- Joined
- Aug 9, 2005
- Messages
- 67
- Reaction score
- 0
iPad and Tablet security
Currently, the biggest dangers to iPads and tablets (or PadTab’s as I call them) is not from malware, nor viruses, not even worms. That is because Android is baked around a Linux kernel, with a center written in C (Carmel Center) and all wrapped in a Java crust . The ipad’s and their iOS is a top secret formula, based on Unix and that’s really sweet too.
So given that no viruses can be written for Mac, and Linux cannot be fooled by malware, who needs anti-virus software (yes joking). The truth is that the biggest players in security software industry are not present in the App markets or stores, but that’s another story. The most likely assaults will be phishing, Apps embedded with malware, bluetooth hacking, and social engineering. We have already seen embedded malware come with the App’s right from jump street which gave Google a virtually show stopping scare. iOS has a more tightly run App store, which ironically enough has caused unforeseen problems. The App approval process taking too long seems to have resulted in older Apps at the store which contain well known vulnerabilities.
User accounts are the real Achilles heel in the cloud and iTunes has been raked through the coals already by Chinese hackers, but Google doesn’t fare any better on this note. This is not unique to PadTab’s since the Xbox, Sony, and even Gawker nerd forums have been hacked for user accounts recently. The post PC era is here now and so are its headaches.
IT days of total control over what devices are on their network, and how they are configured is quickly becoming a faint memory. Today users bring the devices with them and use network resources, period. This is really not a new development, I remember when Sys-Admins wanted to ban Mac’s, and Appletalk from their networks. Apple has never claimed to be an enterprise product, but because of their superior manipulation of music (audio), and graphics they gained wide acceptance from early on. Mac’s have been a low key, low energy investment for decades in IT until recently. If you count how many IT people work strictly with Microsoft systems, and the number working on Macs in most enterprises industries. The Mac count is almost always a low percentage of the Microsoft team.
IT professionals still wants to protect all devices, but it’s much more important to protect the business data. Long term policies need to look at virtualization for solutions, if the data or the OS never leaves the data center that’s Data Leak Protection (DLP). Do not let the user keep sensitive data on any devices, virtualize it. Virtualizing and sand boxing the applications along with operating system virtualization, will be the new posture for IT. This is really the best case scenario to come, but for now here is what almost anyone interested in securing their devices can do.
To protect PadTabs these are my current recommendations:
Physical security: These devices are small enough and expensive enough to be attractive and vulnerable to theft. Know where your device is and do not leave it unattended not even for short periods.
Encryption: The Andr4oid OS as well as iOS allow for device encryption. This one act makes you stolen or lost device virtually unattractive. It’s much harder for thieves to make it their own if the device is locked by encryption resources.
Screen locks: Password protect your screen; this requires you type in a password before the screen unlocks. This small sacrifice can save your device from falling into the wrong hands.
Strong Passphrase: Do not think Password, think complex think license plate English not dictionary English. Hackers use the quickest brute force hacks comparing your password against dictionaries. That’s right dictionaries Spanish, French, Russian, etc. Remember they do not have to read or understand your password only match it letter for letter.
Disable Bluetooth: Bluetooth is a short range type of wireless communication, its useful to connect to wireless headsets, cars or for syncing devices. This simple to use communication channel can be exploited and should not be left on, unless you have need of it. You should also never just leave your Bluetooth on, on your netbook, laptop, smartphone.
Currently, the biggest dangers to iPads and tablets (or PadTab’s as I call them) is not from malware, nor viruses, not even worms. That is because Android is baked around a Linux kernel, with a center written in C (Carmel Center) and all wrapped in a Java crust . The ipad’s and their iOS is a top secret formula, based on Unix and that’s really sweet too.
So given that no viruses can be written for Mac, and Linux cannot be fooled by malware, who needs anti-virus software (yes joking). The truth is that the biggest players in security software industry are not present in the App markets or stores, but that’s another story. The most likely assaults will be phishing, Apps embedded with malware, bluetooth hacking, and social engineering. We have already seen embedded malware come with the App’s right from jump street which gave Google a virtually show stopping scare. iOS has a more tightly run App store, which ironically enough has caused unforeseen problems. The App approval process taking too long seems to have resulted in older Apps at the store which contain well known vulnerabilities.
User accounts are the real Achilles heel in the cloud and iTunes has been raked through the coals already by Chinese hackers, but Google doesn’t fare any better on this note. This is not unique to PadTab’s since the Xbox, Sony, and even Gawker nerd forums have been hacked for user accounts recently. The post PC era is here now and so are its headaches.
IT days of total control over what devices are on their network, and how they are configured is quickly becoming a faint memory. Today users bring the devices with them and use network resources, period. This is really not a new development, I remember when Sys-Admins wanted to ban Mac’s, and Appletalk from their networks. Apple has never claimed to be an enterprise product, but because of their superior manipulation of music (audio), and graphics they gained wide acceptance from early on. Mac’s have been a low key, low energy investment for decades in IT until recently. If you count how many IT people work strictly with Microsoft systems, and the number working on Macs in most enterprises industries. The Mac count is almost always a low percentage of the Microsoft team.
IT professionals still wants to protect all devices, but it’s much more important to protect the business data. Long term policies need to look at virtualization for solutions, if the data or the OS never leaves the data center that’s Data Leak Protection (DLP). Do not let the user keep sensitive data on any devices, virtualize it. Virtualizing and sand boxing the applications along with operating system virtualization, will be the new posture for IT. This is really the best case scenario to come, but for now here is what almost anyone interested in securing their devices can do.
To protect PadTabs these are my current recommendations:
· Users Education
· Physical Security
· Encryption
· Screen Locks
· Strong Passphase
· Disable Bluetooth
User education: Most users would rather struggle on their own to navigate these devices, rather than be seen as being vulnerable towards new technology. This is especially true of IT users. User education should be made available early on to foster a unified approach.· Physical Security
· Encryption
· Screen Locks
· Strong Passphase
· Disable Bluetooth
Physical security: These devices are small enough and expensive enough to be attractive and vulnerable to theft. Know where your device is and do not leave it unattended not even for short periods.
Encryption: The Andr4oid OS as well as iOS allow for device encryption. This one act makes you stolen or lost device virtually unattractive. It’s much harder for thieves to make it their own if the device is locked by encryption resources.
Screen locks: Password protect your screen; this requires you type in a password before the screen unlocks. This small sacrifice can save your device from falling into the wrong hands.
Strong Passphrase: Do not think Password, think complex think license plate English not dictionary English. Hackers use the quickest brute force hacks comparing your password against dictionaries. That’s right dictionaries Spanish, French, Russian, etc. Remember they do not have to read or understand your password only match it letter for letter.
Disable Bluetooth: Bluetooth is a short range type of wireless communication, its useful to connect to wireless headsets, cars or for syncing devices. This simple to use communication channel can be exploited and should not be left on, unless you have need of it. You should also never just leave your Bluetooth on, on your netbook, laptop, smartphone.