Mobile Financial Services: Are There Any Hard Problems?
description
Transcript of Mobile Financial Services: Are There Any Hard Problems?
![Page 1: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/1.jpg)
Mobile Financial Services:Are There Any Hard Problems?
Ron MoritzSVP, eTrust Security Solutions
Computer Associates
![Page 2: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/2.jpg)
Welcome to WirelessGPRS
MMS
SMS
Smart Phones
LinuxBlackberry Symbian
PocketPC Palm
CDMA20001XRTT
WPA
802.1x
802.11g802.11b 802.11a
GSM
BluetoothMobile
Gateway
WEP
Tablet PC
TDMA
WCDMA
EDGE
Hot Spots
WiFi
802.20
UMTS
Win XP
Wireless eMailThe Next Killer App
WAP
802.11hCentrino
Warchalking
![Page 3: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/3.jpg)
Wireless Defined• Confusion• Too many choices• Not enough education• Lack of standards• Security vulnerabilities
![Page 4: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/4.jpg)
Mobility Solution Core Components
1. DevicesiPaqPalmBlackberrySmart Phone…
2. NetworkAT&TSprintPCSCingular…WLAN
+
4. ApplicationsLoBeMailSiebel, SAP, Portal SoftwareMiddleware
5. Support ServicesHelp DeskDevice rolloutTrainingDevelopment
+
6. Additional Services and s/w:User Data Back Up and RestoreExchange Managed ServiceDevice Maintenance and Break FixDevice Provisioning and ConfigurationApplication Hosting Application Development
3. Connectivity Server Security (Firewall,VPN, Access control, PKIAuthentication)
+
0. Business PlanNeeds AssessmentWhat? Where?Why?How? How much?
+
+
Business Benefits Realization
![Page 5: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/5.jpg)
New Risks or Replay of Old?• Does wireless really introduce new
security risk or is it simply highlighting the existing defects in our current network?
• End device has limited resources (power, processing, storage) limiting security capability.
• WiFi users may not be sufficiently focused on security concerns.
• Because of unique aspects of wireless nets, there are new vulnerabilities and security concerns regarding C.I.A.
![Page 6: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/6.jpg)
Data versus Voice People• Converged networks – just say no!
• There are data people• There are voice people• The idea of bridging between the
cellular and the WLAN is nice but does not really fit the sociology of how people interact with technology
• LAN/Telephony integration that is acceptable in the wired world may not be real (yet) in other platforms
![Page 7: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/7.jpg)
Cell Phone – What You Have• Engage the wireless device in
strong authentication• Carrier can send one-time token to
cell phone or other wireless device• Find other creative ways to
enhance data security with wireless
![Page 8: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/8.jpg)
New Solutions Are Required• Wired and wireless nets both have
many of the same vulnerabilities• But, the solutions developed for wired
nets may not be possible or implementable in wireless nets
• For example, management of policies and services in wireless net
• And, current protocols for managing authentication are insufficient in wireless world
• So, need new ways to manage configuration, security policy, intrusion detection, and response
![Page 9: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/9.jpg)
No Physical Isolation of Nodes
• Wireless communication more susceptible than wired communication to security attack:• Disruption (jamming, DDoS)• Observation (evesdropping, traffic
analysis)• Misuse (theft of service)
![Page 10: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/10.jpg)
Unique Attacks on Wireless Net
• Capture and abuse of control channels• Spoof at or near boundary of network
cells to capture traffic• Direct attacks at wireless power source• Attacks directed at the database or
service needed for maintaining configuration and/or security policy management
• Traditional intrusion detection techniques may not be possible in wireless network
![Page 11: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/11.jpg)
Crucial to Financial Services• NAPs are like roaches – if you see
one you probably have hundreds• Scan for them
• IBM wireless security auditor• Netstumbler• Grasshopper
• Attacks on wireless may threaten individual privacy and enable identity theft
![Page 12: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/12.jpg)
Crucial to Financial Services• Integration of wireless security into
larger systems, networks and systems of systems• Devices whose security is crucial to
the network are in the hands of individuals who lack expertise or interest in security
• Must improve the embedded security of these systems so security of the nodes is easy
![Page 13: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/13.jpg)
Security Situational Awareness
• Visualize health of WLAN• Network topology is in constant flux
as nodes are added, moved, removed
• Intermittent connectivity, node and link failure, and compromises must be detected
• Monitor and represent the status of the wireless network to understand security posture
• Discovery possible through CA Unicenter
![Page 14: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/14.jpg)
•Detect rogue devices
•Manage performance and configuration
•Topology and alerts
Manage Wireless Networks
![Page 15: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/15.jpg)
Shields and Cloaks• Location-aware policy enforcement
• When do you want to be visible?• When do you want shares hidden?
• User-friendly administration• Don’t depend on level of security
expertise of the user• Help engage user in his/her destiny• Help user understand location vis-à-
vis network they’ve engaged• Deliver software and manage
performance and configuration
![Page 16: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/16.jpg)
Automated Software Delivery
•Deliver software
•Manage performance and configuration
•Remote wipe, lock, and reload
Manage Mobile Devices
![Page 17: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/17.jpg)
Key CA Partnerships
• MPAC• Preferred enterprise partner in Microsoft’s
Mobility Partner Advisory Council• UCLA WINMEC
• Wireless Internet and Mobile Enterprise Consortium
• Founding member• SUNY Stony Brook Center of Excellence
for Wireless Technology• Founding member• Ongoing research
![Page 18: Mobile Financial Services: Are There Any Hard Problems?](https://reader036.fdocuments.us/reader036/viewer/2022070502/568149a2550346895db6e379/html5/thumbnails/18.jpg)
CA Resources
• White papers at www.ca.com/cto• Technology Innovations at CA• Enabling Mobile eBusiness
Success• The Future of Wireless Enterprise
Management• Who’s Watching Your Wireless
Network?• Enterprise Portals: The
Workplace of Tomorrow