Networking.docx

Full Transcript

Troubleshooting Mobile Security Issues
While the preceding section—and its corresponding objectives—looked at mobile devices and focused on common OS and application issues, this section builds on that and focuses on security-related issues. Once again, it looks at common symptoms and tools, differing only in that there is more of a focus on security. It needs to be pointed out, though, that CompTIA is stretching the definition of the word security to include more than many would. A fair number of the issues that appear in this section would easily have fit in the preceding section.
1356
The following sections discuss common symptoms of problems with mobile operating systems and application-related security issues. As with so many issues involving troubleshooting, common sense is most important. Using logic and a systematic approach, you can often identify and correct small problems before they become large ones.
Signal Drop/Weak Signal
Weak signals are a common culprit behind dropped signals. Obviously, as you move away from the source of the wireless signal, it will get weaker and weaker. In Chapter 22, we discussed signal propagation outside of your organization. A malicious person will try to listen to wireless transmissions in an attempt to collect information. The ultimate goal is to try to compromise the network and gain private information. Of course, you want to make sure that this person can’t sit in the coffee shop or parking lot across the street and steal your information. Therefore, you need to keep signal strength low by the physical perimeter of the organization. This, of course, creates a weak signal and possible signal drop by clients.
One strategy is to use a higher frequency, such as 5 GHz, and limit the usage of lower frequencies, such as 2.4 GHz. Remember, the lower the frequency, the farther the signal can travel. The higher the frequency, the less the signal will travel. Newer 802.11 protocols are being introduced at higher frequencies, such as 802.11ad and 802.11ay at a whopping 60 GHz. These newer protocols will limit eavesdroppers and provider higher bandwidth. For now, however, you need to watch your placement of wireless access points (WAPs), limit power, and utilize 5 GHz frequencies for your SSIDs.
Power Drain
While applications, normal usage, and so on can contribute to power drain, another offender could be malware or a virus. Although we don’t want to think that a mobile device can contract a virus or malicious program (malware), it can! When you see power draining quickly, you need to investigate the symptom by using the techniques discussed in the preceding section. Check RAM and CPU usage. If an application is out of control, it could be infected with malware. It is best to run an antivirus/anti-malware scan on the device to check it thoroughly.
Not every problem is related to a possible security threat. The normal search for a cellular signal can be just as draining on power. However, if you are in the normal locations in your day-to-day travels, such as work and home, and the battery drains twice as fast as normal, you may have an application problem (out of memory) or a security threat. In either case, it needs to be checked out quickly—and not just to eliminate the anxiety of always looking for a charger.
Slow Data Speeds
Slow data speeds can be caused by too much interference, as pointed out earlier in this chapter. You should try changing the channel on Wi-Fi routers to less-used channels. You1357should use 5 GHz channels wherever possible, since they are less susceptible to external interference sources, like microwave ovens.
Specialized tools such as Wi-Fi Analyzer can help you to diagnosis the airspace for interference and high utilization, as well as determine the strength and quality of the wireless signal. This tool can show you what is happening in the airspace, which you would normally never see from a client.
If a particular device is suffering from slow data speeds on wireless, then you should immediately look at the performance of the underlying hardware. However, if the problem is strictly data speed, then you should have a closer look at the traffic on the device. Chapter 22 discussed the importance of mobile device firewalls. These applications don’t just keep traffic out of a device; they also keep traffic in a device. They achieve this by preventing application traffic from leaving the device unless it is previously authorized to do so.
Unintended Wi-Fi Connection
When autoconnect is enabled on a mobile device for a particular SSID, it opens the device to security threats. Unfortunately, we can live without autoconnect. If we had to connect our mobile devices to a wireless network everywhere we went, we would use up all our data just on our cellular plan. We have other things to remember, so autoconnect remains on for all of us.
One exploit that is commonly used with autoconnect is the evil twin attack, as shown in Figure 24.56. With this attack, the threat agent sets up a WAP on the same SSID the victim is associated to. The threat agent then sends a deauthentication frame to the victim, which forces the victim to search for the SSID. Since the victim has autoconnect configured, the victim associates to the evil twin. The threat agent can now launch a man-in-the-middle (MitM) attack against the victim.
Figure 24.56 An evil twin wireless attack
1358
So, should you stop using autoconnect? No, not at all. You just need to educate your end users and instill vigilance. If a client consistently sees signal drops (during the deauthentication), the issues should be investigated. Using wireless LAN controllers can also mitigate these issues, since they keep track of rogue access points. Wireless LAN controllers can shut down rogue access points by flooding them with deauthentication messages.
Unintended Bluetooth Pairing
When anonymous devices are allowed to connect to Bluetooth-enabled devices, this is known as unintended Bluetooth pairing, and it represents a security threat. When an unintended Bluetooth pairing occurs, the device paired can gain access to the information stored on the device. Bluetooth devices normally have access to our contacts, calendars, and sometimes even our credit cards. Mobile security policies should be created and enforced to prevent this from occurring. This can be achieved by restricting which devices can be paired with the mobile device and the level of access approved devices have access to.
Leaked Personal Files/Data
When authorized users access devices through unintended connections or unauthorized users access absconded devices, they can access the data on the device. Outside of these risks, there is always the risk of loss or theft of the device itself.
Therefore, security related to mobile devices should be applied in a layered approach. Antivirus and anti-malware software should be installed on the device to protect it from malicious applications. In addition, a mobile firewall should be installed along with the antivirus and anti-malware software. Fortunately, there are third-party security suites that can protect you from all these threats.
Mobile device management (MDM) software should also be employed. This software is like the Swiss Army knife of security for mobile devices. It can require passcodes, the installation of antivirus, anti-malware software, and/or mobile firewalls, current updates, and so much more. One of the most notable features is the ability to remotely wipe the device, in the event it is stolen or lost.
In addition, there should be a firm policy that details the encryption of data in use, at rest, and in transit. A written policy should be drafted along with procedures on how to deal with leaks when they occur. These policies are usually drafted with an insurance company in order to protect an organization in the event there is a data leak of personal information.
Data Transmission Over Limit
Exceeding the limits on data plans can be symptomatic of a security problem. A malicious application running on the device could be used to send spam or malware, or conduct a multitude of other malicious activities. All of these activities can rob you of precious data in your data plan, pushing you over your contracted limits.
1359
Excessive malicious use of data on a mobile device can be mitigated with two methods.

The first method is watching the normal usage of data from month to month. Identifying a normal baseline of usage can alert you when data usage is abnormal.
The second method is to use a mobile firewall, which limits the traffic leaving the mobile device.

Unauthorized Account Access
Unauthorized account access can give users access to personal files and data to which they should not have access. The most common unauthorized account access is email. A compromised email account can lead to further compromises, as password resets on other accounts often revolve around email.
An audit log should be maintained and reviewed for abnormal activity. The idea with audit logs is to manage by exception. If a typical account is logging in during normal business hours, there is nothing interesting that should be reviewed. However, if the same account logs in at two difference places at the same time or outside of business hours, these are the security events that you want to see. Many different authentication systems allow for reports to be generated based on these exceptions.
Unauthorized Location Tracking
While location-based data can be very valuable when you are using maps and trying to find sites, it can also give away sensitive information if accessed by someone who should not have it. You can optimize your battery life and protect yourself by turning off Location Services.
You can turn off Location Services on an Android device by tapping Settings, then Connections, then Location, and finally tap the switch to turn it off. On an Apple device, tap Settings ➢ Privacy ➢ Location Services. With both platforms, you will see each app listed along with its permission setting. Apps that recently used Location Services have an indicator next to the on/off switch, and you can configure them accordingly.
Unauthorized Camera/Microphone Activation
The camera and microphone can be activated remotely and allow a malicious individual to spy on you. When not in authorized use, the camera and microphone should be covered, to keep them from providing any data if they are remotely accessed.
In many organizations, devices with cameras or microphones must be turned off completely or checked into a locker during a visit. This is common practice for any sensitive government facility. This policy protects an organization in a few ways. It ensures information will not be photographed and conversations will not be recorded. These policies also safeguard the user in the event their phone is inadvertently compromised. If it’s not in the boardroom at the merger acquisition, then there is no potential for information to be1360leaked. Lastly, it limits distractions. This is a tertiary benefit to limiting personal devices in the workplace.
Many organizations that require employees to have mobile devices will employ MDM software. The MDM software can police the device to make sure that the camera is disabled, as well as the microphone. Certain MDM software packages can even create a geo-fence around the organization. When an employee enters in this area, it automatically disables these features.
High Resource Utilization
High resource utilization can be a telltale sign that a device is running more than you think it should be—perhaps the drives are being searched or the camera is recording your every move. Monitor for high resource usage. If you discover it, find out what is causing it and respond appropriately.