Blackjacking. Daniel Hoffman. Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise. Wiley Publishing, Inc.

Similar documents
Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

Implementing. Security Technologies. NAP and NAC. The Complete Guide to Network Access Control. Daniel V. Hoffman. WILEY Wiley Publishing, Inc.

716 West Ave Austin, TX USA

Wireless LAN Security (RM12/2002)

Changing face of endpoint security

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Security+ SY0-501 Study Guide Table of Contents

Mobile Device Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

ANATOMY OF AN ATTACK!

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

PCI Compliance Updates

Pass Microsoft Exam

Mobile Experience and Security - A Delicate Balance. Jeff Keller, CISA, CIA, CFSA SVP/Senior Audit Director, Technology, Projects, Due Diligence

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

CTS2134 Introduction to Networking. Module 08: Network Security

BYOD: BRING YOUR OWN DEVICE.

Securing the SMB Cloud Generation

TABLE OF CONTENTS CHAPTER TITLE PAGE

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Attachment 3 (B); Security Exhibit. As of March 29, 2016

Endpoint Security - what-if analysis 1

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

Computer Hacking Forensics Investigator

IoT Security for Critical Information Infrastructures. Andrey Tikhonov

An Agency Under MOSTI SECURITY ASSURANCE. Securing Our Cyberspace. Copyright 2008 CyberSecurity Malaysia

PrecisionAccess Trusted Access Control

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Wireless Network Security

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Introduction to Information Security Dr. Rick Jerz

PROTECTING THE ENTERPRISE FROM BLUEBORNE

CHAPTER 8 SECURING INFORMATION SYSTEMS

MOBILE SECURITY OVERVIEW. Tim LeMaster

Securing Today s Mobile Workforce

Mobility, Security Concerns, and Avoidance

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

Google Identity Services for work

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

WHITE PAPER. A Manager s Guide To Wireless Hotspots How To Take Advantage Of Them While Protecting The Security Of Your Corporate Network

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Achieving End-to-End Security in the Internet of Things (IoT)

Information Infrastructure Initiative, Kyushu University

MOBILE THREAT LANDSCAPE. February 2018

Connect Securely in an Unsecure World. Jon Clay Director: Global Threat

Advanced Diploma on Information Security

10 Quick Tips to Mobile Security

CYBERSECURITY RISK LOWERING CHECKLIST

Mobile Devices prioritize User Experience

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

ECDL / ICDL IT Security. Syllabus Version 2.0

Securing Information Systems

Endpoint Protection : Last line of defense?

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Cyber Criminal Methods & Prevention Techniques. By

Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code

CSci530 Final Exam. Fall 2011

Keep Cyber Threats from Destroying Your Company

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

SECURE USE OF IT Syllabus Version 2.0

How to Build a Culture of Security

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

шив Mobile Application Security Himanshu Dwivedi Chris Clark David Thiel Mc Grauu Hill

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

CYBER RISK CONSULTING. Smartphone Security Issues

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Ethical Hacking and Prevention

Kaspersky Mobile Security 9. Reviewer s Guide

Troubleshooting and Cyber Protection Josh Wheeler

Copyright 2011 Trend Micro Inc.

What is a mobile protection product?

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

Children s Health System. Remote User Policy

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Stopping Advanced Persistent Threats In Cloud and DataCenters

Topics. Ensuring Security on Mobile Devices

Protecting Your Devices. Dr. Leon D. Chapman

Symantec Client Security. Integrated protection for network and remote clients.

Technology in Action

Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management

A (sample) computerized system for publishing the daily currency exchange rates

Security Standards for Information Systems

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Symantec Endpoint Protection Family Feature Comparison

Course Outline (version 2)

SECURING YOUR HOME NETWORK

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Chapter 4. Network Security. Part I

6 Vulnerabilities of the Retail Payment Ecosystem

Personal Cybersecurity

Building Resilience in a Digital Enterprise

October 2016 Issue 07/16

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Transcription:

Blackjacking Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise Daniel Hoffman Wiley Publishing, Inc.

Contents About the Author Acknowledgments Introduction Chapter 1 Understanding the Threats 3 Quantifying the Threat 4 The Malware Threat 4 Direct Attack 6 Data-Communication Interception 9 Authentication Spoofing and Sniffing 11 Physical Compromise 12 Mobile Device Enterprise Infrastructure 14 PC and LAN Connectivity 17 Fundamental Changes in Security Strategy 20 Protecting the Mobile Device Itself 21 Enforcing Compliance on the Mobile Device 22 Addressing Security Deficiencies Automatically 22 Implementing Layered Security 22 Controlling and Protecting Data 22 Things to Remember 22 Chapter 2 Understanding the Devices 25 BlackBerrys 26 BlackBerry Business Phones 26 BlackBerry Handheld Devices 30 BlackBerry-Enabled Devices 34 Pocket PCs 35 Dell Axim Pocket PCs 36 HP Pocket PCs 37 vii ix xvii XI

xii Contents Palm Pocket PCs 38 Motorola Pocket PC 39 Palm Handhelds 40 Palm Smartphones 41 CellPhones 42 Symbian OS Cell Phones 42 Non-Symbian OS Cell Phones 43 Things to Remember 43 Chapter 3 Exploiting BiackBerry Devices 47 Malware Is Threatening Your BiackBerry 48 Analyzing a Malware Attack 49 Gathering Information 50 Setting Up for the Attack and Covering His Tracks 50 Launching the Attack 54 Protecting Against This Attack 57 Learning about New Vulnerabilities 60 BiackBerry Antivirus Software 62 Attacking a BiackBerry Directly 64 Attacking via IP Address 64 Attacking via Malware 70 Antimalware Applications 70 Enterprise-Grade Firewall with IDS/IPS 71 The BiackBerry Firewall 72 Ensuring the Device Has the Latest Updates 78 Educating Users about Risks 79 Intercepting BiackBerry Communication 80 What Data Is Being Transmitted? 82 How Is Data Being Transmitted? 82 Carrier Internet Access 83 Bluetooth 85 The BiackBerry Wi-Fi Interface 87 Physically Compromising a BiackBerry by Spoofing and Intercepting Authentication 87 How Physical Compromise Happens 88 Preventing Physical Compromise 89 Protecting a Stand-Alone BiackBerry 90 Preventing Unauthorized Access 90 The Truth About Wiping A Lost or Stolen BiackBerry 91 Implementing Content Protection 91 Spoofing and Intercepting Authentication 92 BiackBerry Security Checklist 93 Things to Remember 94 Chapter 4 Hacking the Supporting BiackBerry Infrastructure 95 Good and Bad: A Conduit to Your LAN 95 Understanding the BiackBerry Infrastructure 96 BiackBerry Infrastructure Components 96 Infrastructure Design Considerations 97

Contents xiii Attacking the BlackBerry Infrastructure 99 The Attacker's Side of the Story 101 Insecure Server Configuration 101 Insecure Topology 103 BBProxy 104 Things to Remember 109 Chapter 5 Protecting Your PC and LAN from BlackBerrys 111 Controlling Data Is Critical 112 How Companies Lose Control of Data 113 How to Control Data 116 Create and Communicate a Formal Policy 116 Enforce Security Policies with Available Technology 117 Threats from BlackBerry-Provided Internet Access 119 Internet Attack 120 The Attacker's Side of the Story 121 Preventing the Attack 130 Stay Up-to-Date with Patches 131 Use a Personal Firewall 133 Controlling Data Coming from a BlackBerry 134 Analyze the Data Coming from the BlackBerry 134 Analyze the Data as It Resides on the BlackBerry 137 Control Which Devices Can Connect to Your Enterprise PCs 137 Things to Remember 138 Chapter 6 Exploiting PDAs 141 Corrupting Your PDA with Malware 142 Backdoor Malware for the Pocket PC 142 Other PDA Malware 156 PDA Antimalware Programs 157 Kaspersky Security for PDAs 157 JSJ Antivirus 157 Trend Micro Mobile Security 159 Symantec AntiVirus for Handhelds 159 McAfee VirusScan Mobile 160 Targeting a PDA Directly 161 Finding a PDA 161 Making a PDA Stealthy 164 PDA Firewall Applications 165 Trend Micro Mobile Security (for PDA) 165 Airscanner Mobile Firewall (for Pocket PC) 165 Intercepting PDA Communication 167 Surfing the Internet at Public Wi-Fi Hotspots 167 Using IM and Checking Email at Public Wi-Fi Hotspots 170 Using Virtual Private Networks (VPN) to Secure Data 176 PDA Authentication Spoofing and Interception 177 Sniffing Email Authentication 177 Stealing Credentials with Access Point (AP) Phishing 180 Intercepting Authentication via SSL Man-in-the-Middle 185

xiv Contents Compromising the PDA Physically 191 Controlling Access to the PDA 192 Palm PDA Security 192 Pocket-PC Security 194 Encrypting Data on the PDA 195 Palm PDA Encryption 196 Pocket-PC Encryption 196 Things to Remember 198 Chapter 7 Hacking the Supporting PDA Infrastructure 201 Connecting a PDA to the LAN Is Good and Bad 201 You Get What You Pay For 202 Strengthen the Wireless Infrastructure 204 Using PDA VPN Clients to Protect the Infrastructure 207 Be Smart about Providing Access 207 Protect Credentials Protect the Infrastructure 208 Control Access to Email with VPN Clients 208 Things to Remember 209 Chapter 8 Protecting Your PC and LAN from PDAs 211 Connecting PDAs to Enterprise Resources 211 Transferring Data with a Pocket PC 211 Transferring Data with a Palm Device 214 Why Transferring Data Is a Problem 216 PDAs May Be Contagious 220 Good Intentions, Bad Results 220 Anatomy of an Infection 221 Inf ection by a Pocket PC 222 Infection by a Palm Device 225 Preventing PDAs from Bringing Malware into the Enterprise 228 Ensure PCs Are Using Antivirus Software Properly 228 Ensure All PDAs Contain Antivirus Software 230 Control Whether PDAs Can Connect to PCs 231 Centralized Management Tools for the PDA 237 Things to Remember 238 Chapter 9 Exploiting Cell Phones 241 Cell-Phone Malware 242 The King of All Cell-Phone Malware? 243 FlexiSpy: Trojan or Valid Software? 243 Other Cell-Phone Malware 245 Stopping Cell-Phone Malware 245 Trend Micro Mobile Security for Symbian 246 Symantec Mobile Security for Symbian 247 F-Secure Mobile Security 247 Stealing Data via Bluetooth 248 Discovering a Cell Phone via Bluetooth 249 Attacking a Cell Phone via Bluetooth 253 Preventing Bluetooth Attacks 258

Contents xv Intercepting Cell-Phone Communication 258 Physical Compromise and Cell-Phone Authentication Spoofing 260 A Real-World Example 261 Analyzing Physical Tampering 261 Preventing Physical Tampering 264 Spoofing Authentication with a Cell Phone 265 Things to Remember 268 Chapter 10 Protecting the Enterprise PC and LAN from Cell Phones 269 Cell Phones May Bring in Malware 269 How It Happens 270 How to Stop the Attack 271 Exposing Enterprise Email 272 A Creative Way to Access Enterprise Email 272 Prevent Email Forwarding 275 Exporting Enterprise Data and Clandestine Data Gathering 275 Mobile Phone Tools 275 Clandestine Information Gathering 276 Things to Remember 276 Index 277

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback