Tuesday, May 5, 2020

Information Security and Privacy of Mobile Devices †Free Samples

Question: Discuss about the Security and Privacy of Mobile Devices. Answer: Introduction The rapid growth of mobile devices is becoming significant for the end users on the platform of computing in enterprise. The experience of user is intuitive with high capabilities of computing and having applications of more variation. The features of on connectivity and portability make this device to compel era of PC. The shifting of enterprise from the era of PC to the era of mobile devices needed the enterprise to secure the data and reducing risk of data breaching. In order to secure the important content within the mobile device requires the department of IT for adopting tool of new management as well as strategies for providing securities for the safety of mobile devices (Mislan, Casey Kessler, 2015). The organisation and the enterprise that follows the technologies of mobile devices will gain certain competitive advantage over the other companies due to heightened innovation. Mobile device Security Attack The attack on the mobile devices could be of different categories. The attack is mainly conducted for hacking the important data that is present within the mobile device. Attack can be categorized in different ways: Logical Problems: User Authentication The storing of corporate data in mobile devices should remain unread and not be altered by any people who are unauthorised. If this happens the confidentiality as well as integrity of the data present in mobile will be lost (Becher et al., 2012). As the utilisation of the data by the people those who are travelling are been increasing as the days are progressing as well as it develops maximum amount of threat on privacy of data. The authorised user should implement security mechanism for protecting the data like password, pin, token and biometric factors. This can be implemented for protecting data those are sensitive. Data confidentiality: Sensitive data like the organisation clients list as well as the phone number should be kept carefully managed within the mobile device. This data should not be seen by others. This data could be hacked by the attackers by spreading malware in device (LaPolla, Martnelli Sgandurra, 2013). Break-in ATTACKS: In breaking attacks the hackers manages to do the process of hacking by gaining partial control or having full control on the mobile device. There are two types of existence of Break in Attacks. They are Code injection as well as abusive logical error. Code injection is done by exploiting errors of programs that is leading to overflow of buffer and vulnerabilities of string format. The abusive logical error is delicate as it is depending on application as well as devices which are being attacked. Mobile Operating System The obligations of the vendors of mobile software are providing security to the mobile operating system. This process of providing security is one of the difficult jobs for the security service provider. The loss of data is related to data is security and also due to downtime of system. If lacking of security prevails the user will face immense difficulty (Wu et al., 2017). The model of control that is accessed by most of the systems is strong as it is supported by vendors of MOS. Network Threats Wireless Attacks: There are several types of attacks that leverage the targets wireless community. As mobile device helps in supporting communication without wireless connection they are been greatly affected by extraction of confidential as well as sensitive data like passwords and username. Wireless attacks is also misusing the identification of unique hardware like wireless LAN addresses that is used for tracking and profiling the device belonging to its owner. Malware can excellently exploit Bluetooth for propagation of its speed (Karlof Wagner, 2014). Attacks like phishing, spamming are been caused by wireless connectivity. Overbilling Attacks: In this type of threat the attackers propels random traffic for victim in their IP address. The provider does not has the ability to check whether traffic was been requested by victim. The hackers generally use the characteristics of always on of GPRS and that is been billed according to traffic amount and not according to the usage amount of data. Denial Of Service Attack (DOS): This threat for the mobile devices are related with strong connectivity as well as less capability. A large number of unwanted matters are been sent and trafficked in network of victims device. As the mobile devices hardware is limited therefore, the device becomes unusable once the traffic is sent by hackers (Chen, 2016). BYOD Attack: Bring Your Own Device attack is one of the new trend of attack. The organisation provided mobile devices for the workers who are doing travelling jobs so as to conduct swift business outside organisations boundary. But in recent trends it is seen that the employees are been asked to bring their own mobile devices (Xuan et al., 2014). This may lead to data breaching of company as the way of handling the device might not be the right way. The employees uses the smart phones of private consumer for fir the sake of business rather than using organisational devices. This may lead to leakage of sensitive data. Counter Measures The measures that could be followed for providing the security to the mobile phone devices are as follows: Providing Secured Operating System Architecture: Sandbox can be implemented for preventing malware so that it cannot access the information. It is a set of data which is associated with the mobile device application. The operating system of mobile device generally does not permit the app for accessing data which are outside sandboxes. This helps in mitigating the malware risk because if the files still get downloaded in the device the malware will not have the access for damaging or stealing of data (Hoffmann et al., 2013). Integrity of Operating system is also the suitable action for security that is based on the policies which is been well defined by organisation. Authentication: Authentication requires remote policies for password configuration. It permits remote configuration as well as local enforcement for policy of device password. Auto-wipe the device after failing to authentication attempts after specified number of times. The enterprise should certify the base identity for accessing the organisational data on the devices. Encryption: It helps in encrypting the data of enterprise at rest in the device. The strength of the password for the devices for enabling the encryption at the level of device and also ensuring it that all the apps are been encrypted accurately. End to end encryption helps in complete safeguard of data. Therefore, encryption is one of the significant part for the countermeasures. Secure Browsing: A secure browser like MobileIron Web@Work can be a secure browser as it allows the user for gaining access to the web resources of enterprise. The secure browsing will prevent the malware from been entering in to the devices through third party website and will also reduces leakage of data (Tang Xen, 2016). Network Security: It prevents loss of data through the network. It may be an open or a close network. App tunnelling will be one of the most important features for the security of network. The tunnelling of app level data provided helps the data to be in a secured position. Conclusion The pressure for supporting new portable operating frameworks will be a consistent test for IT offices in light of the fact that working framework and gadget decision are presently controlled by the shopper, not by the venture, and can change often. Versatile is one of the purest cases of the on summarization of IT, in which buyer conduct directs which innovations get received for business utilizes. Versatile working frameworks, for example, Android and iOS, and MobileIron, as an endeavour portability administration (EMM) stage, have developed to give the layered security controls venture requires to alleviate the danger of information misfortune on both corporate-claimed and by and by possessed gadgets (Goyal, Batra Singh, 2016). Subsequently of these controls, associations can now bolster the new era of portable working frameworks and gadgets that their client groups demand. In future the security dangers may even now turned out to be more regrettable inferable from the advancemen t and expanded use what's more, it will be troublesome for the IT Professionals to secure the cell phones alongside the individual and corporate information. In this paper the security issues of cell phones, conceivable arrangements and suggestions are talked about to a degree. Still there is a need to locate an inventive method or, on the other hand strategies or ways to deal with put a conclusion to the dangers and issues which will proceed as a ceaseless procedure. Questions Define Botnet Attack. When there is a group of mobile devices also known as term botclients contains facilities of malicious software , the operation is been conducted by the attacker also known as Botmaster for having control on the attack on targeted devices (Karim, Shah Salleh, 2014). However through botneck hackers can collect all the significant information and then launch DOS attack. What are the threat vectors that have been introduced by mobile? As the recent trend of Bring Your Own Device is becoming a trend in most of all the enterprise for increasing the productivity of organisation, therefore the device is now facing some security risk. They are categorised as: Based on Device- The on-connectivity of the device can permit the unauthorized users in accessing the data of business. Vulnerabilities of software will cause rooting of devices that compromises security of data (Saidu Xu, 2014). Network Based- The on-model needs the devices for being connected in internet. Therefore, the end clients can rely on public networks that are untrusted and this enable the malicious application to get enter in the device and steal or damages the data. References Becher, M., Freiling, F. C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C. (2012, May). Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. InSecurity and Privacy (SP), 2011 IEEE Symposium on(pp. 96-111). IEEE. Chen, E. Y. (2016, April). Detecting DoS attacks on SIP systems. InVoIP Management and Security, 2006. 1st IEEE Workshop on(pp. 53-58). IEEE. Goyal, P., Batra, S., Singh, A. (2016). A literature review of security attack in mobile ad-hoc networks.International Journal of Computer Applications,9(12), 11-15. Hofmann, O. S., Kim, S., Dunn, A. M., Lee, M. Z., Witchel, E. (2013, March). Inktag: Secure applications on an untrusted operating system. InACM SIGARCH Computer Architecture News(Vol. 41, No. 1, pp. 265-278). ACM. Karim, A., Shah, S. A. A., Salleh, R. (2014). Mobile botnet attacks: a thematic taxonomy. InNew Perspectives in Information Systems and Technologies, Volume 2(pp. 153-164). Springer International Publishing. Karlof, C., Wagner, D. (2013). Secure routing in wireless sensor networks: Attacks and countermeasures.Ad hoc networks,1(2), 293-315. La Polla, M., Martinelli, F., Sgandurra, D. (2013). A survey on security for mobile devices.IEEE communications surveys tutorials,15(1), 446-471. Mislan, R. P., Casey, E., Kessler, G. C. (2015). The growing need for on-scene triage of mobile devices.Digital Investigation,6(3), 112-124. Saidi, H., Xu, R. (2014).U.S. Patent No. 8,844,036. Washington, DC: U.S. Patent and Trademark Office. Tang, X., Chen, J. (2016).U.S. Patent No. 9,231,913. Washington, DC: U.S. Patent and Trademark Office. Wu, B., Chen, J., Wu, J., Cardei, M. (2017). A survey of attacks and countermeasures in mobile ad hoc networks. InWireless network security(pp. 103-135). Springer US. Xuan, D., Chellappan, S., Wang, X., Wang, S. (2014). Analyzing the secure overlay services architecture under intelligent DDoS attacks. InDistributed Computing Systems, 2004. Proceedings. 24th International Conference on(pp. 408-417). IEEE.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.