It may be an unusual angle, but your Enterprise IP Wireless Expert may be your best ally around when it comes to implementing your Mobile Device Security Strategies. The reason why I think this is that all of smartphone and tablet devices support wireless connectivity, and most data plans provide incentives for users to access the web via IP connectivity rather than the carrier’s network. Hopefully this makes sense as it reduces airtime charges for users, often with little or no trade-off in performance and flexibility and relieves congestion in the carrier voice network. So it’s a Win-Win situaton, right? Well… what users (and some mobility professionals) might overlook, however, is that a lot of the networks over which Enterprise Mobile Devices might connect to the web are completely unsecured, and that could be very dangerous.
Probably a lot of people remember the outcry when Fire Sheep, the packet sniffing add-on to the Firefox web browser, surfaced. In a nutshell, Fire Sheep is a free tool that allows someone who knows absolutely nothing about IP protocol, programming, or wireless security to surreptitiously capture data passing over public access wireless networks. Think opportunistic snoopers, inconspicuously nestled in coffee houses, airports, hotel lobbies and the like. Eric Butler, Fire Sheep’s developer, published the tool to draw attention to the fact that many social media websites were lax about security and expose users who access them in public places to potentially grave risks. Like other ‘ethical hackers’ before him, Butler resorted to publishing his snooping tool only after repeated appeals to the above had produced no security enhancements for users. Butler’s ploy worked. Bad publicity and exposure in the less-than-ethical-hacking world, forced the big social media players to correct security vulnerabilities.
The thing is, that the big names in social media and cloud services are very far from being the whole unsecured wireless problem. In fact, they are only the tip of the iceberg.
The thing to remember is that as mobile devices increasingly become a means of access to web enabled enterprise infrastructure, users can very easily and unknowingly open gaping holes in vulnerable wireless networks.
So meticulously securing the conversations between mobile devices and web enabled infrastructure command and control traffic is of critical importance, because capturing an unsecured wireless conversation is still trivially easy for a determined intruder. Get the Wireless Expert a big Coffee… it may be a long chat!
Please follow me on Twitter @ithain