Posts

Security concern with popular, home-based, Internet routers

Independent Security Evaluators, a Baltimore-based security firm, stated that 13 Internet routers sold for home use were vulnerable to attack if the hacker had network access and could obtain the username and password of the router.  These routers include:

  • Linksys WRT310v2
  • Netgear’s WNDR4700
  • TP-Link’s WR1043N
  • Verizon’s FiOS Actiontec MI424WR-GEN3I
  • D-Link’s DIR865L
  • Belkin’s N300, N900 and F5D8236-4 v2 models

Basic suggestions:

  • Check to see if your home-based Internet modem/router is named above.  If so, check with the manufacturer to ensure that all security updates have been applied.
  • Change the login credentials using a complex password.  (Please review the article “Simple passwords = disaster” in our January 2013 Bryley Tips and Information.)

 

ComputerWorld.com — Popular Home Routers Contain Critical Security Vulnerabilities has the full story by Jeremy Kirk at ComputerWorld.

Protect your mobile device – Part 3: Enforcement, Tools, and First Steps

We have explored the importance of setting policies and training users on mobile device security and management; now, we wrap-up with how to enforce these policies, recommended tools, and first steps to mobile device security.

 

Enforcement

 

Enforcement is usually assisted through a Mobile Device Management (MDM) tool; typically a software-based application that requires an agent be installed to the mobile device.  Once installed, this agent connects back (remotely) to a central console from which an administrator can monitor, manage, and secure the mobile device and also support its user.

 

MDM features typically include:

  • Enforce user security policy:

o   Require complex password with frequent changes

o   Permit remote access only via SSL or VPN

o   Lock-down browser settings

o   Enable encryption

  • Recover lost or stolen devices:

o   Activate alarm (set off an audible alarm on the device)

o   Enable track and locate (track and locate the device via GPS)

o   Permit remote wipe (complete erasure of the device as a last resort)

  • Control mobile device applications:

o   Recognize and prevent installation of unauthorized applications

o   Permit whitelisting and blacklisting of application

o   Restrict or block application stores

  • Remotely deploy and configure applications (email, etc.)
  • Audit the mobile device for installed software, configuration, and capacity

 

ComputerWorld has a comprehensive article on the challenges of MDM. View it at

Mobile device management: Getting started.

 

To support our mobile device clients, we use the MDM capabilities built intoKaseya, our Remote Monitoring and Management tool.  Other MDM providers include:

  • AirWatch
  • LabTech
  • MobileIron
  • Symantec
  • Zenprise

 

While MDM provides a comprehensive tool, it can be costly to procure and support.  Many companies utilize a trusted business partner (like Bryley) to provide MDM tooling, monitoring, and support for their mobile devices on an ongoing basis with pricing that ranges from $15 (in quantity) to $75 per device per month.

 

Non-MDM Tools

 

Alternatively, Microsoft Exchange 2010 offers many MDM-type features through Exchange ActiveSync (EAS), an included protocol that licenses by end-user or end-device Client Access License (CAL).  The Exchange 2010 Standard CAL licenses:

  • Password security policies
  • Encryption required
  • Remote wipe

 

The Exchange 2010 Enterprise Add-On CAL licenses advanced features including:

  • Allow/disallow Internet browser, consumer email, unsigned installation, etc.
  • Allow/disallow removable storage, Wi-Fi, Internet sharing, etc.
  • Allow/block specific applications
  • Per-user journaling
  • Integrated archive

 

Exchange Server Standard 2010 is $709; Standard CALs are $68 each while the Enterprise Add-On CAL is an additional $42 each (based on list prices for business).

 

Main difference between MDM and EAS: Most MDM tools provide greater control over the mobile device during its lifecycle and can provide control over the device even before email is configured.

 

Other recommended tools include:

  • Anti-malware: AVG Mobilation – From free to $9.99 for Pro version
  • Protect and find phone via key-case fob – Kensington Bungee Air at $79.99

 

First step suggestions

 

These are our minimum, first-step suggestions:

  • Deploy anti-malware software immediately and manage it continuously
  • Require password to activate the device with a low auto-lock time
  • Update mobile devices through vendor-approved patching
  • Enable on-board encryption if handling sensitive data

 

Visit 10 Steps to Secure Your Mobile Device for detailed recommendations on securing your mobile device.