inventive progresses in low-power design. The most effective technique is adiabatic logic circuit design in energy-efficient hardware. This paper presents two adiabatic approaches for the design of low power circuits, modified positive feedback adiabatic logic (modified PFAL) and the other is direct current diode based positive feedback adiabatic logic (DC-DB PFAL). Logic gates are the preliminary components in any digital circuit design. By improving the performance of basic gates, one can improvise the whole system performance. In this paper proposed circuit design of the low power architecture of OR/NOR, AND/NAND, and XOR/XNOR gates are presented using the said approaches and their results are analyzed for powerdissipation, delay, power-delay-product and rise time and compared with the other adiabatic techniques along with the conventional complementary metal oxide semiconductor (CMOS) designs reported in the literature. It has been found that the designs with DC-DB PFAL technique outperform with the percentage improvement of 65% for NOR gate and 7% for NAND gate and 34% for XNOR gate over the modified PFAL techniques at 10 MHz respectively.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
Online aptitude test management system project report.pdfKamal Acharya
The purpose of on-line aptitude test system is to take online test in an efficient manner and no time wasting for checking the paper. The main objective of on-line aptitude test system is to efficiently evaluate the candidate thoroughly through a fully automated system that not only saves lot of time but also gives fast results. For students they give papers according to their convenience and time and there is no need of using extra thing like paper, pen etc. This can be used in educational institutions as well as in corporate world. Can be used anywhere any time as it is a web based application (user Location doesn’t matter). No restriction that examiner has to be present when the candidate takes the test.
Every time when lecturers/professors need to conduct examinations they have to sit down think about the questions and then create a whole new set of questions for each and every exam. In some cases the professor may want to give an open book online exam that is the student can take the exam any time anywhere, but the student might have to answer the questions in a limited time period. The professor may want to change the sequence of questions for every student. The problem that a student has is whenever a date for the exam is declared the student has to take it and there is no way he can take it at some other time. This project will create an interface for the examiner to create and store questions in a repository. It will also create an interface for the student to take examinations at his convenience and the questions and/or exams may be timed. Thereby creating an application which can be used by examiners and examinee’s simultaneously.
Examination System is very useful for Teachers/Professors. As in the teaching profession, you are responsible for writing question papers. In the conventional method, you write the question paper on paper, keep question papers separate from answers and all this information you have to keep in a locker to avoid unauthorized access. Using the Examination System you can create a question paper and everything will be written to a single exam file in encrypted format. You can set the General and Administrator password to avoid unauthorized access to your question paper. Every time you start the examination, the program shuffles all the questions and selects them randomly from the database, which reduces the chances of memorizing the questions.
HEAP SORT ILLUSTRATED WITH HEAPIFY, BUILD HEAP FOR DYNAMIC ARRAYS.
Heap sort is a comparison-based sorting technique based on Binary Heap data structure. It is similar to the selection sort where we first find the minimum element and place the minimum element at the beginning. Repeat the same process for the remaining elements.
2. Introduction
In the recent years, the use of laptops, personal digital assistants (PDAs), and mobile phones has
grown from limited user communities to widespread desktop replacement and broad
deployment.
The larger and more diverse community of mobile users and their devices increase the demands
on the IT function to secure the device, data and connection to the network, keeping control of
the corporate assets, while at the same time supporting mobile user productivity.
Proliferation of Mobile and Wireless Devices
A key driver for the growth of mobile technology is the rapid growth of business solutions into
hand-held devices.
Mobile computing is “taking a computer and all necessary files and software out into the field.”
Types of mobile computers have been introduced since 1990s are:
1. Portable computer
2. Tablet PC
3. Internet tablet
4. Personal digital assistant (PDA)
5. Ultramobile PC
6. Smartphone
7. Carputer
8. Fly Fusion Pentop computer
Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
3. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Wireless refers to the method of transferring information between a computing device (such
as a PDA) and a data source (such as an agency database server) without a physical connection.
Smart hand-helds are defined as hand-held or pocket-sized devices that connect to a wireless
or cellular network, and can have software installed on them.
Trends in Mobility
Mobile computing in third generation (3G) promises greater variety in applications and have
highly improved usability as well as speedier networking.
This smart mobile technology is rapidly gaining popularity and the attackers (hackers and
crackers) are among its biggest fans.
There are numerous attacks that can be committed against mobile networks and they can
originate from two primary vectors.
o One is from outside the mobile network – public Internet, private networks and other
operator’s networks
o The other is within the mobile networks – devices such as data-capable handsets and
Smartphones, notebook computers or even desktop computers connected to the 3G
network.
4. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Popular types of attacks against 3G mobile networks are as follows:
1. Malwares, viruses and worms
2. Denial-of-service (DoS)
3. Overbilling attack
4. Spoofed policy development process (PDP)
5. Signaling-level attacks
Credit Card Frauds in Mobile and Wireless Computing Era
Wireless credit card processing is a relatively new service that will allow a person to process credit
cards electronically, virtually anywhere.
it allows businesses to process transactions from mobile locations quickly, efficiently and
professionally.
It is most often used by businesses that operate mainly in a mobile environment.
Some upscale restaurants are using wireless processing equipment for the security of
their credit card paying customers.
Figure 1 shows the basic flow of transactions involved in purchases done using credit
cards.
5. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
6. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Types and Techniques of Credit Card Frauds
Traditional Techniques
Paper-based fraud – wherein a criminal uses stolen or fake documents such as utility bills and
bank statements that can build up useful personally Identifiable Information (PII) to open an
account in someone else’s name.
Application fraud
1. ID theft: Where an individual pretends to be someone else.
2. Financial fraud: Where an individual gives false information about his or her financial status to
acquire credit.
Modern Techniques
Skimming to commit fraud - the information held on either the magnetic strip on the back of
the credit card or the data stored on the smart chip are copied from one card to another.
Site cloning and false merchant sites on the Internet - designed to get people to hand over their
credit card details.
Security Challenges Posed by Mobile Devices
Some well-known technical challenges in mobile security are
• managing the registry settings and configurations
• authentication service security, cryptography security
• Lightweight Directory Access Protocol (LDAP) security
• remote access server (RAS ) security
• media player control security
• networking application program interface (API ) security
7. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Registry Settings for Mobile Devices
Microsoft ActiveSync acts as the gateway between Windows-powered PC and Windows
mobile-powered device, enabling the transfer of applications such as Outlook information,
Microsoft Office documents, pictures, music, videos and applications from a user’s desktop
to his/her device.
It can synchronize directly with the Microsoft exchange server so that the users can keep
their E-Mails, calendar, notes and contacts updated wirelessly when they are away from
their PCs.
Establishing trusted groups through appropriate registry settings becomes crucial.
One of the most prevalent areas where this attention to security is applicable is within
“group policy.”
The emphasis on most of the group policy settings is security.
New mobile applications are constantly being provided to help protect against Spyware,
viruses, worms, malware and other Malicious Codes that run through the networks and the
Internet.
The core problem to many of the mobile security issues on a Windows platform is that the
baseline security is not configured properly.
Figure 2 displays an illustration of how some tools allow users to browse to the desired
registry value on their mobile devices.
8. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
9. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Authentication Service Security
There are two components of security in mobile computing
security of devices
security in networks.
A secure network access involves mutual authentication between the device and the base stations
or Web servers.
Authentication services security is important given the typical attacks on mobile devices through
wireless networks: DoS attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and
session hijacking.
Security measures in this scenario come from Wireless Application Protocols (WAPs), use of
VPNs, media access control (MAC ) address filtering and development in 802.xx standards.
Cryptographic Security for Mobile Devices
Cryptographically generated addresses (CGA) is Internet Protocol version 6 (IPv6) that addresses
up to 64 address bits that are generated by hashing owner’s public-key address.
The address the owner uses is the corresponding private key to assert address ownership and to
sign messages sent from the address without a public-key infrastructure (PKI) or other security
infrastructure.
Deployment of PKI provides many benefits for users to secure their financial transactions
initiated from mobile devices.
10. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
LDAP Security for Hand-Held Mobile Computing Devices
LDAP is a software protocol for enabling anyone to locate individuals, organizations and other
resources such as files and devices on the network.
It is a light weight version of Directory Access Protocol (DAP) because it does not include security
features in its initial version.
RAS Security for Mobile Devices
RAS is an important consideration for protecting the business-sensitive data that may reside on the
employees’ mobile devices.
Impersonating or masquerading - By using a mobile device to appear as a registered user to these
systems, a would-be cracker is then able to steal data or compromise corporate systems in other
ways.
Port scanning - First, attackers use a domain name system (DNS) server to locate the IP address of
a connected computer. Second, they scan the ports on this known IP address, working their way
through its Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) stack to see what
communication ports are unprotected by firewalls.
A personal firewall on a pocket PC or Smartphone device can be an effective protective screen
against this form of attack for the users connecting through a direct Internet or RAS connection.
11. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Media Player Control Security
Media player can turn out to be a source of threat to information held on mobile devices.
In the most severe exploit of a flaw, a hacker could take over a computer system and perform
any task the computer’s owner is allowed to do, such as opening files or accessing certain parts
of a network.
In the registry, there are some keys which control the behavior of the Windows Media Player
control. Microsoft, through its developer network MSDN, describes details of registry value
settings on the mobile devices.
Networking API Security for Mobile Computing Applications
With E-Commerce and M-Commerce, online payments are becoming a common phenomenon
with the payment gateways accessed remotely and possibly wirelessly.
With Web services and their use in mobile computing applications, the API becomes an
important consideration.
Most of these developments are targeted specifically at securing a range of embedded and
consumer products, including those running OSs such as Linux, Symbian, Microsoft Windows CE
and Microsoft Windows.
Providing a common software framework, APIs will become an important enabler of new and
higher value services.
12. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Mobile Viruses
Mobile viruses get spread through two dominant communication protocols – Bluetooth and
MMS.
Bluetooth virus can easily spread within a distance of 10–30 m, through Bluetooth-activated
phones.
MMS virus can send a copy of itself to all mobile users whose numbers are available in the
infected mobile phone’s address book.
How to Protect from Mobile Malwares Attacks
Following are some tips to protect mobile from mobile malware attacks:
1. Download or accept programs and content only from a trusted source.
2. If a mobile is equipped with Bluetooth, turn it OFF or set it to non-discoverable mode when it is
not in use and/or not required to use.
3. If a mobile is equipped with beam (i.e., IR), allow it to receive incoming beams, only from the
trusted source.
4. Download and install antivirus software for mobile devices.
13. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Mishing
Mishing is Phishing related to mobile phone and Phishing
If you use your mobile phone for purchasing goods/services and for banking, you
could be more vulnerable to a Mishing scam.
Attacker will pretend to be an employee from your bank or another organization
and will claim a need for your personal details.
Vishing
Vishing is Phishing over the telephone system, most often using features facilitated
by VoIP, to gain access to personal and financial information from the public for the
purpose of financial reward. It include:
1. ID theft;
2. purchasing luxury goods and services;
3. transferring money/funds;
4. monitoring the victims’ bank accounts;
5. making applications for loans and credit cards.
Smishing
Smishing is SMS PhISHING.
Smishing uses cell phone text messages to deliver a lure message to get the victim
to reveal his/her PI.
14. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Hacking Bluetooth
Bluetooth is a short-range wireless communication service/technology that uses the 2.4-GHz
frequency range for its transmission/communication.
An attacker installs special software on a laptop and then installs a Bluetooth antenna which
constantly scans the nearby surroundings for active Bluetooth connections.
Once the software tool used by the attacker finds and connects to a vulnerable Bluetooth-
enabled cell phone, it can like download address book information, photos, calendars, SIM
card details, make long-distance phone calls using the hacked device, bug phone calls and
much more.
Some bluetooth-specific security issues are:
1. Bluejacking
2. Bluesnarfing
3. Bluebugging
4. Car Whisperer
15. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Unconventional/Stealth Storage Devices
Firewalls and antivirus software are no defense against the threat of open USB ports.
o Not only can viruses, worms and Trojans get into the organization network, but can also
destroy valuable data in the organization network.
o Sometimes the standard access controls with Windows OS do not allow the assignment
of permissions for USB ports and restricting these devices becomes next to impossible.
o Anyone can connect a USB/small digital camera/MP3 player to the USB port of any
unattended computer and will be able to download confidential data or upload harmful
viruses
Another factor in cybersecurity complications with mobile devices is their falling cost.
Early hand-helds were expensive and specialized, so they were deployed only for specific
applications, but more general-purpose models are now available at a relatively low cost,
often bundled with a tariff for wireless connection.
Because modern hand-held devices for mobile computing are, at times, good
productivity tools, they cannot be precluded from use by employees, contractors and
other business entities.
It is important for the device management teams to include user awareness education;
thus, they get encouraged to take some personal responsibility for the physical security
of their devices.
16. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Threats through Lost and Stolen Devices
Often mobile hand-held devices are lost while people are on the move.
It is often not the value of the hand-held device that is important but rather the content that, if lost
or stolen, can put a company at a serious risk of sabotage, exploitation or damage to its
professional integrity, as most of the times the mobile hand-held devices are provided by the
organization.
Protecting Data on Lost Devices
For protecting data that are stored persistently on a device, there are two precautions that individuals
can take to prevent disclosure of the data stored on a mobile device:
(a) encrypting sensitive data
(b) encrypting the entire files system
Data that are stored on hard disks in persistent memory or on removable memory sticks should be
protected by encrypting the servers where a database files is residing.
Educating the Laptop Users
Often it so happens that corporate laptop users could be putting their company’s networks at risk
by downloading non-work-related software capable of spreading viruses and Spyware, result from
a survey is quoted in Fig. 3 confirms this.
The policies and procedures put in place for support of laptop have evolved over the years to be
able to cope successfully with managing laptops, connected by wireless means or otherwise.
17. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
18. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Encrypting Organizational Databases
To protect the organizations’ data loss, databases need encryption.
Two algorithms that are typically used to implement strong encryption of database files are:
1. Rijndael, a block encryption algorithm, chosen as the new Advanced Encryption Standard
(AES) for block ciphers by the National Institute of Standards and Technology (NIST).
2. Multi-Dimensional Space Rotation (MDSR) algorithm developed by Casio.
Encrypting the database scrambles the information contained in the main database file so that
it cannot be deciphered by looking at the files using a disk utility.
When using strong encryption, it is important not to store the key on the mobile device: this is
equivalent to leaving a key in a locked door.
The key is required whenever you want to start the database or you want to use a utility on
your database.
For greater security there is an option available that instructs the database server to display a
dialog box where the user can enter the encryption key.
Including Mobile Devices in Security Strategy
A few things that enterprises can use are:
1. Implement strong asset management, virus checking, loss prevention and other controls for
mobile systems that will prohibit unauthorized access and the entry of corrupted data.
2. Investigate alternatives that allow a secure access to the company information through a
firewall, such as mobile VPNs.
3. Develop a system of more frequent and thorough security audits for mobile devices.
4. Incorporate security awareness into your mobile training and support programs.
5. Notify the appropriate law-enforcement agency and change passwords.
19. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Importance of Security Policies relating to Mobile Computing Devices
One should think about not to keep credit card and bank account numbers, passwords,
confidential E-Mails and strategic information about organization, merger or takeover plans and
also other valuable information that could impact stock values in the mobile devices.
One should give a deep thought about the potential legal troubles for a public company whose
sales reports, employee records or expansion plans may fall into wrong hands.
When controls cannot be implemented to protect data in the event they are stolen, the simplest
solution is to prevent users from storing proprietary information on platforms deemed to be
insufficiently secure.
Organizational Policies for the Use of Mobile Hand-Held Devices
The first step in securing mobile devices is creating company policies that address the unique issues
these devices raise.
There are many ways to handle the matter of creating policy for mobile devices:
1. Creating a distinct mobile computing policy.
2. Including such devices under existing policy.
3. In a hybrid approach, a new policy is created to address the specific needs of the mobile devices.
“acceptable use” policy for other technologies is extended to the mobile devices.
There may not be a need for separate policies for wireless, LAN, wide area network (WAN),
etc. because a properly written network policy can cover all connections to the company
data, including mobile and wireless.
20. Cyber Security by Nina Godbole/Sunit Belapure
Copyright 2011 Wiley India Pvt. Ltd. All rights reserved.
Laptops
Laptopspose a large threat as they are portable.
Wireless capability in these devices has also raised cybersecurity concerns owing to the information
being transmitted over other, which makes it hard to detect.
Cybercriminals are targeting laptops that are expensive, to enable them to fetch a quick profit in the
black market.
Physical Security Countermeasures
Physical security countermeasures are becoming very vital to protect the information on the employees’
laptops and to reduce the likelihood that employees will lose laptops.
A few logical access controls are as follows:
1. Protecting from malicious programs/attackers/social engineering.
2. Avoiding weak passwords/open access.
3. Monitoring application security and scanning for vulnerabilities.
4. Ensuring that unencrypted data/unprotected file systems do not pose threats.
5. Proper handling of removable drives/storage mediums/unnecessary ports.
6. Password protection through appropriate passwords rules and use of strong passwords.
7. Locking down unwanted ports/devices.
8. Regularly installing security patches and updates.
9. Installing antivirus software/firewalls/intrusion detection system (IDSs).
10. Encrypting critical file systems.
11. Other countermeasures:
• Choosing a secure OS.
• Registering the laptop with the laptop manufacturer.
• Disabling unnecessary user accounts and renaming the administrator account.
• Disabling display of the last logged in username in the login dialog box.
• Backing up data on a regular basis.