HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 42 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Mobilearrow Mobile Network Penetration
EH-Net
May 23, 2013, 10:22:35 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Mobile Network Penetration  (Read 7022 times)
0 Members and 1 Guest are viewing this topic.
MadCoder
Newbie
*
Offline Offline

Posts: 20


View Profile
« on: January 26, 2012, 08:14:02 AM »
My boss and I were talking this morning about an employee's phone being connected to the network and he suggested that it opens us up to our network being penetrated. 

We have a pretty stable and some what secured network behind two firewalls, and a couple snort boxes, etc...

Under what scenario couple a mobile phone running iOS be used to gain access to our network without the phone being rooted or jailbroken?
Logged
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #1 on: January 26, 2012, 10:07:09 AM »
De-authing clients and capturing traffic perhaps? (Not actual data traffic unless you have a rogue cellphone able to connect to the network, a weak wireless network, or a rogue Wireless AP that the cellphones can be tricked into using by jamming the frequence of the other.) Just an idea  Grin Have you separated the mobile cellphones from the critical infrastructure too?  Grin

I guess in a case with a malicious app, it could be possible. Eventually / in time, it's likely that it can happen on any mobile platform  Smiley

But that's just my thoughts, you're probably as secure as you can be, for now  Wink
« Last Edit: January 26, 2012, 10:10:49 AM by MaXe » Logged
I'm an InterN0T'er
3xban
Hero Member
*****
Offline Offline

Posts: 608


View Profile WWW
« Reply #2 on: January 26, 2012, 11:24:45 AM »
I would say treat any device you cannot control as possibly hostile.  If people want to connect their phones to the wireless network, put them on a segmented "public" wireless network or guest.  If their phone does get compromised, then you do not risk access to the business infrastructure.  Also if you are running iPhones then it might be a good idea (if you aren't already using or migrating to it) to use Exchange 2010 and utilize the iPhone feature to remotely wipe the device.  That is if you allow them to connect their phones to the corporate network.  Or just standardize and move everyone to BBs.  I hate them but they make central management of mobile phones easy.

But yes you should be concerned since the phone is attached to two networks, yours and the mobile provider.  You cannot control the mobile provider's network so treat it as hostile.
Logged
Certs: GCWN
(@)Dewser
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.078 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.