SECURITY+ GUIDE TO NETWORK SECURITY FUNDAMENTALS

Security+ Domain: Mobile Security

Chapter 9: Wireless Network Security

Chapter 10: Mobile Device Security

Objectives

• Wireless Network Security

  • Describe different types of wireless network attacks.

  • List vulnerabilities in IEEE 802.11 security.

  • Explain solutions for securing a wireless network.

• Mobile Device Security

  • List and compare the different types of mobile devices.

  • Explain the risks associated with mobile devices.

  • List ways to secure a mobile device.

  • Explain how to apply mobile app security.

  • Describe the implementation of BYOD security.

Wireless Attacks

Bluetooth Technology

• Short-range radio frequency transmissions effective within 10-100 meters.

• Ad-hoc device pairing allows seamless connections between devices, such as smartphones and Bluetooth audio devices, often requiring minimal user intervention.

• Devices form Personal Area Networks (PAN) for efficient communication among closely located devices, facilitating tasks such as file transfer and audio streaming.

• Two types of Bluetooth topologies:

  • Piconet: Involves a single master device with up to seven active slave devices. The master device manages the communication, and each slave communicates through the master using time division multiplexing (TDM). This structure allows synchronization among devices for orderly data transmission.

  • Scatternet: Connects multiple piconets, enabling communication across different networks through shared slave devices, which increases the flexibility and capabilities of Bluetooth setups.

Bluetooth Network Structure

• Piconet: One master controls multiple active slaves, but can also have parked slaves that are not actively communicating to save battery life while remaining connected.

• Scatternet: Enhances communication possibilities by linking multiple piconets, useful in scenarios where devices need to interact across various groups or services, such as in a household with multiple devices.

Wireless Attacks

• Bluejacking: Involves sending unsolicited messages to nearby Bluetooth devices, often used for pranking or harmless interactions, but can also be used to send malicious links.

• Bluesnarfing: A malicious attack that takes advantage of an active Bluetooth connection to steal sensitive data from a device, such as contacts and calendars, undetected by the user. This attack typically targets inadequately secured Bluetooth devices.

Near Field Communication (NFC)

• A communication technology enabling low-speed, low-power interactions between devices positioned within a few centimeters, primarily utilized in mobile payments and data sharing applications.

• Risks: Eavesdropping on NFC communications, data manipulation during transmission, man-in-the-middle attacks that intercept data exchanged between devices, and potential device theft or unauthorized access during active NFC interactions, especially in crowded public areas.

IEEE 802.11 Security Vulnerabilities

History

• IEEE Overview: Established in 1884, the IEEE has played a crucial role in developing standards for telecommunications and wireless communications, consistently advancing wireless technology since the 1980s by addressing emerging technological challenges.

• 802.11 Standards: The first standard was released in 1997, and multiple revisions have since been made to enhance security, speed, and efficiency, leading to the development of robust protocols to govern wireless communication.

IEEE 802.11 Vulnerabilities

• Access Control: Basic methods like MAC address filtering are not effective due to vulnerabilities; MAC addresses can be intercepted, modified, or spoofed, leading to unauthorized network access.

• Open System Authentication: This process lacks robust security mechanisms, relying predominantly on SSID matching for network access, making it prone to exploits.

• WEP (Wired Equivalent Privacy): Once a standard for encryption, WEP's severe vulnerabilities, like short static encryption keys and predictable initialization vectors, limit its effectiveness to protect wireless communications in real-world scenarios.

• WPA (Wi-Fi Protected Access): Introduced TKIP (Temporal Key Integrity Protocol), which improved encryption mechanisms by utilizing dynamic keys, but still not completely resilient against all types of assaults, especially when legacy devices are involved.

• WPA2: Expanded on WPA's security features by incorporating AES (Advanced Encryption Standard), providing a significantly more secure protocol, now considered the foundational standard for securing wireless networks.

Wireless Security Solutions

Mobile Device Security

• Characteristics of Mobile Devices: Most mobile devices are equipped with wireless Network Interface Cards (NICs), synchronization capabilities with various platforms, and support for a wide range of applications. The compactness and portability of these devices, along with continuous connectivity, raise unique security challenges.

• Risks: The high theft rate of mobile devices increases the risk of data breaches involving confidential information; public Wi-Fi networks can serve as hotbeds for data transmission interception and man-in-the-middle attacks; social engineering strategies often target users via unsecured apps or malicious links within communication channels.

• BYOD (Bring Your Own Device): This practice allows employees to use personal devices for work purposes, enhancing flexibility and mobility in the workplace but also potentially compromising sensitive organizational data due to varied security measures in personal devices compared to enterprise-grade systems.

Securing Mobile Devices

• Device Setup: Proper configuration from the start is crucial; disabling unnecessary features like Bluetooth or NFC minimizes possible points of entry for attackers.

• Security Measures: Implement strong passwords, employ screen locks, and utilize biometric authentication methods. Data encryption must be a priority, using built-in options or reliable third-party applications to enhance data safety.

• Monitoring & Management: Leverage Mobile Device Management (MDM) tools that enable centralized control over device security policies, enforce compliance checks, and facilitate real-time updates to security measures.

BYOD Considerations

• Benefits: Provides flexibility for users, can reduce costs for organizations by minimizing equipment expenses, and often leads to increased employee satisfaction and productivity due to familiar interfaces on personal devices.

• Challenges: The wide variety of devices creates a complex security landscape where enforcing consistent security policies is difficult; unauthorized applications can introduce vulnerabilities; protecting sensitive corporate data on personal devices poses significant long-term security risks.

Key Takeaways

• Ensuring security for wireless networks and mobile devices is imperative. Increasing awareness among users, performing regular updates, and implementing comprehensive management practices can dramatically reduce vulnerabilities and bolster overall network security.