Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Securing the Wireless
Securing the Wireless

With anytime, anywhere access to the Web, e-mail, Internet applications, and more, mobile professionals are enjoying the convenience and flexibility of being cable-free. But what would happen if suddenly 5,000,000 cellphones dropped their calls and stopped working for several hours or days? The repercussions would be enormous.

Given the low bandwidth nature of today's ­ and even tomorrow's ­ wireless networks, even a single virus event like LoveLetter could easily take down an entire wireless infrastructure in minutes. The traffic resulting from such a worm spreading to thousands or millions of devices would sap the limited bandwidth quickly, preventing other legitimate traffic from traversing the airwaves.

Analysts expect that, by the end of 2004, there will be more than one billion wireless devices in use, and over 100 million of them will be connected to the Internet. The always-online, open nature of these next-generation Internet-enabled products will make them increasingly susceptible to malicious code.

Wireless Internet connectivity promises to enable businesses to take significant steps toward employing a truly mobile workforce. With anytime, anywhere access to the Web, e-mail, Internet applications, and more at their fingertips, mobile professionals will enjoy the convenience and flexibility of being cable-free. Corporations, in turn, will benefit from an increasingly productive mobile community of executives, sales and service, business development staff, and other business-critical personnel.

While these promises have yet to be realized on a widespread scale, they are beginning to materialize as carriers launch 2.5G and 3G networks around the world, and hardware manufacturers bring a variety of sophisticated wireless and mobile devices to market. If the success of today's SMS is any indicator of the future potential of wireless services, then the demand for wireless Internet connectivity will accelerate; according to the GSM Association, from January 2000 to December 2001, the number of SMS messages sent monthly worldwide, grew from 4 billion to 30 billion.

Before the global embrace of wireless Internet occurs, a number of issues must be addressed. Perhaps the most important issue is security. Users want to be able to use their wireless devices and services without putting themselves and their assets at risk.

For businesses, the burgeoning wireless market means more flexibility and higher employee productivity. For hackers, however, it means another platform for creating, distributing, and using malicious code to gain unauthorized access to individual or corporate resources.

Such individuals may capture data and exploit network-based resources, including Internet access, fax servers, and disk storage. More important, wireless access to a network can represent the entry point for various types of attacks that can render services unavailable, and potentially subject the organization to legal liabilities.

The Wireless Domain
A look at the wired world provides a glimpse into the difficulties that await the wireless infrastructure. Today's wireless domain can be divided into three clear categories: personal area networks (or PANs), campus or building area networks, and carrier-based or metropolitan networks.

In the PAN space are PDAs and laptops that use either infrared or a wireless protocol such as Bluetooth to communicate with one another in close proximity. In the U.S. and other markets around the world, cellphones embedded with Bluetooth are beginning to ship. For users, a wireless PAN represents significant cost savings over traditional wired-device connections by obviating the need for cables and time-consuming setup and configuration.

Campus or building area networks typically use wireless Ethernet, or Wi-Fi, to provide wireless private network capabilities. Wi-Fi, based on the IEEE 802.11 standard, enables companies of all sizes, as well as individuals with home networks, to easily deploy one or more LANs without investing time and money in stringing cables.

In the carrier-based or metropolitan network space are increasingly complex cellular phones and PDAs. These devices offer more memory, faster processing, and sophisticated operating systems, which enable mobile users to leverage more powerful wireless networks to access the Internet, send and receive e-mail and, in general, conduct business as they would from a desktop PC.

Wireless Exploits
As with virtually all IT-based technologies and services today, the wireless domain is not without security risks. Many of these vulnerabilities have made headlines across the world. In June 2000, for example, the Timofonica virus hit thousands of Internet-enabled cellphone customers of Telefonica, Spain's largest cellphone provider. This virus caused infected PCs to send text messages to Telefonica mobile phone customers.

PDA exploits were not far behind. Two months after the Timofonica cellphone virus incident, the first Trojan horse for the Palm OS appeared. This Trojan horse, dubbed Liberty Crack, was followed less than a month later by yet another Trojan horse, called Palm Vapor. The introduction of PDA-specific malicious code represented a threat not only to PDAs, but it also called attention to the potential spread of such code throughout a company as users synchronized their handheld devices with their desktop or laptop systems.

Use ­ or in this instance, misuse ­ also represents a security vulnerability with Bluetooth-enabled devices. With many Bluetooth systems, users are able to configure their unit to discover other similar devices, to allow other devices to discover it, and to share some or all of their system resources with another device. Without adequate training, users can find themselves exposing their systems and resources to other Bluetooth-enabled devices as they form a temporary network with other laptops, cellphones, or PDAs. In such a scenario, another Bluetooth-enabled device user could exploit this vulnerability to make a long-distance phone call through an unwitting user's cellphone, to secretly gain access to another user's contact list on their PDA, to share files with an unsuspecting user, and more.

Another incident that made headlines in June 2001 demonstrated just how crippling a wireless-based security breach can be. Emergency services were made unavailable in a region of Japan when a virus took over the wireless-enabled Internet phones of i-mode service subscribers, and dialed the country's emergency hotline number, the equivalent to 911 in the U.S., creating a distributed denial-of-service attack. Estimates are that more than 13 million phones were directly impacted, and countless more people faced the disturbing experience of not being able to reach an emergency operator.

An Evolving Risk
The security threat to wireless LANs is inherent in the technology's flexibility, which is why the IEEE is developing its security for Wi-Fi. The current 802.11 security protocol for wireless networks is Wired Equivalent Privacy (WEP). WEP is designed to provide the "equivalent" security available in wireline networks, but is not without flaws.

Wireless networks are not restricted to physical structures, but instead provide service through walls, ceilings, and floors, with a range of 260 feet or so. Users in the "bleed" space ­ the area outside the intended boundary of the LAN ­ have the same network access as authorized internal users if the wireless LAN is not configured properly. Although drive-by hacking is therefore a real possibility with wireless LANs, it is less probable than those accidental security breaches caused by user configuration errors.

Compounding these security risks is the emergence of more and more powerful wireless devices, giving malicious users an enticingly robust platform for hosting their code. The arrival of increasingly sophisticated wireless devices such as Java- or Symbian-enabled systems and hybrid wireless devices that include PDA, GSM phone, Internet access, and always-on e-mail capabilities offer a fresh challenge to hackers. They also pose an interesting test to software developers who are tasked with writing more concise code to create compact applications for these small footprint units.

Several steps have already been taken to address some of the issues of wireless security. Some wireless notebooks support the use of fingerprint readers or sensors that rely on biometrics to identify authorized users. A growing number of devices include public key infrastructure (PKI) support built into their products. In addition, standards are being evaluated and approved to require wireless terminals to use advanced security technologies to protect their wireless computing environments.

Again, as evidenced in the wired world, businesses and individuals alike no longer have the luxury of procrastinating about making security decisions. Although wireline security incidents far outpace those of the wireless IT domain, the rapid adoption of sophisticated technologies will drive a parallel increase in security breaches to wireless devices and networks. As each new wireless technology appears, hackers will devote more and more time to discovering and exploiting new vulnerabilities ­ paralleling what has occurred in the wired world.

By employing a complementary combination of security solutions and common-sense best practices, wireless users can significantly reduce their exposure to security threats. And, as security standards and products evolve, users can prepare to embrace next-generation wireless devices and services that will help ensure their continued success in the wireless future.

SIDEBAR
Wireless Security Tips

Even as new vulnerabilities are identified and exploited, businesses can mitigate or eliminate many of the wireless security risks with careful education, planning, implementation, and management. The following 10 tips will aid this process:
1.   Run antivirus on the wireless device, where possible. For example, full-featured antivirus software is available for Palm OS devices. The most advanced solutions are usually offered by vendors of trusted antivirus for wired devices.
2.   Use a virtual private network (VPN). This software creates a secure tunnel into a company or home network, and provides both encryption and authentication.
3.   Do not store authentication credentials. Although it requires more work to log in when passwords and other authentication criteria are not automatically saved, it also makes unauthorized access more difficult.
4.   Use passwords that are not easily guessed, and change them often. This remains one of the most overlooked but effective and easy deterrents to security breaches.
5.   Keep software up-to-date. One of the security lessons provided by the Nimda worm outbreak in the wired world last year was that it is imperative that software and security patches are downloaded as soon as they're available. If not, small security holes can quickly become the entry point for the newest viruses, worms, and other malicious code.
6.   Download only from reputable sites. While it's tempting to download freeware or shareware on a wireless device, it is risky as well. These types of programs can potentially contain malicious code masquerading as legitimate programs, as evidenced by the Liberty Crack Trojan horse.
7.   Configure your device to prevent the indiscriminate sharing of resources. Consider the range of your wireless device and the potential hacking opportunities a simple misconfiguration can present to users with malicious intent; then lock down your device.
8.   Back up often. While this certainly doesn't prevent a security breach, a complete and recent backup makes recovery from a security incident a great deal easier‹but only if the source to which you back up is secure.
9.   Keep apprised of the latest wireless security offerings, standards, and breaches. Find a handful of online wireless security sources that offer current, concise, and clear information about developments in the wireless arena, and check them regularly. In a market that's as complex and dynamic as today's wireless environment, information is key to not only maintaining, but increasing, the value of your wireless capabilities.
10.   Make sure your wired infrastructure is also secure. For most individuals and companies, wireless services are a relatively small component of their overall computing infrastructure. As a result, the majority of IT resources, assets, and data remain wired. To that end, a comprehensive security solution must protect all tiers and provide layers of security functions. In the smallest environments such as home offices or small businesses, this includes firewall and antivirus on desktops and servers, if any. In larger environments, it also includes firewall and anti-virus on gateways, VPNs on all remote and mobile computers, vulnerability assessment, policy compliance tools, and intrusion detection.

About Jason Conyard
Jason Conyard is an expert on the global
communications marketplace. The past 12 years have found him working on six
continents, handling the regulatory, technical, and commercial aspects of
worldwide communications projects. Jason currently serves as Symantec
Corporation's director of wireless product management. In this capacity,
Jason is responsible for mapping out Symantec's global response to wireless
security threats.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
The need for greater agility and scalability necessitated the digital transformation in the form of following equation: monolithic to microservices to serverless architecture (FaaS). To keep up with the cut-throat competition, the organisations need to update their technology sta...
Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in orde...
Blockchain. A day doesn’t seem to go by without seeing articles and discussions about the technology. According to PwC executive Seamus Cushley, approximately $1.4B has been invested in blockchain just last year. In Gartner’s recent hype cycle for emerging technologies, blockchai...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSy...
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mo...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE