what processes and technologies can i use to keep a new mobile devices systems physically secure?
From coffee shops to planes, trains, and cruise ships, we've become accustomed to having ready access to the Net just about anywhere. The trouble is, it's like shooting fish in a barrel to forget how vulnerable that makes us to security threats.
I learned this the difficult way recently when traveling from San Jose to Tampa, passing through four cities along the way. Even though I'one thousand well aware of the potential for others to hack into my devices, I'd never had any problems previously. Unfortunately, there'south always a kickoff time: When I got back home, Facebook alerted me to some suspicious activeness. I had been "Firesheep'd"!
Apparently someone in Chicago (using Firefox and a Windows PC) had logged into my Facebook account via Firesheep, a Firefox extension that tin can intercept unencrypted cookies from certain Websites on any open Wi-Fi network, making it possible to steal login credentials for sites similar Facebook and Twitter, or even access your electronic mail.
Think it tin can't happen to you? Recollect again. Fortunately, a combination of plain old common sense and some technology tin protect your devices–apace and fairly easily.
How Your Gadgets May Be Vulnerable
Whether you're traveling with a laptop, netbook, smartphone, iPad, or all of the above, the risks and defenses against them are basically the aforementioned, according to Joe Nocera, an information security expert and a chief with PricewaterhouseCoopers. "Many of the security concerns that people think about when they think about their personal computers are applicable in the mobile globe." As mobile devices become more than sophisticated, they lend themselves to the same types of access to email, passwords, and other secure information that PCs have washed in the by.
Considering today'due south devices are so much more than powerful and can concord and then much more information than ever before, the risks are increasing, says Martin Hack, information security adept and executive vice president of NCP Engineering, a software company that helps businesses with their secure remote admission systems. Add together to that our tendency to carry both personal and business information around with u.s. on the same device, and our mobile devices accept never looked and so appealing to hackers, he says.
As specific mobile devices become more popular, they get more of a target for hackers. "Five years ago, the vulnerabilities were Microsoft-based and targeting PCs. Apple tended not to be targeted so frequently," says Nocera. "But, in the last year and a half or so, we're seeing a shift. More and more ofttimes we're seeing either Android- or iPhone-based vulnerabilities being targeted. We predict that by 2014 you'll see those types of vulnerabilities beingness the most targeted every bit more and more users go to those mobile devices."
The good news is information technology's not hard or even expensive to protect your devices and the information on them. The fixes are simple. The problem, stated quite eloquently in an old Pogo comic strip, is: "We accept met the enemy and he is us."
9 Tips for Keeping Your Mobile Devices Secure
i. Brand sure your software is upwardly-to-appointment. The first line of defense, says Nocera, is making sure that all your software is up-to-date. "Almost every release of software patches a number of security vulnerabilities that are out at that place," he says. Before every trip, or at least every few weeks, it'southward a good idea to cheque the manufacturer's Spider web site (or search Google) to see if a software or firmware update is available. If there'due south a new one, download it, unless in that location's a massive firestorm of negative reviews from early adopters.
2. Utilise strong passwords. "Be sure to use some combination of letters, numbers and/or special characters of 8 characters or more," says Jeremy Miller, director of operations for Kroll Fraud Solutions. "Avert using dictionary words. Instead, [utilize] acronyms for things like favorite songs, restaurants or other items known merely to you. And change the password frequently–at to the lowest degree once every half dozen months." If you're but not feeling clever enough to create your own passwords, programs like RoboForm will exercise it for you.
3. Don't mess with the security settings. Nocera notes that most of the default browser settings in Android, iPhone, and Blackberry phones are fairly secure out of the box. "I recommend not going in to alter browser security settings–they're pretty good already," he says.
four. Avert unencrypted public wireless networks. Such Wi-Fi networks require no authentication or countersign to log into, so anyone tin can access them–including the bad guys. In some cases, bad guys prepare an open network to snare unsuspecting people. Encrypted networks, on the other hand, are those that require an ID or password for admission–you'll discover such networks at many hotels and java shops that offer Wi-Fi services. These networks have 2 different types of security–WEP (wired equivalent privacy) and WPA (Wi-Fi protected access); the second is most secure. Even encrypted networks, though, accept risks–it's possible for bad guys to proceeds admission to encrypted networks at a hotel or cafĂ©, for example, so be cautious near the sorts of things yous practice on such networks.
Likewise avoiding connecting to unencrypted networks, plow off Wi-Fi when yous're not using it. This will prevent yous from automatically connecting to networks (and information technology will extend your device's battery life).
5. Paying to access a Wi-Fi network doesn't mean information technology'due south secure. Access fees do not equal security. Just considering you pay a fee to access a Wi-Fi network doesn't mean that the network is secure.
half-dozen. URLs beginning with 'https:' are safer (but not foolproof). Whenever yous're accessing a site where you lot'll exist sharing personal or confidential information–your banking concern'south site, for example–you lot want to make certain that yous're doing so securely. The s in https means that you're continued to the site via the Secure Socket Layer (SSL). In layman'southward terms, this means that all data transmitted to that particular Website over the Internet is encrypted.
SSL is non foolproof though: If you're on an unencrypted network connexion, y'all may yet be bailiwick to human being-in-the-middle (MITM) attacks, a form of eavesdropping where the bad guy makes a connection independently with two parties and and then "gets in the middle," making both believe that they are talking directly to each other.
These types of attacks are rare, only to baby-sit confronting them, make sure you're both continued to a secured network and that Websites use https when yous're entering sensitive data.
In add-on, says Nocera, nigh eastward-mail service providers have both a articulate text choice (that sends unencrypted data) and an encryption (SSL) choice. "Brand sure you take the SSL option enabled," he says.
7. Use VPN. If you have access to a VPN (virtual private network), use information technology. A VPN provides secure access to an organization'south network and allows yous to go online behind a secure layer that protects your information.
8. Turn off cookies and autofill. If your mobile device automatically enters passwords and login information into Websites you visit ofttimes, turn that characteristic off. It'due south convenient, but information technology can also exist a privacy threat. To get back some of the convenience that autofill offers, yous can endeavor tertiary-party apps, available for most platforms, that can manage saved passwords with a higher level of security. Mac Os X, for example, comes with a built-in password manager–Keychain. KeePass is a free, open-source password director for some versions of Windows. For iOS and Android smartphones, there's LastPass, 1Password, and SplashID. Using them is not as secure equally turning off autofill altogether, only it'south i way to strike a good balance. In the end, a little inconvenience can go a long way toward added security.
nine. Sentry your apps! Apps are great, and many are gratuitous, so it can be tempting to download with carelessness. Only, Nocera cautions, you should be selective well-nigh the apps you download, especially in the Android market, because "the Android app market place is a fiddling fleck more open up," without the strict developer guidelines found in Apple'due south App Shop. Do some due diligence earlier downloading apps. Make certain that you trust the developer and have taken the time to review some of comments.
TaintDroid is an Android tool that can place apps that transmit private data and notify users that a 3rd-party application is requesting private information. However, it's non an app that's offered through the Android Market. Instead, users take to manually compile and build the app using the framework provided by an app analysis company.
If Yous Still Become Hacked…
If you do everything right and withal have your information stolen, what should you do? The damage can often be repaired just by irresolute your password (to one much stronger) and sending a bulletin via the network that was affected, explaining what happened. What if one of your devices gets stolen? Be certain that all of your mobile devices have a remote wipe or autowipe feature. For Apple's iPhone and iPad, in that location's Apple'due south MobileMe service. GoogleApps offers a solution for Android every bit well. If your device is lost or y'all know there's been a breach, you can chop-chop and remotely perform a manufactory reset from whatsoever computer connected to the Internet, wiping out all of the device's information and fifty-fifty locking it indefinitely.
Source: https://www.pcworld.com/article/218671/9_ways_to_keep_your_mobile_devices_secure.html
0 Response to "what processes and technologies can i use to keep a new mobile devices systems physically secure?"
Post a Comment