george l. heron technology officer, safenet, inc
DESCRIPTION
George L. Heron Technology Officer, SafeNet, Inc. Abstract. This presentation will cover: Proper and workable approaches for dealing with wireless security Techniques for securing a wireless device Available and effective security technologies - PowerPoint PPT PresentationTRANSCRIPT
George L. Heron Technology Officer, SafeNet, Inc.
Planet PDA Spring 2003
Abstract
This presentation will cover:>Proper and workable approaches for dealing
with wireless security>Techniques for securing a wireless device>Available and effective security technologies>The #1 vulnerability with wireless devices
(and #2, #3, . . .)
Planet PDA Spring 2003
“Holy Smokes … where’s my PDA?!”
It has happened to everyone.
If your PDA is lost or stolen:>personal information is exposed> your latest data entries are lost>and if tied into your corporate enterprise . . .
your entire network security is compromised!
Planet PDA Spring 2003
The Need for Wireless Security
Planet PDA Spring 2003
Security Risks
Physical>Loss or theft hacker accesses data files, keys
Visual>Nosy neighbors on planes, trains & automobiles
Electronic>Packet sniffers on Internet >Weak or no encryption>Weak or no authentication (simple passwords)>802.11 sniffer out in corporate office parking lot
Planet PDA Spring 2003
What’s an IT Manager to Do?
>Recognize the problems>Get regular notifications of threats>Study the technologies, alternatives, vendors>Stay current with OS service packs & app updates>Allocate appropriate budget>Purchase appropriate software & licenses>Limit corporate PDA purchases to specific list>Develop procedures & policies for remote usage>Train the corporate population>Develop written policies for remote access>Consider a managed service
Planet PDA Spring 2003
Specifics, Please!
>Enforce use of solid passwords>Utilize built-in security mechanisms>Provide immutable forced policies>Use standard & well-maintained antivirus programs>Use file encryption for internal data, folders, etc.>Provide “device access control” – smart card, token>Enforce use of encrypted connections, VPN tunnels!>Provide and maintain a good firewall
Planet PDA Spring 2003
Electronic Security Mechanisms
Protocol> IPSec is the best, WEP, SSL
Keys>768-bit, 1024-bit most common>RSA signatures most common, ECC>Preshared secrets today, public keys tomorrow
Encrypting Algorithms>TDES most common, AES coming
Authentication>2-Factor (RSA SecurID), Certificates, PINs>Biometrics
Planet PDA Spring 2003
Getting Security Policy to All Corporate Users
Planet PDA Spring 2003
Wireless Phones, PDAs, Laptops are All Network Devices
Planet PDA Spring 2003
Intelligence AgencyTechnical ExpertHacker
Top 10 Remote Security Risks
Risk 1: PDA “local data” storage is exposed (contacts and messages)
Risk 2: Clear transmission of application data
Risk 3: PDA user data access via desk stand
Risk 4: PDA “applications” access via desk stand (Trojan Horse)
Risk 5: PDA Device to PDA Device communications are not encrypted (RIM)
Planet PDA Spring 2003
Intelligence AgencyTechnical ExpertHacker
Top 10 Remote Security Risks
Risk 6: E-mail
Risk 7: No Authentication for device or network access
Risk 8: Device Encryption Keys
Risk 9: User applications are not secured (insertion of Trojan Horse)
Risk 10: Human factors
Planet PDA Spring 2003
Secure ALL communications between the remote user and the corporate LAN
Three Points of Wireless Vulnerability
Planet PDA Spring 2003
Examples of Wireless Security Products
What can IT managers do to strengthen the corporate (remote) network?
Software >Security in Software
Hardware>Security in Silicon
Accessories>Security in Add-on Devices
Planet PDA Spring 2003
VPN Client
Use in PDAs, phones and laptops>Use a VPN software client that offers secure client-
to-gateway communication over wireless networks>Use a product that is interoperable, with many
different gateways
Planet PDA Spring 2003
VPN: Simple, Cost-Effective
Use the Internet to establish secure links via> Authentication> Encryption> Secure tunneling
to access business partners, branch offices, and telecommuters
Planet PDA Spring 2003
Hardware Security
Planet PDA Spring 2003
Security Embedded in Silicon
Embedded security includes all relevant cryptographic functionality in hardware form as well as a full-featured software library that runs on the processors on chip.
Full functionality includes:> Encryption Engines: DES/3DES, ARC4, AES > Hash Engines: SHA-1, MD5, RIPEMD-128/160 > IPSec Packet Engine> Public Key Accelerator > RSA, DSA Digital Signatures> Entropy-based True Random Number Generator (RNG)
2.5G and 3G device manufacturers, wireless service providers, and wireless application providers, in using embedded silicon, provide accessibility to all cryptographic functionality in any combination of hardware and software.
Planet PDA Spring 2003
Smart Card Readers Secure Tokens
Device Access Control allows only YOU to power up the device and/or use the select applications
CARD ACCESS CONTROL
Planet PDA Spring 2003
Protecting the Platform
DEVICE SECURITY
PIN & Biometric access control File-based encryption Unchangeable VPN policies Application-level controls Time-of-day access granularity
Planet PDA Spring 2003
Summary>Assess your risk >Protect the data on the remote phone, PDA, laptop>Protect the network with a VPN>Establish and enforce security policies and procedures>Stay current with all new security threats
If you take basic precautions and use the techniques outlined here you CAN be safe in a wireless world!
Planet PDA Spring 2003
Presented by:
George L. HeronTechnology Officer
SafeNet, Inc.
8029 Corporate Drive
Baltimore, MD 21236
Website: www.safenet-inc.com
Telephone: +1-410-933-5883Fax: +1-410-931-7524Email: [email protected]