1 / 18

Mobile Financial Services: Are There Any Hard Problems?

Mobile Financial Services: Are There Any Hard Problems?. Ron Moritz SVP, e Trust Security Solutions Computer Associates. Welcome to Wireless. GPRS. EDGE. Smart Phones. GSM. UMTS. Centrino. MMS. Linux. 802.11h. WiFi. TDMA. Blackberry. Symbian. Warchalking. Palm. PocketPC.

pepin
Download Presentation

Mobile Financial Services: Are There Any Hard Problems?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Financial Services:Are There Any Hard Problems? Ron Moritz SVP, eTrust Security Solutions Computer Associates

  2. Welcome to Wireless GPRS EDGE Smart Phones GSM UMTS Centrino MMS Linux 802.11h WiFi TDMA Blackberry Symbian Warchalking Palm PocketPC Tablet PC 1XRTT Win XP CDMA2000 Mobile Gateway WAP 802.1x Bluetooth WCDMA Hot Spots WPA 802.11a 802.11b 802.11g WEP The Next Killer App Wireless eMail 802.20 SMS

  3. Wireless Defined • Confusion • Too many choices • Not enough education • Lack of standards • Security vulnerabilities

  4. Mobility Solution Core Components Business Benefits Realization 0. Business Plan Needs Assessment What? Where? Why? How? How much? 1. Devices iPaq Palm Blackberry Smart Phone … 2. Network AT&T SprintPCS Cingular … WLAN 3. Connectivity Server Security (Firewall, VPN, Access control, PKI Authentication) + + + 4. Applications LoB eMail Siebel, SAP, Portal Software Middleware 5. Support Services Help Desk Device rollout Training Development 6. Additional Services and s/w: User Data Back Up and Restore Exchange Managed Service Device Maintenance and Break Fix Device Provisioning and Configuration Application Hosting Application Development + +

  5. New Risks or Replay of Old? • Does wireless really introduce new security risk or is it simply highlighting the existing defects in our current network? • End device has limited resources (power, processing, storage) limiting security capability. • WiFi users may not be sufficiently focused on security concerns. • Because of unique aspects of wireless nets, there are new vulnerabilities and security concerns regarding C.I.A.

  6. Data versus Voice People • Converged networks – just say no! • There are data people • There are voice people • The idea of bridging between the cellular and the WLAN is nice but does not really fit the sociology of how people interact with technology • LAN/Telephony integration that is acceptable in the wired world may not be real (yet) in other platforms

  7. Cell Phone – What You Have • Engage the wireless device in strong authentication • Carrier can send one-time token to cell phone or other wireless device • Find other creative ways to enhance data security with wireless

  8. New Solutions Are Required • Wired and wireless nets both have many of the same vulnerabilities • But, the solutions developed for wired nets may not be possible or implementable in wireless nets • For example, management of policies and services in wireless net • And, current protocols for managing authentication are insufficient in wireless world • So, need new ways to manage configuration, security policy, intrusion detection, and response

  9. No Physical Isolation of Nodes • Wireless communication more susceptible than wired communication to security attack: • Disruption (jamming, DDoS) • Observation (evesdropping, traffic analysis) • Misuse (theft of service)

  10. Unique Attacks on Wireless Net • Capture and abuse of control channels • Spoof at or near boundary of network cells to capture traffic • Direct attacks at wireless power source • Attacks directed at the database or service needed for maintaining configuration and/or security policy management • Traditional intrusion detection techniques may not be possible in wireless network

  11. Crucial to Financial Services • NAPs are like roaches – if you see one you probably have hundreds • Scan for them • IBM wireless security auditor • Netstumbler • Grasshopper • Attacks on wireless may threaten individual privacy and enable identity theft

  12. Crucial to Financial Services • Integration of wireless security into larger systems, networks and systems of systems • Devices whose security is crucial to the network are in the hands of individuals who lack expertise or interest in security • Must improve the embedded security of these systems so security of the nodes is easy

  13. Security Situational Awareness • Visualize health of WLAN • Network topology is in constant flux as nodes are added, moved, removed • Intermittent connectivity, node and link failure, and compromises must be detected • Monitor and represent the status of the wireless network to understand security posture • Discovery possible through CA Unicenter

  14. Manage Wireless Networks • Detect rogue devices • Manage performance and configuration • Topology and alerts

  15. Shields and Cloaks • Location-aware policy enforcement • When do you want to be visible? • When do you want shares hidden? • User-friendly administration • Don’t depend on level of security expertise of the user • Help engage user in his/her destiny • Help user understand location vis-à-vis network they’ve engaged • Deliver software and manage performance and configuration

  16. Automated Software Delivery Manage Mobile Devices • Deliver software • Manage performance and configuration • Remote wipe, lock, and reload

  17. Key CA Partnerships • MPAC • Preferred enterprise partner in Microsoft’s Mobility Partner Advisory Council • UCLA WINMEC • Wireless Internet and Mobile Enterprise Consortium • Founding member • SUNY Stony Brook Center of Excellence for Wireless Technology • Founding member • Ongoing research

  18. CA Resources • White papers at www.ca.com/cto • Technology Innovations at CA • Enabling Mobile eBusiness Success • The Future of Wireless Enterprise Management • Who’s Watching Your Wireless Network? • Enterprise Portals: The Workplace of Tomorrow

More Related