.

Mobile Network Penetration

<<

MadCoder

Newbie
Newbie

Posts: 20

Joined: Mon Mar 21, 2011 2:56 pm

Post Thu Jan 26, 2012 9:14 am

Mobile Network Penetration

My boss and I were talking this morning about an employee's phone being connected to the network and he suggested that it opens us up to our network being penetrated. 

We have a pretty stable and some what secured network behind two firewalls, and a couple snort boxes, etc...

Under what scenario couple a mobile phone running iOS be used to gain access to our network without the phone being rooted or jailbroken?
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Jan 26, 2012 11:07 am

Re: Mobile Network Penetration

De-authing clients and capturing traffic perhaps? (Not actual data traffic unless you have a rogue cellphone able to connect to the network, a weak wireless network, or a rogue Wireless AP that the cellphones can be tricked into using by jamming the frequence of the other.) Just an idea  ;D Have you separated the mobile cellphones from the critical infrastructure too?  ;D

I guess in a case with a malicious app, it could be possible. Eventually / in time, it's likely that it can happen on any mobile platform  :)

But that's just my thoughts, you're probably as secure as you can be, for now  ;)
Last edited by MaXe on Thu Jan 26, 2012 11:10 am, edited 1 time in total.
I'm an InterN0T'er
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu Jan 26, 2012 12:24 pm

Re: Mobile Network Penetration

I would say treat any device you cannot control as possibly hostile.  If people want to connect their phones to the wireless network, put them on a segmented "public" wireless network or guest.  If their phone does get compromised, then you do not risk access to the business infrastructure.  Also if you are running iPhones then it might be a good idea (if you aren't already using or migrating to it) to use Exchange 2010 and utilize the iPhone feature to remotely wipe the device.  That is if you allow them to connect their phones to the corporate network.  Or just standardize and move everyone to BBs.  I hate them but they make central management of mobile phones easy.

But yes you should be concerned since the phone is attached to two networks, yours and the mobile provider.  You cannot control the mobile provider's network so treat it as hostile.
Certs: GCWN
(@)Dewser

Return to Mobile

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software