Chapter 3 - Cyber Security
Chapter 3 - Cyber Security
Chapter 3 - Cyber Security
Trends in Mobility
Mobile computing in third generation (3G) promises greater variety in applications and have
highly improved usability as well as speedier networking.
This smart mobile technology is rapidly gaining popularity and the attackers (hackers and
crackers) are among its biggest fans.
There are numerous attacks that can be committed against mobile networks and they can
originate from two primary vectors.
o One is from outside the mobile network – public Internet, private networks and other
operator’s networks
o The other is within the mobile networks – devices such as data-capable handsets and
Smartphones, notebook computers or even desktop computers connected to the 3G
network.
Authentication services security is important given the typical attacks on mobile devices through
wireless networks: DoS attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and
session hijacking.
Security measures in this scenario come from Wireless Application Protocols (WAPs), use of
VPNs, media access control (MAC ) address filtering and development in 802.xx standards.
Vishing
Vishing is Phishing over the telephone system, most often using features facilitated
by VoIP, to gain access to personal and financial information from the public for the
purpose of financial reward. It include:
1. ID theft;
2. purchasing luxury goods and services;
3. transferring money/funds;
4. monitoring the victims’ bank accounts;
5. making applications for loans and credit cards.
Smishing
Smishing is SMS PhISHING.
Smishing uses cell phone text messages to deliver a lure message to get the victim
to reveal his/her PI.
Another factor in cybersecurity complications with mobile devices is their falling cost.
Early hand-helds were expensive and specialized, so they were deployed only for specific
applications, but more general-purpose models are now available at a relatively low cost,
often bundled with a tariff for wireless connection.
Because modern hand-held devices for mobile computing are, at times, good productivity
tools, they cannot be precluded from use by employees, contractors and other business
entities.
It is important for the device management teams to include user awareness education;
thus, they get encouraged to take some personal responsibility for the physical security of
their devices.
When controls cannot be implemented to protect data in the event they are stolen, the simplest
solution is to prevent users from storing proprietary information on platforms deemed to be
insufficiently secure.