Professional Documents
Culture Documents
Lecture Week-5
Mobile Security-1
Mobile
Security
18-
18-Mar
Mar--10 Widyatama University
University--Informatics 2
The New Age of Risk
Ubiquitous internet protocol-
protocol-based
technology
(Almost) everything connects to the ‘Net
Many vulnerabilities awaiting exploitation
Mobility of people / information / devices
Cyber crime: real and increasing
Terrorist threat: physical now….blended
later?
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 3
Hostile World
9-11, 3-
3-11, 7-
7-7 and other major terror attacks
Tomorrow’s headlines…?
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 4
Convergence Of Legal, IT,
And Business
Laws/Regulations Technologies Stakeholders
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 5
Dissolution of Perimeter
Hostile Internet Environment
Joint Ventures Contract Manufacture
“Organization Community”
Contract Design
Parts Un-
Un-trusted
Intranet
Servicess
Transportation
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 6
Current State of Network Security
Home/Remote
Users
Business Systems
Manufacturing
Research/Development
Intranet Labs
Legacy Systems
HR Systems
Communication/
Messaging Systems
Users Finance/SOx
Eroding Firewall Perimeter
Strategic Partners
Suppliers
Vendors
Etc…
Hackers
Hackers
Mobile/Wireless
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 7
Mobile Viruses on the rise
2004
2005 06-15-04: Cabir A
06-16-04: Cabir B
01-
01-10-
10-2005: Lasco A 07-10-2004: WinCE/Dust
02-
02-01-
01-2005: Locknut.A 08-06-2004: Brador
03-
03-07-
07-2005: Commwarrior 11-19-04: Skulls A
03-
03-04-
04-2005: Dampig.A 11-29-04: Skull B
12-09-04: Cabir C
03-
03-18-
18-2005: Drever
12-09-04: Cabir D
04-
04-04-
04-2005: Mabir.A 12-09-04: Cabir E
12-21-04: Cabir F
12-21-04: Cabir G
12-21-04: Skulls C
12-21-04: MGDropper
12-26-04: Cabir H
12-26-04: Cabir I
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 8
Wireless Enabled & Mobile
Attacks
Blue
Blue--jacking, bugging, snarfing, sniping
Wardriving
Malicious Mobile Code (Virus, Worms, Trojans)
RFID Sniffing
Denial of Service
Web Application
Spyware
Social Engineering
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 9
Securing the Mobile Workforce
As the person responsible
for an organization you
only have “control” in this
space
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 10
Effective Security is Complex
PKI Manager
Centralized
Security
Token Card Other Security
Many parts & pieces
Manager Entity Manager
Policy Manager
Complex components
Certificate
Authority
Digital
Signature
OS Security
Management
Single Sign-on
Too few qualified personnel
Tools
Interface Interface Tools
~.005% of employees
Network
Security Event
Lack of standards
Virus Interception Security Policy Cyberwall/Firewall
Report Host-based
& Correction Distributor Rule Base
Writer(s)
Protection programs “custom
Encryption
Application-based
built”
VPN Session or Connection
Application Proxy Facilities for
Tunnel
Manager
Manager and
Logging
Implementations Network
Connections
Authentication
Failure of weakest link (s)
Cryptography
VPN IPSec and
VPN Security Traffic Application Intrusion
Connection Event Analyzer Logging Facility Logging Anti-Virus
Manager
Intrusion Detection
Security Management
Security
Network Access Real-time
Control Interception Frame
Filter Engine
and Enforcement Management
Facility
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 11
Security Must Make Business Sense
COST OF SECURITY
COUNTERMEASURES
TOTAL COST
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 12
Next Generation Security
Zones and compartments
Extensive use of cryptography
Identity and access management
“Opt in” for more protection
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 13
Next Generation Design
Internet
Legacy Zone
e.g. manufacturing
Collaborative
Systems
General Purpose
Systems
Intranet Zone
MOT ISP Seamless Mobility Secure Zone
Not subject to
Regulation Personal Regulated
Systems Data Systems
SOX Compliant
Systems
Custom Zone
Stand Alone
High Sensitivity Zone
Trade Secret, Race, age, ethnicity
DMZ QZ
Zone Zone
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 14
Security is a Process
Not a Product!
Security is achieved by the combination of
People
Process
Technology
Protections Address:
Prevention
Detection
Response
Recovery
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 15
Traditional security programs align people, processes and
technology to protect enterprise networks
People
Processes Policies
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
Technology
RFID CHIP
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 16
Securing Seamless Mobility:
Wireless/Mobility Risk Management
Business
Business--focused understanding and
prioritization of risks, vulnerabilities and
countermeasures
Include technical vulnerabilities as well as
other key elements of the security program
Assures most effective use of limited
resources
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 17
Securing Seamless Mobility:
Network Design
Understand existing “wired” environment
Build security into wireless network foundations
Focus on points of connectivity, firewalls, DMZs,
intrusion detection/prevention, VPNs and
encryption
Maximize wireless network availability,
operational security and performance
Secure devices in a system designed for
security
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 18
Approach to Information Security
INTERNAL IT
Ensure the
Confidentiality,
Integrity, and
Availability of
Product Security
Motorola I/T Services include
Assets
Support
PROTECTING assets,
development of DETECTING hostile
more secure activities, RESPONDING to
Wireless Security Motorola incidents, and
Services products RECOVERING to limit
adverse business impacts
Leverage our
expertise to
provide
customer
services
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 19
Tugas Mobile Security
1. 0606022 - FIRMANSAYH APNET4
Mobile Security
2. Genta Gemilang-
Gemilang-Mobile Security
3. Hillman Nurrachman-
Nurrachman-Mobile
Security Software
4. Mobile Security - Farhan Atsani -
0606P02
18-
18-Mar
Mar--10 Widyatama University
University--Informatics 20
Conclusion & Final Words
Mobile
Security
Demo
18-
18-Mar
Mar--10 Widyatama University
University--Informatics 21
Conclusion
Threats to organizations are real and
increasing, seamless mobility requires
careful security planning
Security incidents involving mobile and
wireless environment are increasing
Securing seamless mobility requires
holistic approach that address people,
process and technology
18-
18-Mar
Mar--10 Widyatama University-
University-Informatics 22