In my travels, I've spend many nights at hotels of varying quality around the world. When I look for a hotel, budget is my primary criteria. Location is secondary, and the hotel’s amenities are so low in my decision process that I’d hesitate to even call it tertiary. My approach introduces a lot of entropy into the parts of town I visit. As a result, I've gone down many roads less traveled, and stayed at places that don’t normally cater to the needs of business users.
Despite my methods for choosing neighborhoods, the one thing that is never part of my decision process is determining if I’ll be able to get wireless networking at my destination. I simply expect that I can get wireless everywhere I go. In the rare instance where I can’t connect at the hotel, I’ll surely find an open hot spot within blocks at a coffee shop or shopping center. We are reaching an era of WiFi ubiquity at the places where people congregate.
The rise of wireless networking in homes and at businesses corresponds to the rapid adoption of mobile devices. Mobile devices such as smart phones and tablets abandoned physical networking connectors, and ultrabooks are headed in the same direction. As a result, growing numbers of people expect to see WiFi provided at locations that they eat, relax and work.
Yet as a security practitioner, the only WiFi network that you can properly secure is your own. Once users leaves the office, the mobile user will be using wireless networks configured in a myriad of ways, including ones that favor convenience over security. Users will try to get connectivity by any means possible, with no way to ascertain just how much risk they may face, and the quality of the security being highly suspect at best.
The only safe assumption that we can make is that remote users will continue to access untrusted networks that have little protection against threats. In the upcoming weeks, I’ll be writing about why you shouldn't trust other networks, and explore how they are compromised. Next, we’ll take a look at the mobile threat landscape, and explore the world of exploits and malware that target mobile operating systems. We’ll examine mobile device security to understand what it can and cannot do. Finally, we’ll cover the requirements for a mobile security strategy and examine the ways to apply best practices.
If you’re interested in understanding more about mobile security, you've come to the right place. Stay tuned for more.