22-11-2012, 11:40 AM
Mobile Security – The Time is Now
mobile security1.pptx (Size: 1.08 MB / Downloads: 31)
Introduction to Mobile Computing
Mobile computing is a generic term describing one's ability to use technology while moving.
A connection ties the mobile device to centrally located information and/or application software.
This is usually done through portable and wireless communication devices.
Drawbacks
The main concern with mobile computing is security.
Hacking is very prevalent with mobile computing.
Mobile computers are the most vulnerable to such attacks.
Need for mobile security
Mobile devices are flourishing and their diversity is growing.
Mobile devices are often used precisely where they’re most vulnerable – in public places like airplanes, lobbies, taxis, etc.
But only a few are secured against the potential hazards of security attacks.
This leads to data loss; probing or downloading of data by unauthorized persons.
Hence, mobile security is the need of today!
Types of Threats
Physical risk: Theft or loss.
Unauthorized access risk: Login or network access by an unauthorized person or computer
Operating system or application risk.
Mobile data storage device risk.
Network risk: Computing and communication devices can be accessed through the networks to which they are connected without detection.
Viruses, worms, and other malware can enter a computer or through other networks
Authentication
Authentication verifies that users or systems are who they claim to be, based on identity (e.g., username) and credentials (e.g., password).
Most highly publicized breaches are attributed to weak authentication - from unlocked laptops to wireless networks with cracked passwords.
Many embarrassing incidents could be avoided by providing vigorous authentication to mobile devices and their networks.
Data Encryption
Data encryption refers to
Mathematical calculations and algorithmic schemes that transform plaintext into cyphertext.
Cyphertext - non-readable to unauthorized parties.
The recipient of an encrypted message uses a key which triggers the algorithm mechanism to decrypt(decode) the data.
This transforms it to the original plaintext version.
Intrusion Prevention System
A network security device that monitors network for malicious or unwanted behavior.
It can react, in real-time, to block or prevent those activities.
Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks .
When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.