2. Mobile Security-1
Security-
Mobile
Security
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 2
3. The New Age of Risk
Ubiquitous internet protocol-based
protocol-
technology
(Almost) everything connects to the ‘Net
Many vulnerabilities awaiting exploitation
Mobility of people / information / devices
Cyber crime: real and increasing
Terrorist threat: physical now….blended
later?
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 3
4. Hostile World
9-11, 3-11, 7-7 and other major terror attacks
3- 7-
Wars and insurgencies
SARS / Bird flu - global impact of disease
SE Asia tsunami disaster
Katrina hurricane disaster in USA
Tomorrow’s headlines…?
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 4
5. Convergence Of Legal, IT,
And Business
Laws/Regulations Technologies Stakeholders
EU Data Web / Internet Customers
Protect
Databases Competitors
GLB/HIPAA/Patriot
Sarbanes-Oxley Collaboration
Governments
U.S. Identity Theft
Law(s)? Wireless Suppliers/
Partners
Mobile Devices
Employees
Pressure mounting on organizations to prove compliance with
an increasing array of laws and regulations. This makes
information security much more challenging.
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 5
6. Dissolution of Perimeter
Hostile Internet Environment
Joint Ventures Contract Manufacture
“Organization Community”
Contract Design
Parts Un-trusted
Un-
Intranet
“Point defenses” Customers
Services
s
Transportation
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 6
7. Current State of Network Security
Home/Remote
Users
Business Systems
Manufacturing
Research/Development
Intranet Labs
Legacy Systems
HR Systems
Communication/
Messaging Systems
Users Finance/SOx
Eroding Firewall Perimeter
Eroding Firewall Perimeter
Strategic Partners
Suppliers
Vendors
Etc…
Hackers
Hackers
Mobile/Wireless
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 7
8. Mobile Viruses on the rise
2004
2005 06-15-04: Cabir A
06-16-04: Cabir B
01-10-2005: Lasco A
01-10- 07-10-2004: WinCE/Dust
02-01-2005: Locknut.A
02-01- 08-06-2004: Brador
03-07-2005: Commwarrior
03-07- 11-19-04: Skulls A
03-04-2005: Dampig.A
03-04- 11-29-04: Skull B
12-09-04: Cabir C
03-18-2005: Drever
03-18-
12-09-04: Cabir D
04-04-2005: Mabir.A
04-04- 12-09-04: Cabir E
12-21-04: Cabir F
12-21-04: Cabir G
12-21-04: Skulls C
12-21-04: MGDropper
12-26-04: Cabir H
12-26-04: Cabir I
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 8
9. Wireless Enabled & Mobile
Attacks
Blue-
Blue-jacking, bugging, snarfing, sniping
Wardriving
Malicious Mobile Code (Virus, Worms, Trojans)
RFID Sniffing
Denial of Service
Web Application
Spyware
Social Engineering
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 9
10. Securing the Mobile Workforce
As the person responsible
for an organization you
only have “control” in this
space
But mobile employees
move throughout the
entire set of possibilities
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 10
11. Effective Security is Complex
PKI Manager
Centralized
Security
Token Card Other Security
Many parts & pieces
Manager Entity Manager
Policy Manager
Complex components
Certificate
Authority
Digital
Signature
OS Security
Management
Single Sign-on
Too few qualified personnel
Tools
Interface Interface Tools
~.005% of employees
Network
Security Event
Lack of standards
Virus Interception Security Policy Cyberwall/Firewall
Report Host-based
& Correction Distributor Rule Base
Writer(s)
Protection programs “custom
Encryption
Application-based
built”
VPN Session or Connection
Application Proxy Facilities for
Tunnel
Manager
Manager and
Logging
Implementations Network
Connections
Authentication
Failure of weakest link (s)
Cryptography
VPN IPSec and
VPN Security Traffic Application Intrusion
Connection Event Analyzer Logging Facility Logging Anti-Virus
Manager
Intrusion Detection
Security Event Security Integrity Intrusion
Intrusion
Logging Manager Prevention Auditing
Detection
Security Management
Stateful Packet Frame Application
Inspection Inspection Inspection Inspection
Security
Network Access Real-time
Control Interception Frame
Filter Engine
and Enforcement Management
Facility
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 11
12. Security Must Make Business Sense
OPTIMAL LEVEL OF SECURITY
AT MINIMUM COST
COST ($)
SECURITY
LEVEL
COST OF SECURITY
COUNTERMEASURES
TOTAL COST
0% COST OF SECURITY 100%
BREACHES
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 12
13. Next Generation Security
Zones and compartments
Extensive use of cryptography
Identity and access management
“Opt in” for more protection
Essential to enable seamless security !
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 13
14. Next Generation Design
Internet
Legacy Zone
e.g. manufacturing
Collaborative
Systems
General Purpose
Systems
Intranet Zone
MOT ISP Seamless Mobility Secure Zone
Not subject to
Regulation Personal Regulated
Systems Data Systems
SOX Compliant
Systems
Availability Not Critical
Systems
Custom Zone
Stand Alone
High Sensitivity Zone
Trade Secret, Race, age, ethnicity
DMZ QZ
Zone Zone
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 14
15. Security is a Process
Not a Product!
Security is achieved by the combination of
People
Process
Technology
Protections Address:
Prevention
Detection
Response
Recovery
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 15
16. Traditional security programs align people, processes and
technology to protect enterprise networks
With seamless mobility, security must now expand to encompass the
extended enterprise.
People
Processes Policies
QuickTime™ and a
TIFF (LZW) decompressor
are needed to see this picture.
Technology
RFID CHIP
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 16
17. Securing Seamless Mobility:
Wireless/Mobility Risk Management
Business-
Business-focused understanding and
prioritization of risks, vulnerabilities and
countermeasures
Include technical vulnerabilities as well as
other key elements of the security program
Assures most effective use of limited
resources
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 17
18. Securing Seamless Mobility:
Network Design
Understand existing “wired” environment
Build security into wireless network foundations
Focus on points of connectivity, firewalls, DMZs,
intrusion detection/prevention, VPNs and
encryption
Maximize wireless network availability,
operational security and performance
Secure devices in a system designed for
security
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 18
19. Approach to Information Security
INTERNAL IT
Ensure the
Confidentiality,
Integrity, and
Availability of
Product Security
Motorola I/T Services include
Assets
Support
PROTECTING assets,
development of DETECTING hostile
more secure activities, RESPONDING to
Wireless Security Motorola incidents, and
Services products RECOVERING to limit
adverse business impacts
Leverage our
expertise to
provide
customer
services
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 19
20. Tugas Mobile Security
1. 0606022 - FIRMANSAYH APNET4
Mobile Security
2. Genta Gemilang-Mobile Security
Gemilang-
3. Hillman Nurrachman-Mobile
Nurrachman-
Security Software
4. Mobile Security - Farhan Atsani -
0606P02
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 20
21. Conclusion & Final Words
Mobile
Security
Demo
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 21
22. Conclusion
Threats to organizations are real and
increasing, seamless mobility requires
careful security planning
Security incidents involving mobile and
wireless environment are increasing
Securing seamless mobility requires
holistic approach that address people,
process and technology
18-Mar-10
18-Mar- Widyatama University-Informatics
University- 22