Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Securing the Wireless
Securing the Wireless

With anytime, anywhere access to the Web, e-mail, Internet applications, and more, mobile professionals are enjoying the convenience and flexibility of being cable-free. But what would happen if suddenly 5,000,000 cellphones dropped their calls and stopped working for several hours or days? The repercussions would be enormous.

Given the low bandwidth nature of today's ­ and even tomorrow's ­ wireless networks, even a single virus event like LoveLetter could easily take down an entire wireless infrastructure in minutes. The traffic resulting from such a worm spreading to thousands or millions of devices would sap the limited bandwidth quickly, preventing other legitimate traffic from traversing the airwaves.

Analysts expect that, by the end of 2004, there will be more than one billion wireless devices in use, and over 100 million of them will be connected to the Internet. The always-online, open nature of these next-generation Internet-enabled products will make them increasingly susceptible to malicious code.

Wireless Internet connectivity promises to enable businesses to take significant steps toward employing a truly mobile workforce. With anytime, anywhere access to the Web, e-mail, Internet applications, and more at their fingertips, mobile professionals will enjoy the convenience and flexibility of being cable-free. Corporations, in turn, will benefit from an increasingly productive mobile community of executives, sales and service, business development staff, and other business-critical personnel.

While these promises have yet to be realized on a widespread scale, they are beginning to materialize as carriers launch 2.5G and 3G networks around the world, and hardware manufacturers bring a variety of sophisticated wireless and mobile devices to market. If the success of today's SMS is any indicator of the future potential of wireless services, then the demand for wireless Internet connectivity will accelerate; according to the GSM Association, from January 2000 to December 2001, the number of SMS messages sent monthly worldwide, grew from 4 billion to 30 billion.

Before the global embrace of wireless Internet occurs, a number of issues must be addressed. Perhaps the most important issue is security. Users want to be able to use their wireless devices and services without putting themselves and their assets at risk.

For businesses, the burgeoning wireless market means more flexibility and higher employee productivity. For hackers, however, it means another platform for creating, distributing, and using malicious code to gain unauthorized access to individual or corporate resources.

Such individuals may capture data and exploit network-based resources, including Internet access, fax servers, and disk storage. More important, wireless access to a network can represent the entry point for various types of attacks that can render services unavailable, and potentially subject the organization to legal liabilities.

The Wireless Domain
A look at the wired world provides a glimpse into the difficulties that await the wireless infrastructure. Today's wireless domain can be divided into three clear categories: personal area networks (or PANs), campus or building area networks, and carrier-based or metropolitan networks.

In the PAN space are PDAs and laptops that use either infrared or a wireless protocol such as Bluetooth to communicate with one another in close proximity. In the U.S. and other markets around the world, cellphones embedded with Bluetooth are beginning to ship. For users, a wireless PAN represents significant cost savings over traditional wired-device connections by obviating the need for cables and time-consuming setup and configuration.

Campus or building area networks typically use wireless Ethernet, or Wi-Fi, to provide wireless private network capabilities. Wi-Fi, based on the IEEE 802.11 standard, enables companies of all sizes, as well as individuals with home networks, to easily deploy one or more LANs without investing time and money in stringing cables.

In the carrier-based or metropolitan network space are increasingly complex cellular phones and PDAs. These devices offer more memory, faster processing, and sophisticated operating systems, which enable mobile users to leverage more powerful wireless networks to access the Internet, send and receive e-mail and, in general, conduct business as they would from a desktop PC.

Wireless Exploits
As with virtually all IT-based technologies and services today, the wireless domain is not without security risks. Many of these vulnerabilities have made headlines across the world. In June 2000, for example, the Timofonica virus hit thousands of Internet-enabled cellphone customers of Telefonica, Spain's largest cellphone provider. This virus caused infected PCs to send text messages to Telefonica mobile phone customers.

PDA exploits were not far behind. Two months after the Timofonica cellphone virus incident, the first Trojan horse for the Palm OS appeared. This Trojan horse, dubbed Liberty Crack, was followed less than a month later by yet another Trojan horse, called Palm Vapor. The introduction of PDA-specific malicious code represented a threat not only to PDAs, but it also called attention to the potential spread of such code throughout a company as users synchronized their handheld devices with their desktop or laptop systems.

Use ­ or in this instance, misuse ­ also represents a security vulnerability with Bluetooth-enabled devices. With many Bluetooth systems, users are able to configure their unit to discover other similar devices, to allow other devices to discover it, and to share some or all of their system resources with another device. Without adequate training, users can find themselves exposing their systems and resources to other Bluetooth-enabled devices as they form a temporary network with other laptops, cellphones, or PDAs. In such a scenario, another Bluetooth-enabled device user could exploit this vulnerability to make a long-distance phone call through an unwitting user's cellphone, to secretly gain access to another user's contact list on their PDA, to share files with an unsuspecting user, and more.

Another incident that made headlines in June 2001 demonstrated just how crippling a wireless-based security breach can be. Emergency services were made unavailable in a region of Japan when a virus took over the wireless-enabled Internet phones of i-mode service subscribers, and dialed the country's emergency hotline number, the equivalent to 911 in the U.S., creating a distributed denial-of-service attack. Estimates are that more than 13 million phones were directly impacted, and countless more people faced the disturbing experience of not being able to reach an emergency operator.

An Evolving Risk
The security threat to wireless LANs is inherent in the technology's flexibility, which is why the IEEE is developing its security for Wi-Fi. The current 802.11 security protocol for wireless networks is Wired Equivalent Privacy (WEP). WEP is designed to provide the "equivalent" security available in wireline networks, but is not without flaws.

Wireless networks are not restricted to physical structures, but instead provide service through walls, ceilings, and floors, with a range of 260 feet or so. Users in the "bleed" space ­ the area outside the intended boundary of the LAN ­ have the same network access as authorized internal users if the wireless LAN is not configured properly. Although drive-by hacking is therefore a real possibility with wireless LANs, it is less probable than those accidental security breaches caused by user configuration errors.

Compounding these security risks is the emergence of more and more powerful wireless devices, giving malicious users an enticingly robust platform for hosting their code. The arrival of increasingly sophisticated wireless devices such as Java- or Symbian-enabled systems and hybrid wireless devices that include PDA, GSM phone, Internet access, and always-on e-mail capabilities offer a fresh challenge to hackers. They also pose an interesting test to software developers who are tasked with writing more concise code to create compact applications for these small footprint units.

Several steps have already been taken to address some of the issues of wireless security. Some wireless notebooks support the use of fingerprint readers or sensors that rely on biometrics to identify authorized users. A growing number of devices include public key infrastructure (PKI) support built into their products. In addition, standards are being evaluated and approved to require wireless terminals to use advanced security technologies to protect their wireless computing environments.

Again, as evidenced in the wired world, businesses and individuals alike no longer have the luxury of procrastinating about making security decisions. Although wireline security incidents far outpace those of the wireless IT domain, the rapid adoption of sophisticated technologies will drive a parallel increase in security breaches to wireless devices and networks. As each new wireless technology appears, hackers will devote more and more time to discovering and exploiting new vulnerabilities ­ paralleling what has occurred in the wired world.

By employing a complementary combination of security solutions and common-sense best practices, wireless users can significantly reduce their exposure to security threats. And, as security standards and products evolve, users can prepare to embrace next-generation wireless devices and services that will help ensure their continued success in the wireless future.

SIDEBAR
Wireless Security Tips

Even as new vulnerabilities are identified and exploited, businesses can mitigate or eliminate many of the wireless security risks with careful education, planning, implementation, and management. The following 10 tips will aid this process:
1.   Run antivirus on the wireless device, where possible. For example, full-featured antivirus software is available for Palm OS devices. The most advanced solutions are usually offered by vendors of trusted antivirus for wired devices.
2.   Use a virtual private network (VPN). This software creates a secure tunnel into a company or home network, and provides both encryption and authentication.
3.   Do not store authentication credentials. Although it requires more work to log in when passwords and other authentication criteria are not automatically saved, it also makes unauthorized access more difficult.
4.   Use passwords that are not easily guessed, and change them often. This remains one of the most overlooked but effective and easy deterrents to security breaches.
5.   Keep software up-to-date. One of the security lessons provided by the Nimda worm outbreak in the wired world last year was that it is imperative that software and security patches are downloaded as soon as they're available. If not, small security holes can quickly become the entry point for the newest viruses, worms, and other malicious code.
6.   Download only from reputable sites. While it's tempting to download freeware or shareware on a wireless device, it is risky as well. These types of programs can potentially contain malicious code masquerading as legitimate programs, as evidenced by the Liberty Crack Trojan horse.
7.   Configure your device to prevent the indiscriminate sharing of resources. Consider the range of your wireless device and the potential hacking opportunities a simple misconfiguration can present to users with malicious intent; then lock down your device.
8.   Back up often. While this certainly doesn't prevent a security breach, a complete and recent backup makes recovery from a security incident a great deal easier‹but only if the source to which you back up is secure.
9.   Keep apprised of the latest wireless security offerings, standards, and breaches. Find a handful of online wireless security sources that offer current, concise, and clear information about developments in the wireless arena, and check them regularly. In a market that's as complex and dynamic as today's wireless environment, information is key to not only maintaining, but increasing, the value of your wireless capabilities.
10.   Make sure your wired infrastructure is also secure. For most individuals and companies, wireless services are a relatively small component of their overall computing infrastructure. As a result, the majority of IT resources, assets, and data remain wired. To that end, a comprehensive security solution must protect all tiers and provide layers of security functions. In the smallest environments such as home offices or small businesses, this includes firewall and antivirus on desktops and servers, if any. In larger environments, it also includes firewall and anti-virus on gateways, VPNs on all remote and mobile computers, vulnerability assessment, policy compliance tools, and intrusion detection.

About Jason Conyard
Jason Conyard is an expert on the global
communications marketplace. The past 12 years have found him working on six
continents, handling the regulatory, technical, and commercial aspects of
worldwide communications projects. Jason currently serves as Symantec
Corporation's director of wireless product management. In this capacity,
Jason is responsible for mapping out Symantec's global response to wireless
security threats.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions n...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructur...
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mis...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performa...
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE