Mobile Security

Wireless Internet connectivity offers tremendous advantages in real-time access to data, employee collaboration and personal communications whether via a laptop, PDA or cell phone. Equally compelling, however, are the risks inherent to wireless technologies — challenging both enterprise security and our general Homeland security. Wireless risks can be mitigated with technology and effective policies, but tolerance of risk should ultimately dictate how wireless networking and similar emerging technologies should be used.

Even as new vulnerabilities are identified and exploited, governments can mitigate or eliminate many of the wireless security risks with careful education, planning, implementation and management. The following tips will aid this process:

1. Run antivirus and firewall software on wireless-enabled devices, where possible.

   Hardening workstations with antivirus, firewall and even intrusion detection is particularly important for a device using a wireless connection that might otherwise open a bypass around the secure perimeter of an office.

2. Use a virtual private network (VPN).

   This software creates a secure tunnel into a company or home network and provides both encryption and authentication.

3. Do not store authentication credentials.

   Although it requires more work to log in when passwords and other authentication criteria are not automatically saved, it also makes unauthorized access more difficult.

4. Use passwords that are not easily guessed, and change them often.

   This remains one of the most overlooked but effective and easy deterrents.

5. Keep software up-to-date.

   Keeping operating system, application and other software up-to-date with the latest patches and upgrades is crucial in the wireless world, as the technology and specifications tend to evolve at a faster rate.

6. Download only from reputable sites.

   Downloading random freeware or shareware for a wireless device is risky. These downloads can potentially contain malicious code masquerading as legitimate programs.

7. Configure devices to prevent the indiscriminate sharing of resources.

   A good example is disabling infrared or wireless networking ports if they aren’t used regularly. Devices are often shipped with these features activated, allowing users to unwittingly subject themselves to unauthorized connections.

8. Keep apprised of the latest wireless security offerings, standards, and breaches.

   Find a handful of online wireless security sources that offer current, concise, and clear information about developments in the wireless arena, and check them regularly.

9. Make sure the wired infrastructure is secure.

   For most individuals and companies, wireless services are a relatively small component of an overall computing infrastructure. As a result, the majority of IT resources, assets, and data remain wired. To that end, a comprehensive security solution must protect all tiers and provide layers of security functions.

10. Form and follow adequate security policies based on risk-management.

    Wireless advantages are clear, but do the risks outweigh the rewards? For example, while measures such as VPN encryption might enable wireless networks to meet the general privacy concerns of home users or small businesses, certain federal agencies, in contrast, might find the technology too risk-prone to adopt across the board at the present.

Jason Conyard is an expert on the global communications marketplace. He currently serves as Symantec Corp.’s Director of Wireless Product Management.