Wireless insecurity is also a widespread concern, but can be more easily addressed by treating a wireless connection the same as an Internet connection by applying firewalls, intrusion detection, virtual private networks, and strong authentication.
The CSO is becoming increasingly aware of the dangers posed by mobile devices that contain confidential information and that are subject to theft or loss. What can they do to mitigate those risks? Is the education of end users within a company the only way to go?
There are three areas of security attention related to mobile devices which can range from handheld intelligent cell phones and PDAs to more robust notebook computers: protecting the information content on the mobile device, securing the interaction of that device with other computers across a network, and making sure that additional “backdoor” entry points are not introduced to accommodate “convenient” network access for mobile devices. Effective control of mobile devices begins with intelligent policies and vibrant security awareness and training. From a technical perspective, security for mobile devices includes the use of strong encryption and authentication based on a well-managed public key infrastructure. Remote access gateways, which continually convert “full size” web applications to miniature versions that can operate on the limited size and powered handhelds, must also be protected by strong physical and technical security safeguards. The major issue with theft or loss is not the device, but rather its contents; strong encryption and authentication make the device useless other than its face resale value in the black market.
What's your take on the open source vs. closed source security debate? In your opinion, what operating system is better, when taking a look from the security perspective?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.