1 / 35

Seminar 2A

johana
Download Presentation

Seminar 2A

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale University

    2. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 2 Copyright Notice Copyright H. Morrow Long 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

    3. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 3 Description A discussion of the security issues involved in a multitude of wireless data technologies including PPP over cellular, IEEE Cellular and Mobile Data (one way and two way pagers), IEEE 802.11a/b/g/i, WEP, WPA as well as IEEE 802.1X, WEP, WAP’s WTLS, Bluetooth, ZigBee, CPDP, 1RTT, EVDO and SMS. A useful guide to the relative information security risks to an individual or organization involved in wireless data technologies including those used by pagers, cellphones, PDAs, assorted networked ‘appliances’ and wireless WANS, LANS and PANs

    4. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 4 Outside workshop scope: Private Mobile Radio Private Microwave Shortwave Radio IP DirectPC SkyDSL / Aloha Networks High Speed ISP Mobile Satellite data services Iridium (Motorola, et. al) GlobalStar (Qualcomm, Loral) Teledesic (Gates/McCaw) Digital cordless IrDA

    5. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 5 Topics Introduction, History and Evolution of Wireless Data Terminology Definitions: Wireless Data Security Wireless Data Risks and Threats Pager Security Cellular Phone Security Analog Digital Wireless Data Security Non-IP Mobile Data Access Networks Wireless PANs / Pico-Nets Wireless LANs and VLANs 802.11 / WiFi

    6. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 6 Introduction

    7. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 7 Introduction

    8. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 8 Mobile Wireless Voice – History Radio-telephones develop 1901-1920 First wireless voice AM Radio – 1906 Commercial AM Radio Pitt PA – 1920 First FM broadcast – 1935 (FM is a big mobile radio help) Military walkie-talkies - 1940 Two-way police radios –1930-1950s Commercial RadioTelephone: MTS & IMTS 1946..1965..1976..1980s Private mobile radio services DC-NYC Metroliner phones – late 1960s CB Radios – 1970s 1G Cellular (Tokyo 1979, Sweden 1981, Chicago 1983)

    9. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 9 Wireless Data – History and Evolution

    10. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 10 Wireless Data – History and Evolution 1901 – First Transatlantic telegraph – Marconi Company 1920s commercial service – Marconi Company Mobile – 1908 Shipboard telegraph – Marconi Company Encrypted radiotelegraph messages Alohanet / Hawaii Radio WAN – 1970s TCP/IP over shortwave (Ham) radio – 1980s Cellular V.90 modems – 1990s PDAs and cellphones with digital wireless services $150 Wireless 802.11b Ethernet cards and base stations (Mobile Data + Mobile Internet + Internet) -> Supranet

    11. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 11 Secure Wireless Data – History and Evolution Secure telephony over Radio A-3 – analog “scrambling” US/UK analog voice privacy system in use at WWII start Broken by Germans early in WWII, real time decryption

    12. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 12 Secure Wireless Data – History and Evolution Secure telephony over Radio SIGSALY Secure Digital Voice Communications First useful use of : Companded PCM encoding of voice (vocoder – BTL 1936-9) Enciphered telephony, quantized speech transmission Speech bandwidth compression Spread Spectrum technology multilevel Frequency Shift Keying (FSK) and FDM (Frequency Division Multiplex) as a viable transmission method over a fading medium Weighted 90 tons, ocupied a large room. Special phongraph records contained a secret key masking voices with white noise Germans monitored but never broke the system Declassified in 1976. US (BTL, DOD), UK (Turing)

    13. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 13 Secure Wireless Data – History and Evolution

    14. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 14 Secure Wireless Data – History and Evolution

    15. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 15 Secure Wireless Data – History and Evolution Secure telephony over Radio – Other WWII methods Navaho code-talkers 1st Marine Division Ballarat 7 July 1943 Photog: Ashman Private First Class Preston Toledo (left) and Private First Class Frank Toledo, cousins and Navajos, attached to a Marine Artillery Regiment in the South Pacific will relay orders over a field radio in their native tongue. OFFICIAL U.S. MARINE CORPS PHOTO USMC #57875 (Paraphrased caption) http://bingaman.senate.gov/code_talkers/men/127-MN-57875/127-mn-57875.html

    16. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 16 Wireless – Terminology Definition AMPS DAMPS TDMA CDMA GSM PCS ISP

    17. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 17 Wireless Data – Terminology Definition CDPD PPP EVDO GPRS

    18. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 18 Wireless Data Security– Terminology Definition VPN Supranet Internet internet intranet extranet ISP

    19. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 19 Wireless Data Risks and Threats Business Needs for Wireless Data Security Financial / m-commerce Enable Telecommuting for employees Secure current insecure applications (alerts, remote administration) Provide remote access to important internal information resources (e.g. E-mail) Monitoring/Controlling sensitive and/or important real-world devices (sensors)

    20. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 20 Wireless Data Risks and Threats – CIA / AAA /etc Confidentiality - Data Exposure Integrity - Data Modification/Tampering Availability - Denial of Service to Data/Resources Authentication - Identification vs Spoofing Authorization - Appropriate Access Control Accounting - Theft of Service (cloning, wireless ISP) M-commerce - Fraudulent transactions, CC # theft Malicious Software – Trojan Horses, Viruses, Worms, etc. Personal Privacy - Location exposure (new 911 law, GPS) Physical theft of device

    21. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 21 Wireless Data Risks and Threats Confidentiality Sniffing / Eavesdropping / Interception from the air Sniffing / Eavesdropping / Interception at endpoint Via Compromise of mobile/wireless device Via Compromise of base station (cell tower / GSM POP) Stolen devices – stored data Stolen devices – use of keys & secrets for access Brute Force Decryption / Cryptanalysis Replay Attack

    22. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 22 Alternatives to wireless data service provider encryption Secure corporate or partner portals SSL Web servers / Secure ASPs WTLS WAP servers Secured Applications (SSLized IMAP/POP) Secure Remote Access (Term/File xfer) SSH, Secure Telnet/FTP, FTP over SSL Multiuser NT/W2K (w/WinCE MS Term Srvr Client) Remote Console: CC, PCA, Timbukto, VNC PGP Encrypted Files for transfer over insecure links/email

    23. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 23 Wireless Data Risks and Threats – Integrity – Data/etc Modification Tampering with intercepted data in transit Tampering with stored data Tampering with keys & secrets for access Tampering with device identification credentials Tampering with device applications (programs) Replay Attack

    24. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 24 Wireless Data Risks and Threats Availability Denial of Service via Signal Jamming (e.g. Israeli device) Netline C-Guard Cellular Firewall http://www.cguard.com/English/latests/index.html Non-malicious man-made problems Natural Disasters in cell areas

    25. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 25 Wireless Data Risks and Threats Authentication - Identification Spoofing data in transit – Man in the middle Spoofing the endpoints Cloning analog phones Impersonating servers (e.g. m-commerce web servers or WAP servers) Cellphone credentials ID #s Phone #s GSM SIM cards User credentials PINs, Passwords, X.509 “Certificates”, Smartcards

    26. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 26 Wireless Data Risks and Threats Authorization – Access Control Allowing a user or device access to a: Application Network Resource (file, printer, fax) E.g., Cellular phone companies authorize devices/users for access to their networks: Roaming Long distance calls Local calls 911 calls

    27. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 27 Wireless Data Risks and Threats Accounting Theft of Service: Via cloning Via theft of wireless ISP access credentials Via theft of physical device Via compromise of base station / networked servers / etc. Via fraudulent registration with carrier or ISP

    28. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 28 Wireless Data Risks and Threats M-Commerce Fraudulent transactions Credit Card number theft At WAP WTLS gateway At Web server endpoint At mobile device endpoint Other account (customer/employee/vendor) theft.

    29. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 29 Wireless Data Risks and Threats Cellphone Malicious Software E-Mail & WAP browsers too “dumb” to infect? Other push and pull content methods PIM synch First Cellphone Virus Hoax – “Mobile Phone Virus Hoax” – May 18, 1999 No Known Cellphone Malicious Software First Cellphone Messaging Attack – Spanish SMS

    30. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 30 “Mobile Phone Virus Hoax” Dear all mobile phone's owners, ATTENTION!!! NOW THERE IS A VIRUS ON MOBILE PHONE SYSTEM.. All mobile phone in DIGITAL system can be infected by this virus..If you receive a phone call and your phone display "UNAVAILABLE" on the screen (for most of digital mobile phones with a function to display in-coming call telephone number), DON'T ANSWER THE CALL. END THE CALL IMMEDIATELY!!!BECAUSE IF YOU ANSWER THE CALL, YOUR PHONE WIL L BE INFECTED BY THIS VIRUS.. This virus will erase all IMIE and IMSI information from both your phone & your SIM card which will make your phone unable to connect with the telephone network. You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia.. For more information, please visit Motorola or Nokia web sites: http://www.mot.com http://www.mot.com or http://www.nokia.com There are over 3 million mobile phone being infected by this virus in USA now. You can also check this news in CNN web site: http://www.cnn.com.. Please forward this information to all your friends who have digital mobile phones..

    31. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 31 “Mobilevirus” Hoax – 3/19/2001 VIRUSINFORMATION VARNING !!!! ---------------------------------------------------------------- Följande har hänt: Om din mobiltelefon ringer och det blinker: !?UNAVAILABLE!? pĺ displayen. SĹ SVARA INTE. Din telefonen blir angripen av ett virus, som raderar alla IMIE och IMSI informationer, bĺde frĺn telefonen och SIM-kortet. Och dĺ finns det bara en sak att göra, just det - köpa en ny telefon. Bĺde Motorola och Nokia har bekräftat denne information. I USA har detta virus förstört 3 miljoner mobiltelefoner. VB DENNA E-MAIL TILL ALLA DU KÄNNER SOM HAR MOBILTELEFON.

    32. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 32 PDA/Cellphone Malicious Software E-Mail Clients and Web browsers Other push and pull content methods PDA PIM synch First PDA Virus Hoax – “Hairy Palms” 10/12/97 First PDA Malicious Software: Palm.Liberty.A 8/28/00 Trojan Horse Palm.Vapor 9/22/00 Trojan Horse Palm.Phage.Dropper 9/22/00 Computer Virus PDA Anti-Virus Software Palm: Symantec, McAfee, CA, Trend, F-Secure EPOC: McAfee, F-Secure PocketPC: McAfee

    33. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 33 Wireless Data Risks and Threats Personal Privacy Location exposure: Passive roaming transmit cellphone #ID continously in cell area. This method is used to track down fugitives today. Reg 911. New E911 law requirement and methods require greater accuracy: Triangulation within cell area – TDOA (Time Difference of Arrival) AOA – Angle of Arrival (CDMA near-far problem as with TDOA) Location Pattern Matching GPS – Global Positioning System -- is one method likely to be used as well as included inside mobile wireless devices. Under user privacy control. Caller-ID / ANI / *69 Physical theft of device – stored data / credentials / etc. Phone card / Credit card numbers / PINs, Passwords, etc. Traffic Analysis – called #s recorded on mobile device

    34. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 34 Wireless Data Risks and Threats Physical theft of device Loss / Destruction of mobile device Loss / Destruction of data: Sensitive business records secret access credentials Compromise/Abuse of secret access credentials Fraudulent use of mobile device True replacement cost of mobile device, new device + : Damage assessment – exposure of business data Replacing data Securing secret access credentials

    35. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 35 Wireless Data Risks and Threats Reverse Tunneling Utilizing a VPN tunnel or other “trusted” connection to connect back to or burrow through to the user’s enterprise network and computer resources (if you can steal the device or hijack the connection) This is a particular Blackberry worry. Carpal Tunneling Also a particular Blackberry worry….

    36. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 36 Pager Technologies and Security Typically low data rate, insecure, one-way short messages. Powerful ground transmitter networks. In CT and NY individuals are actively listening on pager traffic (PIs, news organizations, etc.). Don’t use for anything private as there is no encryption. One Way POCSAG - Post Office Code Standardization Advisory Group – 1981. 512bps – 2400bps. ERMES – 1995 – International Standard FLEX (Motorola) Two Way reFLEX (Motorola) Mobitex (2 way paging and mobile data)

    37. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 37 “Zero G” 0G PTT MTS IMTS AMTS OLT MTD Autotel/PALM ARP

    38. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 38 “One G” 1G NMT AMPS/TACS/ETACS Hicap CDPD Mobitex DataTac

    39. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 39 Cellular Techology and Standards

    40. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 40 “Two G” 2G GSM iDEN D-AMPS IS-95/cdmaOne PDC CSD

    41. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 41 Cellular Techology and Standards

    42. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 42 Cellular Techology and Standards

    43. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 43 Cellular Techology and Standards

    44. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 44 “Three G” 3G W-CDMA UMTS (3GSM) FOMA TD-CDMA/UMTS-TDD 1xEV-DO/IS-856 TD-SCDMA

    45. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 45 Cellular Techology and Standards

    46. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 46 “Four G” 4G UMB 3GPP2 Project based on IS-95/CMDA (e.g CDMA2000) UMTS Revision 8 (LTE) 3GPP Project based on evolved GSM (UTMS) WiMAX

    47. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 47 Cellular Techology and Standards - 4th Generation Broacband means 100 megabits or more. UMB is multiple services -- Vs. WiMax, WiFi or UWB.Broacband means 100 megabits or more. UMB is multiple services -- Vs. WiMax, WiFi or UWB.

    48. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 48 Cellular Techology and Standards - 4th Generation AKA Evolved UMTS E-UTRA - Evolved UTRA AKA Evolved UMTS E-UTRA - Evolved UTRA

    49. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 49 Cellular Techology and Standards - 4th Generation AKA Evolved UMTS E-UTRA - Evolved UTRA AKA Evolved UMTS E-UTRA - Evolved UTRA

    50. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 50 Cellular Techology Security

    51. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 51 GPRS Security GPRS - Global General Packet Radio Service (GPRS) 2.5G Packet-switched Mobile Data Service Built on GSM and IS-136 Uses GSM security. Superceded oler GSM CSD (Circuit Switched Data) Superceded by EGPRS (Edge GPRS) 200+ Kbps vs. 60 - 80 Kbps

    52. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 52 1XRTT and EVDO EV-DO - Evolution Data Optimized Built on CDMA - 1x data available w/CDMA 1xRTT 50 Kbps-100 Kbps - burst to 144Kbps # EVDO Rev 0 400kbps-700kbps Download, bursts up to 2.0Mbps, 50kbps-100kbps Upload Speed, bursts to 144Kbps. # EVDO Rev A 450Kbps-800Kbps Download, bursts to 3.0Mbps, 300Kbps-400Kbps Upload Speed, bursts to 1.8Mbps. Uses CDMA built-in encryption / security.

    53. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 53 Cellular Techology / Mobile Data

    54. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 54 Cellular Techology / Mobile Data

    55. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 55 Mobile Data Techology and Standards

    56. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 56 Mobile Data Techology

    57. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 57 Mobile Data Device Security

    58. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 58 Blackberry Security Has message level security between BB & BES (Blackberry Enterprise Server) but not on Internet. Only allows ‘signed’ applications to run - but these could infect & compromise.. Such an application could be used as a backdoor/proxy into enterprise networks. It could also read and send e-mail, SMS and Internet traffic. DISABLE the CAPABILITY TO INSTALL & RUN 3-rd Party Applications.

    59. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 59 Wireless Data Tech and Standards Wide/Metro Area PPP over Cellular Analog (AMPS) – 9.6kbps Digital (US CDMA) – 14.kbps CDPD – 19.2kbps Metricom Richochet modem– provides encryption! Wireless ISPs for high speed access Several hundred kbps to several megabits per second Proprietary MAN technologies Native American Reservation high speed Internet access WiMax - 20 to 30 KM at 70 Megabits/sec.

    60. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 60 PAN (Personal Area Network) Standards

    61. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 61 1, 10 and 100 metre versions. Uses 2.4Ghz freq range. Bluetooth uses custom algorithms based on the SAFER+ block cipher for authentication and key derivation. The E22 algorithm.is used for initialization and master key generation. Encryption is via the E0 stream cipher. “PINs” have been cracked/hacked. Encryption to be upgraded. Bluetooth 3 to use UMB.

    62. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 62 Bluetooth Security Threats Bluejacking - sending messages to Bluetooth-enabled devices. Bluesnarfing - stealing info from a Bluetooth device (contacts/addressbook) Bluestumbling - discovering and cataloging Bluetooth devices Buebugging controlling another’s device Bluetooth “rifle” can be used up to 1 mile to receive signal..

    63. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 63 ZigBee (AKA HomeRF lite) 250 Kbps at up to 30 meters. Uses the 2.4GHz radio band - ala 802.11b/g and 868/915 MHz. HomeRF Lite plus the 802.15.4 specification. AKA PURLnet, RF-Lite, Firefly & HomeRF Lite. CSMA/CA in varied topologies up to 50 metres Low Power

    64. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 64

    65. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 65 Summary and Unresolved Issues Wireless data over digitally encrypted channels (e.g. US CDMA) is better security in general than “over” analog un-encrypted. No encryption nor security mechanism is 100% secure. You need to assess risk threats and evaluate tradeoffs. For sensitive/critical data you should use end-to-end protection: either encrypted applications (e.g. SSL) or VPNs (or both) over wireless networks even those with digital encryption.

    66. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 66 Questions?

    67. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 67 Additional Resources

    68. 2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 68 Questions

More Related