written 5.1 years ago by |
RAS is an important consideration for protecting the business sensitive data that may reside on the employees "mobile devices. In terms of cybersecurity, mobile devices are sensitive. Figure 2 illustrates how access to an organization's sensitive data can happen through mobile hand-held devices carried by employees. In addition to being vulnerable to unauthorized access on their own, mobile devices also provide a route into the systems with which they connect. By using a mobile device to appear as a registered user to these systems, a would-be cracker is then able to steal data or compromise corporate systems in other ways.
Another threat comes from the practice of port scanning. First, attackers use a domain name system (DNS) server to locate the IP address of a connected computer. A domain is a connection of sites that are related in some sense. Second, they scan the ports on this known IP address, working their way through its Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) stack to see what communication ports are unprotected by firewalls. For instance, File Transfer Protocol (FTP) transmissions are typically assigned to port 21 If this port is left unprotected, it can be misused by the attackers.
Protecting against port scanning requires software that can trap unauthorized incoming data packets and prevent a mobile device from revealing its existence and ID. A personal firewall on a pocket PC or Smartphone device can be an effective protective screen against this form of attack for the users connecting through a direct Internet or RAS connection. For situations where all connections to the corporate network pass through a gateway, placing the personal firewall on the gateway itself could be the simplest solution, because it avoids the need to place a personal firewall on each mobile device. In either case, deploying secure access methods that implement strong authentication keys will provide an additional protection.