|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Mobile Security:
Where risk meets opportunity, Part 3:
Additional Value-Added Security Services —
page three
VP Core Competence, Inc. [July 28, 2006] |
 |
Mobile firewalls
ISPs know all too well how important firewalls are for any internet-connected
device. Many providers now give, sell, or at least recommend desktop firewalls
to their subscribers. Given the amount of time that mobile devices spend
connected to the internet, it seems like common sense to equip them with
firewalls. And yet, no mobile operating system today includes this fundamental
network security measure.
Mobile devices cannot run personal firewalls designed for PCs. Not only do mobile devices use different operating systems; they have completely different TCP/IP stacks, network drivers, and horsepower. But mobile firewall architectures and features are conceptually similar to firewall products used on residential and business PCs. Some mobile firewalls are simple packet filters, while others offer stateful packet inspection. Some have little or no policy configuration, while others support network, zone, or application-specific rules. Some are intended for stand-alone use by individuals, while others are part of a broader mobile security platform designed to support enterprise-class administration and monitoring.
For example, Airscanner Mobile Firewall is a bi-directional packet filtering firewall that examines all incoming and outgoing TCP/IP traffic on individual Windows CE devices.
Mobile Armor MobileFirewall can be used as a standalone product or centrally-managed through the Mobile Armor PolicyServer.
TrustDigital
Mobile Edge (right) is a centrally-managed security suite that
combines firewall filtering with optional logging.
Symantec Mobile Security for Symbian combines a firewall with anti-virus protection for Nokia, Panasonic, and Samsung smartphones.
Mobile anti-virus
Some early anti-virus products written for mobile devices were discontinued
because they were ahead of their time. Mobile viruses emerged for Palm
back in 2000, but none were documented again until June 2004. Since that
time, over 200 new mobile viruses have emerged, and researchers expect
this trend to continue in lock-step with business adoption of mobile devices.
Mobile
viruses are malicious programs developed to run on mobile operating systems.
Mobile anti-virus programs periodically scan or continuously monitor mobile
devices, looking for known attack signatures and signs of tampering, while
dealing efficiently with limited CPU/memory and intermittent network connectivity.
For example, F-Secure
Mobile Anti-Virus (at left) receives incremental signature
updates over SMS whenever it detects that a 3G wireless connection is
available.
McAfee VirusScan Mobile is optimized for small footprint devices, adding under 200 ms latency to most end-user operations and requiring just over 500 KB of space on Symbian phones.
Some mobile anti-virus programs do more than scan for viruses. For example, TrendMicro Mobile Security scans for viruses and blocks SMS-borne spam, based on mobile telephone number and approved/blocked sender lists.
Alternatively, anti-virus can be layered with complementary malware defenses like Bluefire Mobile Security, a centrally-managed suite that can quarantine a PDA should a virus slip by and compromise the device's integrity.
Authorization
When mobile devices are used for business, employers may want to assert
control over features and functions that can be accessed by users.
Some mobile security programs can enforce black lists that prevent installation or use of software thought to be risky or inappropriate. Some can enforce white lists that verify the presence and correct configuration of required software (like anti-virus and firewall programs). For example, Good Mobile Defense includes a "compliance manager" that ensures defined applications are running and disables corporate network access (via Goodlink) on non-compliant devices.
An increasingly popular measure is controlling use of specific hardware features. Companies may feel that Bluetooth is just too risky, or they may wish to avoid handheld recording of meetings and other confidential conversations. Policies like these can be enforced with a product like CREDANT Mobile Guardian. The first time a mobile device is synchronized with a corporate desktop, a "shield" is installed to persistently enforce security policy that can (among other things) permit or deny use of Bluetooth, Infrared, Wi-Fi, SMS, camera, or USB interfaces.
Conclusion
The mobile devices and security products cited as examples in this series
are just a few of the many available today. In fact, most do far more
than described herein, and will do even more next quarter. As such, we
recommend using this series as a starting point for your own research.
We hope that this series helps you to better understand what today's PDAs
and smartphones can be used for, why mobile security really does matter,
and steps that can be taken to make them safer for business use.
Why should ISPs care? A recent FierceWireless-Bluefire Wireless Security Survey found that 3 out of 5 respondents thought their companies would pay more for security offered as part of monthly wireless service plan. Cellular carriers have already started to take advantage of this opportunity, and some mobile security suites are being packaged for carrier use.
But of course 3G wireless is just one of several network interfaces on many of today's mobile devices. ISPs can share in this growth market instead of ceding this market to wireless carriers. ISPs that offer wireless services—from Wi-Fi hotspots to metro Wi-Fi and perhaps WiMAX tomorrow—may supply secure wireless services for mobile devices, including devices that roam between networks.
ISPs that re-sell security products to subscribers can add mobile products to that list. ISPs that offer managed security services may wish to add mobile device support. As a first step, stand-alone security measures (e.g., firewall, VPN, anti-virus) could be added to complement existing laptop-oriented services. Alternatively, ISPs could host mobile VPN servers, mobile groupware servers, or mobile security managers, creating entirely new offerings that may hold subscriber interest or draw new customers.
In the end, analysts seem to agree that mobile security is a growth market, fueled by high-speed wireless and privacy concerns. You can watch this market evolve without you—or find a way to participate and reap rewards. We hope the possibilities raised in this series help you accomplish the latter.
|
Value-Added Security Services:
Access Controls |
|
Value-Added Security Services:
Stored Data Encryption and Secure Communication |
|
Value-Added Security Services:
Firewalls, Anti-Virus, Authorization, and the Conclusion |
| Related articles: | |||
| [Jan. 6, 2006] | Tucows Says E-Mail is Critical | ||
| [July 10, 2000] | Broadband Mobile Wireless | ||
| [Feb. 22, 2000] | 3G Technology Gives Mobile Wireless the EDGE | ||
|
Mobile
Security: Where risk meets opportunity, Part 1:
Introduction |
|
Mobile
Security: Where risk meets opportunity,
Part 2:
Threats and Defenses |
|
Mobile
Security: Where risk meets opportunity,
Part 3:
Value-Added Security Services |
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers