PHOTO - George Chang, Fortinet's Regional Director for Southeast Asia & Hong Kong.
KUALA LUMPUR, 27 APRIL 2011 - The limited computing power of some wireless devices also constitutes the biggest security weakness when trying to secure wireless networks, said security solutions firm Fortinet.
"While the proliferation of wireless devices due to increase in mobile working may give users constant connectivity and ready access to their corporate network, this has also definitely brought new security challenges to IT departments as it represents new points of vulnerability for the enterprise," said Fortinet regional director for Southeast Asia & Hong Kong, George Chang, adding that no widespread VPN [virtual private network] solutions were available.
"Regarding wireless connections, WLANs [wireless local area networks] face many threats that strong authentication and link encryption do not address," said Chang. "Because wireless is a shared medium, it is subject to malicious attacks such as de-authentication broadcasts, evil twin access point (AP) / Honeypot. Also, it is possible for one user's high usage of application traffic to reduce the bandwidth available to all other users."
"For individuals, Fortinet would consider identity theft as the most critical threat, with cybercriminals using numerous methods and strategies to obtain your personal credentials (plain phishing, spear phishing, phisher worms, client-side trojaning, etc.) in order to gain access to your personal information (banking details, etc)," he said.
Cloud security pressure points
"While there's no doubt that cloud computing is the big IT trend, many IT managers are still concerned about how to secure their virtualised environments, since operating in a cloud-based world inevitably creates more risks for data infection or theft than in traditional IT networks," said Chang. "As companies offer cloud services such as storage for rent, software as a service, virtual IT and application hosting, they must be aware of the various pressure points in the data journey and the mechanisms available to secure data while it's stored or circulated in the cloud and when it's brought back to their client's network property."
"The most important thing a service provider needs to do is to constructively educate customers about the potential dangers of data stored in the cloud." he said. "There should be an access control security policy and some provision for DLP [data loss prevention]. Both will be critical to any compliance considerations that are impacted by a cloud strategy."
"Another thing that has to be considered is whether there is application content inspection for malware as data is being moved between the cloud and the network i.e., is encryption employed, and can data be scrubbed as it enters and leaves the network," said Chang. "To that end, they also need to think about what happens on hardware and portable devices, and whether there are sufficient client security controls that ensure downloaded data does not leak into the network or back into the cloud. Once inside the cloud, data has to remain malware-free, and one must ensure that any co-located content is not infected by other people's malware."
Sign up for Computerworld eNewsletters.