Mobile Communications

Gopinath Kn (India) - How Smartphones can change the Indian IT Security Game

I am sure many of us are aware of the recent security battle between the Indian government and the Blackberry (BB) manufacturer RIM. The Indian government has indicated that RIM should allow security forces to control what encryption data flows in and out of India. Specifically, the government wants to monitor the emails and SMSes sent via BB. The good news for RIM (and the growing million or so BB users of India) is that an imminent ban seems to have been avoided. What about privacy? (Well, It's a topic for another day). This episode is just one example of how the astronomic growth in wireless usage is affecting the IT security scene. With this consumer-isation of wireless technology, business/enterprise IT should also gear up to support a diverse set of Smartphones (BB, iPhones, Android, Windows mobile etc.). In this article, I will focus on one important artifact of this growth - use of Smartphone Wi-Fi in enterprises. According to analysts, Smartphones will continue to be one of the primary drivers for Wi-Fi going forward. Uncontrolled Wi-Fi in an enterprise environment can lead to serious security issues - it can lead to serious network security and performance issues. We will take a look at them below.

1. Wireless Security Issues: Wireless extrusions occur when an authorized wireless endpoint connects to an unauthorized device (e.g., Access Point or peer client). Wireless extrusions can be potentially exploited to launch man-in-the-middle (MITM) attacks to compromise the specific client/user. Whether a client is actually vulnerable to such an attack depends on the WLAN profile/configuration of the client. For example, clients probing for any default or hotspot SSIDs are definitely vulnerable.

Several recent models of smartphone devices have an ability to act as Wi-Fi hotspots. For example, Palm, Symbian and Sprint EVO already support this feature, and hacks are available on the Internet to convert an iPhone into a hotspot. Such smartphones relay data between Wi-Fi and 3G/4G interfaces. Similarly, SIMFI technology allows pretty much any phone to be converted into a Wi-Fi hotspot. Facilities such as the above can be exploited in multiple ways. First, employees can use this for communication that violates your enterprise security policy (e.g., access a forbidden web site from within an enterprise, upload sensitive data bypassing your corporate firewall). Worse, an attacker can use this feature to convert an innocent looking phone into a honey pot device (mobile honeypots). Further, a mobile honey pot makes it easier to cover more ground and identify vulnerable clients quickly.

Wireless extrusion can also happen via technologies such as Bluetooth as they increase their presence in enterprises. High speed/large range Bluetooth devices as promised by the Bluetooth 4.0 specification are expected to hit the market by the year end. With more than an estimated 73% of phones supporting Bluetooth by 2012, Bluetooth can potentially be another significant source of wireless extrusion.

2. Wireless Performance issues: Uncontrolled proliferation of wireless can lead to bizarre availability and performance issues to enterprise Wi-Fi users. The situation today is that an enterprise already faces several challenges in ensuring a smooth operation of WLAN. Examples include client configuration/connectivity issues, insufficient capacity, coverage and interference. In this scenario, a user adding their own APs in a sporadic manner is like pouring oil into flames. In a spectrum that is already congested, traffic via such unmanaged APs can potentially degrade the throughput and latency of your authorized APs. It is very hard to provision your WLAN for such sporadic load. Further, any QoS policies that you implement on your authorized WLAN can possibly be nullified by unmanaged devices. Note that relying entirely on self-adjusting WLANs may not be a good idea. It is important to have continuous visibility into your airspace so that you can monitor the "health" of your WLAN and take corrective actions.

What can enterprise IT do to combat the above security and performance issues?

- Monitor your airspace on a regular basis to gain visibility into your airspace. This can be done using Wireless Intrusion detection Prevention System (WIPS). A WIPS allows you to define policies to detect and block unauthorized communication such as those involving mobile honeypots. Such a WIPS can also be used to monitor your wireless LAN performance & subsequently, take corrective actions to improve the overall health of your network.

- Install end point agents on authorized notebooks and enforce security policies to block certain communication. e.g., connections to insecure, open APs.


Gopinath KN is Director of Engineering at AirTight Networks, India



« Laurent Clemot (Australia) - IT Evolution Entering a "SAM 2.0" Era


Etien van Loggerenberg (South Africa) - Master Data Management »


Do you think your smartphone is making you a workaholic?