Continuing his discussion on BYOD and its security implication , Panseh Tsewole looks at carrier level vulnerabilities in the BYOD ecosystem . Panseh Tsewole reckons this is an area typically not covered by Info Sec pros doing risk analysis on BYOD projects . Either at home or on the road , traffic reaching our enterprise networks travels through a provider’s infrastructure . In this write-up , Panseh Tsewole discusses some of the issues we should consider .
Transport layer vulnerabilities through Man In The Middle Attack can be used against the carrier’s network . MITM attack allows the attacker to sniff traffic and gain access to sensitive data . We should ensure the carrier is deploying SSL or https encryption at the transport level .
Rogue access points is a challenge . Numerous environments such as hotels, airports, coffee shops and some restaurants offer free Wi-FI . Attackers can use a variety of tools that can act as proxies and capture data that includes login credentials. SSL stripe is a tool that can be used to capture credentials from sites using https protocol. Panseh Tsewole recommends remote access policies should address these vulnerabilities. The policy should ensure all remote connections to the enterprise network should come in through secured SSL VPN connections. Panseh Tsewole has researched numerous SSL VPN solutions whereby the clients automatically initiate a connection to the enterprise network as soon as it detects internet connectivity outside of the LAN. Palo Alto’s network Global Protect is one such product.
Some BYODs use GSM technology to connect to carrier’s network. SIM cloning is a serious vulnerability with such devices. Cloning is basically creating a copy of the original SIM card . These tools are readily available on the internet. A service provider usually implements anti cloning technology on its network . Our job is to verify such counter measure is in place with the carriers being used by the BYODs on our networks.