Mobile Device Security

How to Go Ninja Warrior vs. Hackers

Brought to you by the Cisco Innovators Program

How many mobile devices got into your company's network last week?

There's no telling unless you know their MAC addresses. Most likely some iPhones did, and maybe some iPads, Blackberries, or Android devices.

As users' fascination with handheld connectivity grows, so does the security risk to business data and networks. Cybercriminals are increasingly targeting mobile devices and apps. And within the next three years, predicts Gartner, Inc., 90 percent of IT organizations will support corporate applications on personal mobile devices.

How can you protect your business against hacker and malware attacks from mobile devices?

Following are the arenas at your company where you can wage war—openly or covertly—and seven tips on implementing specific security controls.

Set Your Rules of Engagement

1. Control which mobile devices are authorized to access your network.

This may prove a Sisyphean task. At a minimum, work with your company's leaders to evaluate which handheld devices are simply conveniences and which are required for employees to do their job, then establish and enforce an acceptable use policy.

To help you do this, we'll cover policy in more depth next month in an article aimed at management. Until then, check out these blogs on policy by Michael Sanchez and on mobile device management solutions by Jaime Heary.

Stand Tall to Secure Local Connections

When mobile device users at your site try to connect to your network, you are clearly in control. You can use the following battle tactics to control the network traffic coming in from, and going out to, mobile devices at your site:

2. Place mobile device traffic on a separate VLAN. Configure your network equipment just as you would when segmenting voice and data traffic, or when segmenting network access for employee groups and guests. You can configure VLANs for mobile device traffic on your routers and switches and wireless access points.

3. Change the default Service Set Identifiers (SSIDs) on your wireless routers and access points, map them to VLANs, and—just as coffeehouses do—inform authorized users which VLAN they can connect to, and with what password.

4. Enable intrusion prevention and cloud-based web security software on your router and security appliance. Using these software protections adds some security against threats coming in from mobile device users' Internet use—especially from instant messaging, file sharing, and email.

Conceal Remote Connections

When mobile device users try to connect your network from other locations, you have far less control. The major challenges are to:

  • Identify who is attempting to gain access
  • Limit the access to specific applications and resources on your network
  • Keep the network traffic private while it transmits publicly over the Internet

Stealth is a great strategy for protecting remote connections by mobile devices, using VPNS.

5. Configure IP Security (IPsec) and Secure Sockets Layer (SSL) VPNs on your routers, wireless access points, and security appliances.

6. Ensure that remote mobile devices use VPNS. You can have them use SSL VPNs to connect through a browser and use only specific applications (ensure that the bandwidth is adequate to support the SSL connection without degrading performance). Or you can install client software to set up IPsec VPNs so that remote devices can securely connect and get the same access privileges they would receive if they were located at your site; IPv6 makes them appear as if they are physically connected.

7. Fortify your VPN security. Apply Tip #4 above. And if you have a Cisco SA500 Series Security Appliance, you can add two-factor authentication. Or if you have a Cisco ASA 5500 Series Adaptive Security Appliance, you can add the Cisco AnyConnect Secure Mobility Client, which increases the efficiency of VPN connections and supports consistent, context-aware security policy.

While your company is busy doing business, cybercriminals are busy targeting mobile users. When will you go Ninja to protect your company against their attacks?

Next Steps

Let Us Help

Get Connected

Now, it's even easier to collaborate with customers. Get connected by sharing your desktop and creating collaboration spaces on Cisco.com.

Build Your Space