Industry Solutions and Trends
Technology is more than just networking and Juniper experts share their views on all the trends affecting IT
Gilles

Don’t let your “Bring Your Own Device” experience become a “Bring Your Own Malware” one!

by Gilles ‎01-09-2012 01:18 AM - edited ‎01-17-2012 06:01 AM

(version française)

 

I’m not considering myself as a “geek”, but nevertheless, I’m using new technologies everyday to help make my job easier.

 

Being home based, I mainly use my laptop to remotely connect myself to my company network and to access all of the various applications and resources I need to. Obviously my house is equipped with Wi-Fi and I have configured WPA2 to ensure a strong protection mechanism within my home network – WPA2 being the minimum security protocol to be used in this case. Of course, my laptop embeds a security client protecting it against all the major and well-known attacks and threats, a client that needs to be updated on a regular basis to remain effective. Does that mean I feel totally safe? No, because although I know my own environment and my laptop are pretty well protected, I also know that in order to access other company resources, my data will need to transit through a myriad of networks and equipments which I have absolutely no control over. Thus highlighting the critical need for encrypting all the communications taking place between my laptop and my company network. In order to achieve this, I simply set up a SSL/VPN connection. This then ensures the confidentiality and the integrity required by any business data when conveyed across non-trusted environments. Furthermore, because the Juniper SSL/VPN technology provides a host checking capability that scans my laptop before and during the VPN session, I can ensure compliance with corporate security policies. This can also ensure that my embedded third party security client is always up to date with the latest threats’ signatures.

 

You could argue there is nothing new here and that what is described just above has been now implemented for some time and is more or less the standard for remote workers. And you are certainly right. But what about the new mobile devices now accessing the network?

 

Back on my own example, I’m also using a tablet and a smart phone to access my company resources especially when I’m travelling. This dramatically improves my productivity and my response time. While using these complementary mobile devices on the road, I do expect the same level of experience and security as the one I can benefit on my laptop when I connect from home. And then it starts to be a bit scaring, because I’m not using my own protected wireless network to connect to the Internet, but rather a public and untrusted Wi-Fi or 3G network without any specific security in place. Thus the crucial importance to also protect your data from these new mobile devices, exactly the same way you protect them from your laptop. In fact you need to have exactly the same set of security components, protecting both the connection and the device itself, installed on your tablet or/and smart phone.

 

Mobile Malware Risk

 

Using these new mobile devices for business purposes is now a reality. But this exposes you and your enterprise to new dangers. The threats to mobile devices are also real—and reach far beyond simple viruses to now include malware, loss and theft, data communication interception, exploitation and misconduct, and direct attacks. A recent Juniper research1 has shown a 400% increase in Android malware since summer 2010. Likewise, one in 20 mobile devices was lost or stolen, requiring locate, lock, or wipe commands. Mobile malware uses the same techniques as PC malware to infect mobile devices, and the greatest mobile malware risk comes from rapid proliferation of applications from app stores. And we all access and download new great applications from app stores on a daily basis.

 

Interception of Communication

 

Another major threat, especially when it comes to using mobile devices for business, is the interception of communication. It potentially affects any device that sends and receives data and connects to a network, as per my own example above. Unauthorised individuals can use specialised equipment and tools to access the specific frequencies used by mobile devices, and listen to conversations between the devices and mobile transmission towers. Not to mention that with approximately half of all smart phone devices today providing Wi-Fi capabilities, and 90% of all mobile devices projected to have this functionality by 2014, the risk of Wi-Fi sniffing (monitoring data in transit) accentuates the communication interception threat.

 

For all these reasons, and for each of the malicious threats flying around today, a proper mobile security and device management protections must be implemented in order to alleviate.... When implementing a mobile security solution we, at Juniper Networks, recommend that enterprises, government agencies and small and medium sized businesses implement the following components:

 

  1. On-device anti-malware to protect against malicious applications, spyware, infected SD cards and malware-based attacks to the device.
  2. On-device firewall to protect device interfaces.
  3. SSL/VPN clients to effortlessly protect data in transit, and to ensure secure and appropriate network access and authorisation.
  4. Centralised remote locate, track, lock, wipe, backup and restore facilities for lost and stolen devices.
  5. Centralised administration to enforce and report on security policies across the entire mobile device population.
  6. Support for all major mobile platforms, including; Google Android, RIM BlackBerry, Apple iOS, Microsoft Windows Mobile, and Nokia Symbian.
  7. Device monitor and control, such as the monitoring of messaging and control of installed applications.
  8. A solution that integrates with network-based technologies, such as network access control (NAC), to ensure the security posture of mobile devices and determine appropriate access rights prior to allowing access to corporate resources.
  9. Management capabilities to enforce security policies, such as mandating the use of PINs/passcodes.
  10. Ability for an administrator to monitor device activity for data leakage and inappropriate use.

 

In summary, IT teams need to employ VPNs that encrypt communications between mobile devices and corporate networks. They also need to establish and enforce uniform corporate mobility policies, combining VPN secure connectivity and access control with mobile device security. Security teams need capabilities for remotely and automatically disabling an infected mobile devices’ access to prevent further organisational infection or infiltration.

 

This is the only way to ensure you do not transform your “Bring Your Own Device” (BYOD) experience, providing lots of benefits to your organisation, into a “Bring Your Own Malware” (BYOM2) nightmare!

 

Don’t you think that while smart phone and tablet devices now perform the same functions as a PC, it makes sense to equip them with the one critical feature that is still missing today, that is to say security? If you are tempted to believe that it is not necessary, then you leave both the data and the applications on these mobile devices as well as your network and your whole organisation at risk of exploitation, attack or misuse.

 

Personally, knowing that I can access to my company resources safely and with complete confidence and this being at home or on the road and using any kind of device gives me peace of mind.

 

 

(1) Sign up here to get the latest report from the Juniper Global Threat Center (GTC): "Malicious Mobile Threats Report 2011"

 

(2) A special thank you to Paul Gainham for this clever find :smileywink:

 

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.