Mobile Financial Services: Are There Any Hard Problems - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Mobile Financial Services: Are There Any Hard Problems

Description:

Does wireless really introduce new security risk or is it simply ... End device has limited resources (power, processing, storage) limiting security capability. ... – PowerPoint PPT presentation

Number of Views:20
Avg rating:3.0/5.0
Slides: 19
Provided by: Ca94
Category:

less

Transcript and Presenter's Notes

Title: Mobile Financial Services: Are There Any Hard Problems


1
Mobile Financial ServicesAre There Any Hard
Problems?
  • Ron Moritz
  • SVP, eTrust Security Solutions
  • Computer Associates

2
Welcome to Wireless
GPRS
EDGE
Smart Phones
GSM
UMTS
Centrino
MMS
Linux
802.11h
WiFi
TDMA
Blackberry
Symbian
Warchalking
Palm
PocketPC
Tablet PC
1XRTT
Win XP
CDMA2000
Mobile Gateway
WAP
802.1x
Bluetooth
WCDMA
Hot Spots
WPA
802.11a
802.11b
802.11g
WEP
The Next Killer App
Wireless eMail
802.20
SMS
3
Wireless Defined
  • Confusion
  • Too many choices
  • Not enough education
  • Lack of standards
  • Security vulnerabilities

4
Mobility Solution Core Components
Business Benefits Realization
1. Devices iPaq Palm Blackberry Smart Phone
2. Network ATT SprintPCS Cingular WLAN
3. Connectivity Server Security (Firewall, VPN,
Access control, PKI Authentication)
0. Business Plan Needs Assessment What?
Where? Why? How? How much?



4. Applications LoB eMail Siebel, SAP, Portal
Software Middleware
5. Support Services Help Desk Device
rollout Training Development
6. Additional Services and s/w User Data Back Up
and Restore Exchange Managed Service Device
Maintenance and Break Fix Device Provisioning and
Configuration Application Hosting Application
Development


5
New Risks or Replay of Old?
  • Does wireless really introduce new security risk
    or is it simply highlighting the existing defects
    in our current network?
  • End device has limited resources (power,
    processing, storage) limiting security
    capability.
  • WiFi users may not be sufficiently focused on
    security concerns.
  • Because of unique aspects of wireless nets, there
    are new vulnerabilities and security concerns
    regarding C.I.A.

6
Data versus Voice People
  • Converged networks just say no!
  • There are data people
  • There are voice people
  • The idea of bridging between the cellular and the
    WLAN is nice but does not really fit the
    sociology of how people interact with technology
  • LAN/Telephony integration that is acceptable in
    the wired world may not be real (yet) in other
    platforms

7
Cell Phone What You Have
  • Engage the wireless device in strong
    authentication
  • Carrier can send one-time token to cell phone or
    other wireless device
  • Find other creative ways to enhance data security
    with wireless

8
New Solutions Are Required
  • Wired and wireless nets both have many of the
    same vulnerabilities
  • But, the solutions developed for wired nets may
    not be possible or implementable in wireless nets
  • For example, management of policies and services
    in wireless net
  • And, current protocols for managing
    authentication are insufficient in wireless world
  • So, need new ways to manage configuration,
    security policy, intrusion detection, and response

9
No Physical Isolation of Nodes
  • Wireless communication more susceptible than
    wired communication to security attack
  • Disruption (jamming, DDoS)
  • Observation (evesdropping, traffic analysis)
  • Misuse (theft of service)

10
Unique Attacks on Wireless Net
  • Capture and abuse of control channels
  • Spoof at or near boundary of network cells to
    capture traffic
  • Direct attacks at wireless power source
  • Attacks directed at the database or service
    needed for maintaining configuration and/or
    security policy management
  • Traditional intrusion detection techniques may
    not be possible in wireless network

11
Crucial to Financial Services
  • NAPs are like roaches if you see one you
    probably have hundreds
  • Scan for them
  • IBM wireless security auditor
  • Netstumbler
  • Grasshopper
  • Attacks on wireless may threaten individual
    privacy and enable identity theft

12
Crucial to Financial Services
  • Integration of wireless security into larger
    systems, networks and systems of systems
  • Devices whose security is crucial to the network
    are in the hands of individuals who lack
    expertise or interest in security
  • Must improve the embedded security of these
    systems so security of the nodes is easy

13
Security Situational Awareness
  • Visualize health of WLAN
  • Network topology is in constant flux as nodes are
    added, moved, removed
  • Intermittent connectivity, node and link failure,
    and compromises must be detected
  • Monitor and represent the status of the wireless
    network to understand security posture
  • Discovery possible through CA Unicenter

14
Manage Wireless Networks
  • Detect rogue devices
  • Manage performance and configuration
  • Topology and alerts

15
Shields and Cloaks
  • Location-aware policy enforcement
  • When do you want to be visible?
  • When do you want shares hidden?
  • User-friendly administration
  • Dont depend on level of security expertise of
    the user
  • Help engage user in his/her destiny
  • Help user understand location vis-à-vis network
    theyve engaged
  • Deliver software and manage performance and
    configuration

16
Automated Software Delivery
Manage Mobile Devices
  • Deliver software
  • Manage performance and configuration
  • Remote wipe, lock, and reload

17
Key CA Partnerships
  • MPAC
  • Preferred enterprise partner in Microsofts
    Mobility Partner Advisory Council
  • UCLA WINMEC
  • Wireless Internet and Mobile Enterprise
    Consortium
  • Founding member
  • SUNY Stony Brook Center of Excellence for
    Wireless Technology
  • Founding member
  • Ongoing research

18
CA Resources
  • White papers at www.ca.com/cto
  • Technology Innovations at CA
  • Enabling Mobile eBusiness Success
  • The Future of Wireless Enterprise Management
  • Whos Watching Your Wireless Network?
  • Enterprise Portals The Workplace of Tomorrow
Write a Comment
User Comments (0)
About PowerShow.com