Unit-2

Introduction to Mobile Communication

Mobile Communication is the use of technology that allows us to communicate with others in
different locations without the use of any physical connection (wires or cables). Mobile
communication makes our life easier, and it saves time and effort.

A mobile phone (also called mobile cellular network, cell phone or hand phone) is an example
of mobile communication (wireless communication). It is an electric device used for full duplex
two way radio telecommunication over a cellular network of base stations known as cell site.

Features of Mobile Communication

The following are the features of mobile communication:

o High capacity load balancing: Each wired or wireless infrastructure must incorporate
high capacity load balancing.
High capacity load balancing means, when one access point is overloaded, the system
will actively shift users from one access point to another depending on the capacity which
is available.

o Scalability: The growth in popularity of new wireless devices continuously increasing

day by day. The wireless networks have the ability to start small if necessary, but expand
in terms of coverage and capacity as needed - without having to overhaul or build an
entirely new network.
 o Network management system: Now a day, wireless networks are much more complex
and may consist of hundreds or even thousands of access points, firewalls, switches,
managed power and various other components.
The wireless networks have a smarter way of managing the entire network from a
centralized point.

 Role based access control: Role based access control (RBAC) allows you to assign roles
based on what, who, where, when and how a user or device is trying to access your network.
Once the end user or role of the devices is defined, access control policies or rules can be
enforced.
o Indoor as well as outdoor coverage options: It is important that your wireless system
has the capability of adding indoor coverage as well as outdoor coverage.

o Network access control: Network access control can also be called as mobile device
registration. It is essential to have a secure registration.
Network access control (NAC) controls the role of the user and enforces policies. NAC
can allow your users to register themselves to the network. It is a helpful feature that
enhances the user experience.

o Mobile device management: Suppose, many mobile devices are accessing your wireless
network; now think about the thousands of applications are running on those mobile
devices.
How do you plan on managing all of these devices and their applications, especially as
devices come and go from your business?
 Mobile device management can provide control of how you will manage access to
programs and applications. Even you can remotely wipe the device if it is lost or stolen.

o Roaming: You don't need to worry about dropped connections, slower speeds or any
disruption in service as you move throughout your office or even from building to
building wireless needs to be mobile first.
Roaming allows your end-users to successfully move from one access point to another
without ever noticing a dip in a performance.
For example, allowing a student to check their mail as they walk from one class to the
next.
o Redundancy: The level or amount of redundancy your wireless system requires depends
on your specific environment and needs.
o For example: A hospital environment will need a higher level of redundancy than a
coffee shop. However, at the end of the day, they both need to have a backup plan in
place.
o Proper Security means using the right firewall: The backbone of the system is your
network firewall. With the right firewall in place you will be able to:
o See and control both your applications and end users.
o Create the right balance between security and performance.
o Reduce the complexity with:
o Antivirus protection.
o Deep Packet Inspection (DPI)
o Application filtering
o Protect your network and end users against known and unknown threads
including:
o Zero- day.
o Encrypted malware.
o Ransomware.
 o Malicious botnets.

o Switching: Basically, a network switch is the traffic cop of your wireless network which
making sure that everyone and every device gets to where they need to go.
Switching is an essential part of every fast, secure wireless network for several reasons:
o It helps the traffic on your network flow more efficiently.
o It minimizes unnecessary traffic.
o It creates a better user experience by ensuring your traffic is going to the right
places.

Advantages of Mobile Communication

There are following advantages of mobile communication:

o Flexibility: Wireless communication enables the people to communicate with each other
regardless of location. There is no need to be in an office or some telephone booth in
order to pass and receive messages.
o Cost effectiveness: In wireless communication, there is no need of any physical
infrastructure (Wires or cables) or maintenance practice. Hence, the cost is reduced.
o Speed: Improvements can also be seen in speed. The network connectivity or the
accessibility was much improved in accuracy and speed.
o Accessibility: With the help of wireless technology easy accessibility to the remote areas
is possible. For example, in rural areas, online education is now possible. Educators or
students no longer need to travel to far-flung areas to teach their lessons.
o Constant connectivity: Constant connectivity ensures that people can respond to
emergencies relatively quickly. For example, a wireless device like mobile can ensure
you a constant connectivity though you move from place to place or while you travel,
whereas a wired landline can't.

History of Wireless Communication

The history of the wireless communications started with the understanding of magnetic and
electric properties observed during the early days by the Chinese, Roman and Greek cultures and
experiments carried out in the 17th and 18th centuries. A short history of wireless
communication is presented in the tabular form:

Year Description

1880 Hertz-Radio Communication

1897 Marconi- Radio Transmission

1933 FCC (Federal Communication Commission)

1938 FCC rules for regular services

1946 Bell telephone laboratories 52 MHz

1956 FCC - 450MHz (Simplex)

1964 Bell telephone active research 800 MHz

1964 FCC - 450 MHz (Full Duplex)

1969 FCC - 40 MHz bandwidth

1981 FCC ? release of cellular land phone in the 40 MHz

1982 At & T divested and Server RBOC (Regional Bell Operation Companies) formed to
manage the cellular operation.

1984 Most RBOC market in operations

1986 FCC allocates 5MHz extended band.

1988 TDMA voted as digital cellular standard in North America.

1992 GSM (Group Special Mobile) operable Germany D2 system.

1993 CDMA (Code Division Multiple Access)

1994 PDCC (Personal Digital Cellular Operable) in Tokyo, Japan

1995 CDMA operable in Hong Kong

1996 Six Broad Band PCS (Personal Communication Services) licensed bands (120 MHz)
almost reader 20 billion US dollar

1997 Broad band CDMA constructed and of the 3rd generation mobile.

1999 Powerful WLAN systems were evolved, such as Bluetooth. This uses 2.4 MHz spectrum.

Generations of Wireless Communication

1G
o This is the first generation of wireless telephone technology, mobile telecommunications,
which was launched in Japan by NTT in 1979.
o The main technological development in this generation that distinguished the First
Generation mobile phones from the previous generation was the use of multiple cell sites,
and the ability to transfer calls from one site to the next site as the user travelled between
cells during a conversation.
o It uses analog signals.
o It allows the voice calls in one country.

Disadvantages
o Poor quality of voice
o Poor life of Battery
o Size of phone was very large
o No security
o Capacity was limited
o Poor handoff reliability
2G
o This is the second generation of mobile telecommunication was launched in Finland in
1991.
o It was based on GSM standard.
o It enables data transmission like as text messaging (SMS - Short Message Service),
transfer or photos or pictures (MMS ? Multimedia Messaging Service), but not videos.
o The later versions of this generation, which were called 2.5G using GPRS (General
Packet Radio Service) and 2.75G using EDGE (Enhanced data rates for GSM Evolution)
networks.
o It provides better quality and capacity.

Disadvantages
o Unable to handle complex data such as Video
o Requires strong digital signals
3G
o 3G is the third generation was introduced in early 2000s.
o The transmission of data was increased up to 2Mbits/s, which allows you to sending or
receiving large email messages.
o The main difference between 3G and 2G is the use of packet switching rather than circuit
switching for data transmission.
o Faster communication
o High speed web or more security
o Video conferencing
o 3D gaming
o TV streaming, Mobile TV, phone calls etc. are the features of 3G.

Disadvantages
o Costly
o Requirement of high bandwidth
o Expensive 3G phones
o Size of cell phones was very large.
4G
o 4G is the fourth generation of mobile telecommunication which was appeared in 2010.
o It was based on LTE (Long Term Evolution) and LTE advanced standards.
o Offer a range of communication services like video calling, real time language translation
and video voice mail.
o It was capable of providing 100 Mbps to 1Gbps speed.
o High QoS (Quality of Service) and High security.
o The basic term used to describe 4G technology is MAGIC. Where :
M-Mobilemultiedia
A-Anytimeanywhere
G-Global mobility support
I-Integarted wireless solution
C - Customized personal service

Disadvantages
o Uses more battery
o Difficult to implement
o Expensive equipment are required
5G
o It is refered to fifth generation wireless connection which will be probably implemented
by 2020, or even some years earlier.
o Machine to machine communication can be possible in 5G.
o 5G will be able to performs Internet of Things (IoT) for smart home and smart city,
connected cars etc.
o This generation will be based on lower cost, low battery consumption and lower latency
than 4G equipment.
o There will be much fater transmission rate of data to the previous versions. Thus the
speed of 5G will be 1Gbit/s.

Applications of Wireless Communication

Following is a list of applications in wireless communication:

Vehicles

Many wireless communication systems and mobility aware applications are used for following
purpose:

o Transmission of music, news, road conditions, weather reports, and other broadcast
information are received via digital audio broadcasting (DAB) with 1.5Mbit/s.
o For personal communication, a universal mobile telecommunications system (UMTS)
phone might be available offering voice and data connectivity with 384kbit/s.
 o For remote areas, satellite communication can be used, while the current position of the
car is determined via the GPS (Global Positioning System).
o A local ad-hoc network for the fast exchange of information (information such as
distance between two vehicles, traffic information, road conditions) in emergency
situations or to help each other keep a safe distance. Local ad-hoc network with vehicles
close by to prevent guidance system, accidents, redundancy.
o Vehicle data from buses, trucks, trains and high speed train can be transmitted in advance
for maintenance.
o In ad-hoc network, car can comprise personal digital assistants (PDA), laptops, or mobile
phones connected with each other using the Bluetooth technology.

Emergency

Following services can be provided during emergencies:

o Video communication: Responders often need to share vital information. The

transmission of real time situations of video could be necessary. A typical scenario
includes the transmission of live video footage from a disaster area to the nearest fire
department, to the police station or to the near NGOs etc.
o Push To Talk (PTT): PTT is a technology which allows half duplex communication
between two users where switching from voice reception mode to the transmit mode
takes place with the use of a dedicated momentary button. It is similar to walkie-talkie.
 o Audio/Voice Communication: This communication service provides full duplex audio
channels unlike PTT. Public safety communication requires novel full duplex speech
transmission services for emergency response.
o Real Time Text Messaging (RTT): Text messaging (RTT) is an effective and quick
solution for sending alerts in case of emergencies. Types of text messaging can be email,
SMS and instant message.

Business

Travelling Salesman
o Directly access to customer files stored in a central location.
o Consistent databases for all agents
o Mobile office
o To enable the company to keep track of all the activities of their travelling employees.

In Office
o Wi-Fi wireless technology saves businesses or companies a considerable amount of
money on installations costs.
o There is no need to physically setup wires throughout an office building, warehouse or
store.
o Bluetooth is also a wireless technology especially used for short range that acts as a
complement to Wi-Fi. It is used to transfer data between computers or cellphones.

Transportation Industries
o In transportation industries, GPS technology is used to find efficient routes and tracking
vehicles.

Replacement of Wired Network

o Wireless network can also be used to replace wired network. Due to economic reasons it
is often impossible to wire remote sensors for weather forecasts, earthquake detection, or
to provide environmental information, wireless connections via satellite, can help in this
situation.
o Tradeshows need a highly dynamic infrastructure, since cabling takes a long time and
frequently proves to be too inflexible.
o Many computers fairs use WLANs as a replacement for cabling.
o Other cases for wireless networks are computers, sensors, or information displays in
historical buildings, where excess cabling may destroy valuable walls or floors.

Location dependent service

It is important for an application to know something about the location because the user might
need location information for further activities. Several services that might depend on the actual
location can be described below:

o Follow-on Services:
o Location aware services: To know about what services (e.g. fax, printer, server, phone,
printer etc.) exist in the local environment.
o Privacy: We can set the privacy like who should get knowledge about the location.
o Information Services: We can know about the special offers in the supermarket. Nearest
hotel, rooms, cabs etc.

Infotainment: (Entertainment and Education)

o Wireless networks can provide information at any appropriate location.

o Outdoor internet access.
o You may choose a seat for movie, pay via electronic cash, and send this information to a
service provider.
o Ad-hoc network is used for multiuser games and entertainment.

Mobile and Wireless devices

Even though many mobile and wireless devices are available, there will be many more devices in
the future. There is no precise classification of such devices, by sizes, shape, weight, or
computing power. The following list of given examples of mobile and wireless devices graded
by increasing performance (CPU, memory, display, input devices, etc.)

Sensor: Wireless device is represented by a sensor transmitting state information. 1 example

could be a switch, sensing the office door. If the door is closed, the switch transmits this
information to the mobile phone inside the office which will not accept incoming calls without
user interaction; the semantics of a closed door is applied to phone calls.

Embedded Controller: Many applications already contain a simple or sometimes more complex
controller. Keyboards, mouse, headsets, washing machines, coffee machines, hair dryers and TV
sets are just some examples.

Pager: As a very simple receiver, a pager can only display short text messages, has a tiny
display, and cannot send any messages.

Personal Digital Assistant: PDAs typically accompany a user and offer simple versions of
office software (calendar, notepad, mail). The typically input device is a pen, with built-in
character recognition translating handwriting into characters. Web browsers and many other
packages are available for these devices.
Pocket computer: The next steps towards full computers are pocket computers offering tiny
keyboards, color displays, and simple versions of programs found on desktop computers (text
processing, spreadsheets etc.)

Notebook/laptop: Laptops offer more or less the same performance as standard desktop
computers; they use the same software - the only technical difference being size, weight, and the
ability to run on a battery. If operated mainly via a sensitive display (touch sensitive or
electromagnetic), the device are also known as notepads or tablet PCs.

Simplified Reference Model of Communication

The above figure shows a personal digital assistant (PDA) which provides an example for a
wireless and portable device. This Personal digital assistant communicates with a base station in
the middle of the picture. The base station consists of a radio transceiver (receiver and sender)
and an interworking unit connecting the wireless link with the fixed link. The communication
partner of the Personal Digital Assistant, a conventional computer, is shown on the right hand
side. Under earth each network element (such as PDA, interworking unit, computer), the figure
shows the protocol stack implemented in the system according to the reference model.

End-systems, such as PDA and computer in the example, need a full protocol stack comprising
the application layer, transport layer, network layer, data link layer and physical layer.
Applications on the end-systems communicate with each other using the services of the lower
layer.

Intermediate systems such as interworking unit; do not necessarily need all of the layers. Above
figure shows the network, data link and physical layers. As (according to the reference model)
only entities at the same level communicate with each other (i.e. transport with transport,
network with network).

Influence of mobile communication to the layer model

Layers Key points

Application layer o service location

o new applications, multimedia
o adaptive applications

Transport layer o congestion and flow control

o quality of service

Network layer o addressing, routing, device location

o hand-over

Data link layer o authentication

o media access
o multiplexing
o media access control

Physical layer o encrption

o modulation
o interference
o attenuation
o frequency

Physical layer

This is the lowest layer in a communication system and is responsible for the conversion of a
stream of bits into signals that are transmitted on the sender side. The physical layer of the
receiver transforms the signals back into a bit stream. For wireless communication, the physical
layer is responsible for generation of the carrier frequency, frequency selection, signal detection
(although heavy interference may disturb the signal), modulation of data into a carrier frequency
and encryption.
Data link layer

The main tasks of the data link layer include accessing the medium, multiplexing of different
data streams, correction of transmission errors and synchronization (i.e. detection of a data
frame). In short, the data link layer is responsible for a reliable point to point connection between
two devices or a point to multipoint connection between one sender and several receivers.

Network layer

The third layer which is called network layer is responsible for routing packets through network
or establishing a connection between two entities over many other intermediate systems. Some
topics are addressing, routing, device location, and handover between different networks. The
several solutions for the network layer protocol of the internet (the Internet Protocol IP).

Transport layer

Transport layer is used in the reference model to establish an end to end connection. Topics like
quality of service, flow and congestion control are relevant, especially if the transport protocols
known from the internet, TCP and UDP, are to be used over a wireless link.

Application layer

The applications (complemented by additional layers that can support applications) are situated
on top of all transmission oriented layers. Some context on this layer are service location,
support for multimedia applications, adaptive applications that can handle the variations in
transmission characteristics, and wireless access to the World Wide Web using a portable device.
Most demanding applications are video (high data rate) and interactive gaming (low jitter, low
latency).

Mobile communication devices

All devices communicating via radio signals emit man-made electromagnetic radiation and
threaten the health of all creatures and of Nature.

WLAN (Wi-Fi)
Even though Wi-Fi transmits at a lower power than mobile phones its impact on our health
should not be underestimated. At school and also at home even more children are being
exposed to this permanent pulsating signal, which disrupts the communication of our
organs. For this reason children often have difficulties concentrating in school, have trouble
falling asleep and become ill frequently.

More and more electronic devices are being equipped with a Wi-Fi component. Wi-Fi is
permanently sending and receiving data and contributes considerably to the
overall electromagnetic pollution.

Tablets

Tablets are a convenient invention and offer many application possibilities; this makes them very
popular. Media and school textbook publishers also are intensively promoting the introduction of
tablet computers for educational purposes. Tablets have been designed to be reliant on Wi-Fi
only as a means of communication and are not likely to be cabled. As previously explained
(see above) Wi-Fi and WLAN-devices are always broadcasting with a pulsating signal, which
disturbs the communication of our organs and thus damages our health.

Tablets are no expedient alternative for school books either. Brain researcher Manfred Spitzer
and media educator Paula Bleckmann both have pointed out, that the use of digital media before
the age of 16 has a negative effect on the learning abilities of reading and writing as well as the
language development of children.

Cordless phones

Digital cordless phones of the DECT standard are amongst the strongest household
“contaminators”. Cordless phones create very strong electromagnetic fields and are based on
the same technology as mobile communications. Even though there are now devices that only
send during a call (ECO Mode +), this function must be activated by the user in most cases. In
addition, the hand-held unit is placed directly to the head for a long period of time during a
phone call. Therefore, we recommend that you don’t use a cordless phone and, instead, convert
to a cabled phone at home (and if possible at work, too).
Smart meters

Smart meters are modern water, gas and electricity meters, which periodically send high-
frequency signals via WLAN, Wi-Fi or mobile services. These meters are often installed by
utility companies without informing the owners or tenants of the property.

Proliferation of Mobile and Wireless Devices-

The proliferation of mobile devices and Web applications underscores the fact that electronic
information systems affect every aspect of our lives, so the wireless communications become
more and more important. Keywords: Wireless Wide area network, Cellular Network, 4G, LTE.
Cellular Wireless Network.

What is proliferation of mobile devices?

Answer and Explanation: Proliferation can be defined as a rapid increase in the production of an
item. The production of varieties of mobile devices has greatly been increasing over the past
years. This is fueled by the advancement in the levels of technology in the market.

How has the proliferation of mobile devices affected IT professionals?

WiFi and cellular data can also be compromised, leading to important files being intercepted by
malicious actors either for ransom or for identity theft. With the proliferation of mobile
devices, IT professionals have a lot more threats to protect their employers from than ever
before.

What is mobile and wireless security?

Mobile security is the protection of smartphones, tablets, laptops and other portable computing
devices, and the networks they connect to, from threats and vulnerabilities associated with
wireless computing.

Proliferation of Wireless Devices and E-applications - The Emerging Security Challenges

for Global E
Emerging Mobile Devices Security Challenges

Across the globe, the usage of small wireless mobile devices such as PDAs, Blackberrys and
smartphones is growing faster than the Internet. The number of smartphones worldwide crossed
130 million by the end of 2008, according to IDC. As wireless devices grow in sophistication
and numbers, it’s no surprise that virus writers, hackers, and organized criminals have begun
targeting them. What’s surprising is how quickly they’ve found so many ways to exploit them.
Enterprises should not underestimate this emerging threat.
We will discuss here the 3 primary technologies deployed in all cell phones, PDAs, and
smartphones and the possible security threats.

* Bluetooth
* Mobile telephony
* Smartphones and PDAs

Bluetooth

Bluetooth is a short-range wireless technology. It is a radio frequency standard that allows any
sort of electronic equipment to make its own short-range connections, without wires or cables.
When two bluetooth enabled devices encounter one another, they can automatically
communicate with each other to establish whether they should form a personal area network.
This simple facility creates the opportunity for bluetooth attacks, viz, blue jacking, blue bugging,
and blue snarfing.

Blue jacking

Here, third parties can send text messages anonymously to the smartphones or PDAs of any users
who are within range (usually 10 to 20 meters) and it could be used maliciously and for blue
spam.

As a remedy to this problem, phone owners should not add senders of blue jack messages to their
address book and should remain hidden from blue jackers by keeping their bluetooth settings in
non-discoverable mode.

Blue bugging

A blue bugging attack is a hack attack on a bluetooth-enabled device. Blue bugging enables the
attacker to initiate phone calls on the victim’s phone, to read and send SMS messages, read and
write phone book contacts, eavesdrop on phone conversations, divert incoming calls, and surf the
Internet.

Blue snarfing

A blue snarfing attack can involve the theft of all contact information stored in the cell phone.

The best way to ward off these attacks is whenever the bluetooth is on avoid ‘pairing’ with any
unknown devices. Similarly, avoid downloading or installing suspicious software on to your cell
phone. Wherever possible, upgrade your cell phone PIN to an 8-digit code from the standard 4-
digit code with which it is issued. Never share the PIN with unknown devices or individuals.

Mobile Telephony

The mobile telephony universe boasts of cell phones, PDAs, and smartphones. There are
essentially 3 principal cell phone risks.
* Blue attacks (dealt with in bluetooth above)
* Loss of essential data (through accident or theft of the cell phone)
* Viruses, worms, trojans, and malware

Cell Phone Loss

When a cell phone is lost, two things happen, apart from the cost and inconvenience of the loss,
someone else can use the phone to make calls, and all data is lost. As a precaution, remember to
do the following:

1. Do not use the phone in areas where it could be stolen

2. Lock your cell phone, using the following methods

a. Key lock – this locks your key pad to prevent accidental number keying
b. SIM PIN Code – this locks your SIM card, protecting your account
b. Phone Security Code – this locks your handset
d. Voice Mail PIN – this secures your voice mail service

Viruses, Worms, and Malware that Affect Mobile Telephony

Mobile phone viruses, worms, and trojans are now beginning to spread. Skulls, a trojan horse
program that poses as a gaming software, is one of the earliest malicious codes to successfully
infect mobiles. If installed on mobile phones running Symbian OS, Skulls will render the
smartphone features of the phone useless by deactivating messaging, Net access, and other apps.
The malware replaces application icons with a picture of a skull, hence its name. Anti-virus
software for Symbian Series 60 is able to detect and remove Skulls.
The Cabir worm and Mosquito Trojans target smartphones that run the Symbian Series 60
operating system, while a third, called Duts 1520 attacks Pocket PCs with a Windows CE
operating system.

Mosquito Trojans hijack the device into calling special phone numbers that carry high fees,
running up the owner’s bill. The Mosquito Trojan is hidden inside a game that’s downloaded
over a wireless network, while Cabir is spread via bluetooth.

Protecting from Them

Expand the company wireless policies to forbid downloading games and other applications not
directly related to work. Educate the employees about the sources and symptoms of mobile
viruses. Explore antivirus software for mobile devices. Make it mandatory for wireless carriers to
outline their network safeguards.

PDAs and smartphones should be password protected. The wireless port on them must be
disabled. Device operating systems must have the latest patches installed. Any confidential
information stored on a device must be encrypted. Also, back up regularly - by synchronizing the
device with a linked computer.

Emerging Mobile Devices Security Challenges

With the proliferation of Web applications and e-commerce, you know how important it is for
those applications to be secure. Hackers are always looking for that overlooked gap so that they
can work their way into your application and your data. Some of the most significant Web
application threats are discussed below.

Invalidated input: Information from Web requests is not validated before being used by a Web
application. Attackers can use these flaws to attack backend components through a Web
application.

Broken access control: Restrictions on what authenticated users are allowed to do are not
properly enforced. Attackers can exploit these flaws to access other users’ accounts, view
sensitive files, or use unauthorized functions.

Broken access and session management: Account credentials and session tokens are not
properly protected. Attackers that can compromise passwords, keys, session cookies, or other
tokens can defeat authentication restrictions and assume other users’ identities.

Cross-site scripting flaws: The Web application can be used as a mechanism to transport an
attack to an end user’s browser. A successful attack can disclose the end user’s session token,
attack the local machine, or spoof content to fool the user.

Buffer overflows: Web application components in some languages that do not properly validate
input can be crashed and, in some cases, used to take control of a process. These components can
include CGI, libraries, drivers, and Web application server components.

Injection flaws: Web applications pass parameters when they access external systems or the
local operating system. If an attacker can embed malicious commands in these parameters, the
external system may execute those commands on behalf of the Web application.

Insecure storage: Web applications frequently use cryptographic functions to protect

information and credentials. Writing the codes for these functions and the codes used to integrate
them have proven to be difficult, frequently resulting in weak protection.

Denial of service: Attackers can consume Web application resources to a point where other
legitimate users can no longer access or use the application. Attackers can also lock users out of
their accounts or even cause the entire application to fail.

Insecure configuration management: Having a strong server configuration standard is critical

to a secure Web application. These servers have many configuration options that affect security
and are not secure out of the box.

Conclusion
The explosion of wireless devices and e-applications has become a necessity in today’s world.
However, they have also increased the security risks manifold and no security solution can be
foolproof to hacker attacks and virus writers, as they constantly innovate new methods of
penetrating in to these devices and applications, but the fight against these cyber criminals will
nevertheless continue undaunted.

How best to secure your Endpoint

Until a few years ago Information security was not a priority for many organizations. With the
advent of the Internet, it has created a world without boundaries. With these changes the threat
landscape evolved and information security became the need of the hour. Today, identifying
security challenges and specific security threats to your data have become very crucial. The
counter-measures used to mitigate each threat are equally challenging. It is a known fact that
malicious code “phoning home”, worms, intrusions, outbound attacks and botnets, have become
common.

Perimeter is not what it used to be mobility has made the network porous. From a business
perspective mobile devices are a productivity tool and a business necessity but from a security
perspective a significant threat. This has necessitated formulation of a security strategy and
policies in place that keeps mobile devices locked down and mobile data protected. There exist
numerous back doors in today’s network and data is often left unprotected to defend for itself.
Data has many enemies from Spyware to Removable media. Personal devices of individual users
and misuse of company owned devices and resources through P2P applications and Web mail
pose serious threat. Complicating matters are increasing instances of lost or stolen devices.
Industry analysts estimate that between 1,500- 3,000 laptops are stolen each day.

While threats continue to increase, so do the number of endpoint security applications and
management consoles to manage these numerous applications. It is common for enterprise PC to
run separate security agents for antivirus, desktop firewall, anti-spyware, and file or disk
encryption software, each centrally managed by a single-purpose console. It is not possible to cut
cost or do away without securing imperative data. If one uses the multi-agent approach, it makes
it costly and time consuming for administrators to update, monitor, test, and manage security
policy for these applications, including all the required software and signature updates.

Every business organization would want to have a control over their endpoint security. They
would need to implement a centralized, unified approach to resolve most of their endpoint
related security issues. Most of the organisations would want to invest in endpoint security once
and for all because it is cost effective, saves time and most of all since it is centralized, a unified
approach to addressing critical endpoint security makes business environment more secure.
Here are six endpoint security essentials for companies to shore up their defences:

Mitigate Malware

According to Kaspersky Labs, nearly 20,000 new malware outbreaks were reported from January
to July 2007. Potentially, that means 20,000 new, hard-to-find endpoint security problems. These
problems aren’t limited to viruses, rootkits, and proxies. Distributed denial of service attacks fall
into this category, too. The best ways to limit these destructive processes are to block attacks
with heuristic and behavioural-based antivirus and anti-spyware, complemented by effective
program control, which is important to mitigating malware because not only can it block known
malicious programs running on endpoint PCs, but it also can help control programs such as peer-
to-peer file sharing applications that are increasingly targeted to compromise endpoint systems.
With hundreds of thousands of programs on the Internet that could wind up on corporate PCs,
defining and enforcing a security policy regarding which programs to allow or deny can be very
time consuming. Therefore, an essential function of program control is the ability to automate
most policy decisions, so IT staff does not have to spend time researching programs. Ideally, this
is done via a knowledge base of known good and known malicious programs from which a best-
practices policy on whether they should be allowed or denied can immediately be applied.

Protect Data

It is very phenomenal for employees to move in and out of the company, and thus it is an
inevitable reality that should drive companies to deploy full-disk encryption and keep endpoint
data locked down and secure. This practice not only secures corporate secrets, it keeps sensitive
information completely protected in the event of loss. And this is even more important today
with strong personal privacy laws now requiring disclosure of security breaches when personal
information is breached. If a laptop is lost or stolen with a fully encrypted drive, companies can
avoid disclosure of the breach, as well as damage related to corporate reputation if the news
makes the headlines. Encrypting hard drives is not enough, though. Enterprises must also
consider threats posed by removable media such as USB flash drives, iPods, and Bluetooth
devices. First, these devices can carry viruses or other malware. Second, they can be an easy way
for sensitive data to leak outside the business if not properly protected. Some of the best
practices for endpoint security are to apply policy for both: controlling device access, scanning
the content of allowed devices to ensure there are no viruses present, and encrypting data on
these devices so the data remains protected.

Enforce Endpoint Policy Compliance

Even if you have the best technologies to mitigate malware and secure data, endpoints can still
be compromised if virus signatures or service patches are out of date. That’s where network
access control (NAC) comes in. This technology helps secure networked endpoints prior to
allowing them network access. It does this by including preadmission endpoint security policy
checks for endpoint devices to ensure that they meet the predefined security policy, such as
having current antivirus software or the latest patches. If protection is adequate, access is
granted. If not, the technology quarantines endpoints and facilitates remediation to help install
the proper updates.

Enable Secure Remote Access

With computing devices more mobile than ever, it’s critical to lock down the connections by
which users are logging into the corporate network. The very best endpoint security solutions
incorporate this kind of secure remote access effortlessly—through the same interface with
which users log in. The best approach here is a remote access agent—users log in once, and
everything they do from then on occurs in a secure space. Storing credentials in this agent also
makes it easy for users to access sites with different connectivity requirements. And there are
other reasons to consider a solution that offers a remote access agent with essential endpoint
security functions: Minimizing overall agent footprint, including CPU and memory utilization, to
help ensure endpoint systems run smoothly; Eliminating duplicate management tasks and
engineering test cycles associated with software updates—standard for two or more agents;
Ensuring interoperability between remote access and NAC functions, helping streamline policy
checks for remote users authenticating through a gateway.

Streamline Security Management

On the back end, it’s important to centralize endpoint security management so that administrators
can use one console to configure endpoints, administer policies, monitor performance, and
analyze data from the network as a whole. This isn’t only about making life easier for
administrators; it’s also about reducing maintenance costs of managing and updating a multi-
agent solution. Unification also helps improve security audit support by unifying, standardizing,
and automating reporting functions. In best-case scenarios, administrators can even deploy
baseline security policies using predefined policy templates.

Minimize End-user Impact

Finally, even the most hardened and efficient endpoint security solutions shouldn’t sap
bandwidth or processing power from other important end-user functions. With this in mind, the
best strategies embrace unified agent with small footprints and low memory utilization.
Transparency in other areas is also important—ideally, an endpoint security solution should be
so silent in its protection that users don’t even see an icon in their system trays. For users, the
bottom line is functionality and ease-of-use and for administrators, security should be paramount.
In addition to mastering these six endpoint security essentials, it’s critical for administrators to
keep their network security posture current. One way is to task specific personnel with the job of
keeping tabs on the latest threats. An easier way is to use a service that charts threats and
potential problems automatically. There should be a focused, professional effort towards
improving security posture and improving the quality of application-policy decisions while
minimizing the need for end-user involvement. End user involvement should be limited to
educating them on the risks involved with malware and loss / theft of mobile devices. There is a
need to sensitize end user on how their actions can result in security breaches, these can be
achieved through training to instill good security practices.

Trends in Mobility-

The transit system that India is moving towards is seamless mobility. It is a landscape that will
have connected vehicle technologies, using the tech advancements like the integration of the
internet of things (IoT) and artificial intelligence (AI). Urban mobility has become increasingly
complex globally and in India.

Here are the top cyber security trends for 2023.

 Multi-Factor Authentication. ...
 International State-Sponsored Attackers. ...
 Identity and Access Management. ...
 Real-Time Data Monitoring. ...
 Automotive Hacking. ...
 AI Potential: ...
 Improved Security for IoT Devices. ...
 Cloud Also Vulnerable.

What's trending in cyber security?

Sophisticated AI technology combined with age-old phishing attacks has given rise to cyber
threats in the form of data manipulation. Deepfakes are synthetic media used to replace the
likeness of one person with another in audio and video.
What are the types of credit card frauds?

Types Of Credit Card Fraud

 Card-not-present (CNP) fraud. Scammers steal a cardholder's credit card and personal
information — and then use it to make purchases online or by phone. ...
 Credit card application fraud. ...
 Account takeover. ...
 Credit card skimming. ...
 Lost or stolen cards.

What Are Common Types of Credit Card Fraud?

In 2020 alone, nearly 400,0001 Americans were victims of credit card fraud — and that number
is only going up. In fact, according to the Federal Trade Commission (FTC) credit card fraud is
one of the fastest growing2 forms of identity theft.

That's why it's important that you know how to protect yourself against credit card fraud, how to
spot the signs that you've become a victim of it, and how to report and recover from an event if it
happens. Here's what you need to know.

Types Of Credit Card Fraud

Credit card fraud comes in all shapes and sizes. It can happen online, over the phone, by text, and
in person. You can be duped by fake emails, have your information stolen in a data breach, or
have your cards stolen out of your mailbox. And these are just a few of the possibilities.

To protect yourself from becoming a victim, you need to know about different kinds of credit
card fraud. While solid prevention won't make you immune to it, being cautious can reduce your
chances.

Here are some of the most common types of credit card fraud:

Card-not-present (CNP) fraud

Scammers steal a cardholder's credit card and personal information — and then use it to make
purchases online or by phone. CNP fraud is difficult to prevent because there is no physical card
to examine and the merchant can't verify the buyer's identity.

Credit card application fraud

Criminals use stolen personal information (name, address, birthday, and social security number)
to apply for credit cards. This type of fraud can go undetected until the victim applies for credit
themselves or checks their credit report. While the victim will typically not be responsible for
any purchases made with fraudulent credit card accounts due to protection offered by the cards,
this type of fraud can damage the victim's credit score.

Account takeover

After stealing personal information, scammers contact credit card companies pretending to be the
cardholder. They then change passwords and PIN numbers so they can take over the account.
This type of credit card fraud will likely be detected when the cardholder tries to use their card or
log in to their account online.

Credit card skimming

The practice of credit card skimming is still happening, despite the prevalence of cards.
Skimmers are devices that steal credit card information from the magnetic strip on the back of
the card. Scammers attach them to credit card reader machines in ATMs, retail stores, gas
stations, and other businesses. Then they either sell the information to other scammers or use it
themselves to make charges on your card.

Lost or stolen cards

One of the most basic credit card fraud schemes is to simply steal someone's credit card or use a
card someone has lost. Thieves also intercept credit cards sent to cardholders in the mail.

Protecting Yourself From Credit Card Fraud

Although you can't completely protect yourself from credit card fraud, there are some steps you
can take to minimize your risk of becoming a victim.

 Never provide personal or financial information in response to emails, texts, or phone —

even if it looks like it's coming from a company you do business with. Remember, no
reputable company — including Synovus — will ever request your personal information
via email, text, or phone.
 To protect yourself from skimming, avoid suspicious card readers, like ones with sticky
keypads or that seem to be haphazardly attached to an ATM or gas pump.
  Shield your PIN and account number from bystanders and store employees when using
your card in person.
 Don't let mail sit in your mailbox for an extended period of time. It's not just credit cards
themselves that thieves can steal, but also financial statements. Since these contain your
name, address, and account number, it gives thieves a head start in CNP scams. If you'll
be away, place a vacation hold3 with the post office. And for additional protection,
consider moving to paperless statements.
 Set up account alerts to notify you of suspicious transactions — for example, charges
over a certain dollar amount.

Remember, no reputable company — including Synovus — will ever request your personal
information via email, text or phone.
How To Detect Credit Card Fraud

Unauthorized or suspicious charges are often the first indication you've been a victim of credit
card fraud. Review your monthly statements carefully to make sure there are no charges for
things you didn't buy — or withdrawals you didn't authorize. Receiving a credit card statement
for a card you didn't apply for is another way you could find out you've been victimized.

Many credit card companies are proactive about detecting fraud and often contact cardholders if
they detect suspicious activity. However, it's never wise to provide information on any
unsolicited phone calls. Instead, hang up and call your credit card company back and ask if there
are any problems with your account.

How To Report Credit Card Fraud

If you discover fraudulent transactions — or if your card is lost or stolen — contact your credit
card company immediately to report the fraud. Ask them to cancel or suspend your account.
They will tell you how to destroy any existing cards and when you'll receive replacement cards.

You can also file a police report by contacting your local police or sheriff's office. In most cases,
local authorities aren't equipped to handle credit card fraud cases. However, some creditors
require police reports as part of their investigation into your fraud claim.

What Do You Do If You're A Credit Card Fraud Victim

After you have contacted your credit card company and filed a police report, you can further
protect yourself and start the recovery process by doing the following:

 File a fraud alert with one of the three credit reporting

bureaus, TransUnion,4 Equifax5 or Experian.6 You only need to file with one as they
share alert information. The alert will make it harder for anyone to open new credit in
your name. You can also place a freeze on your account, which prevents you — or
scammers — from opening any new credit accounts in your name until you remove the
freeze.
 File a complaint with the Federal Trade Commission at identitytheft.gov.7 Once you have
filed a complaint, the agency will work with you to create a personal fraud recovery plan.
 Check your credit report. It's wise to check your credit report for credit inquiries or
accounts you don't recognize even if you haven't been a victim. This will help you catch
any fraudulent activity that may have slipped through the cracks. If you have been a
victim, it's even more important to check your report regularly. In response to the
dramatic rise in all types of financial fraud during the COVID-19 pandemic, all three
credit reporting bureaus — Equifax, Experian and TransUnion — are offering free
weekly credit reports8 to help consumers keep an eye on their accounts.

Unfortunately, there's no way to completely protect yourself from credit card fraud. But guarding
your personal information and checking your statements are typically your best lines of defense.

In the market for a new credit card? Be sure to look for a card that offers real-time alerts, online
statements, and coverage if someone fraudulently uses your card. Don't forget to consider
rewards, perks, and fees when choosing a credit card.
This era belongs to technology where technology becomes a basic part of our lives whether in
business or home which requires connectivity with the internet and it is a big challenge to
secure these units from being a sufferer of cyber-crime. Wireless credit card processing is a
tremendously new service that will enable an individual to process credit cards electronically,
virtually anywhere. It permits corporations to process transactions from mobile locations
quickly, efficiently, and professionally and it is most regularly used via organizations that
function in general in a cellular environment.
Nowadays there are some restaurants that are using wifi processing tools for the safety of their
credit card paying customers. Credit card fraud can take place when cards are misplaced or
stolen, mails are diverted by means of criminals, employees of a commercial enterprise steal
some consumer information.
Techniques of Credit Card Frauds :
1. Traditional Techniques :
 Paper-based Fraud –
Paper-based fraud is whereby a criminal makes use of stolen or faux files such as utility
payments and financial institution statements that can construct up beneficial Personally
Identifiable Information (PII) to open an account in anybody else’s name.
 Application Fraud –
1. ID Theft :
Where a person pretends to be anybody else.
 2. Financial Fraud :
Where a person offers false data about his or her monetary reputation to gather credit.
2. Modern Techniques :
Skimming to Commit Fraud is a kind of crime in which dishonest employees make unlawful
copies of credit or debit cards with the help of a ‘skimmer’. A skimmer is a gadget that
captures credit card numbers and other account information which should be personal. The
data and records held on either the magnetic stripe on the lower back of the deposit card or the
records saved on the smart chip are copied from one card to another.

Credit Card Frauds in Mobile and Wireless Computing Era-

In this modern era, the rising importance of electronic gadgets – which became an integral part
of business, providing connectivity with the internet outside the office – brings many challenges
to secure these devices from being a victim of cyber crime. These Credit card frauds and all are
the new trends in cybercrime that are coming up with mobile computing – mobile commerce (M-
COMMERCE) and mobile banking ( M-Banking).
Today belongs to ” Mobile computing” that is anywhere any time computing. The developments
in wireless technology have fuelled this new mode of working for white collar workers. This is
true for credit card processing too. Credit card (or debit card) fraud is a form of identity theft that
involves an unauthorized taking of another’s credit card information for the purpose of charging
purchases to the account or removing funds from it.
Elements of Credit Card Fraud
Debit/credit card fraud is thus committed when a person
1) fraudulently obtains, takes, signs, uses, sells, buys, or forges someone else’s credit or debit
card or card information;
2) uses his or her own card with the knowledge that it is revoked or expired or that the account
lacks enough money to pay for the items charged; and
3) sells goods or services to someone else with knowledge that the credit or debit card being used
was illegally obtained or is being used without authorization.
Theft, the most obvious form of credit card fraud, can happen in a variety of ways, from low tech
dumpster diving to high tech hacking. A thief might go through the trash to find discarded billing
statements and then use your account information to buy things. A retail or bank website might
get hacked, and your card number could be stolen and shared. Perhaps a dishonest clerk or waiter
takes a photo of your credit card and uses your account to buy items or create another account.
Or maybe you get a call offering a free trip or discounted travel package. But to be eligible, you
have to join a club and give your account number, say, to guarantee your place. The next thing
you know, charges you didn’t make are on your bill, and the trip promoters who called you are
nowhere to be found.
Types of Credit Card Fraud:

 The first category, lost or stolen cards, is a relatively common one, and should be
reported immediately to minimize any damages.
 The second is called “account takeover” — when a cardholder unwittingly gives
personal information (such as home address, mother’s maiden name, etc.) to a fraudster,
who then contacts the cardholder’s bank, reports a lost card and change of address, and
obtains a new card in the soon-to-be victim’s name.
  The third is counterfeit cards — when a card is “cloned” from another and then used to
make purchases. In Asia Pacific, 10% to 15% of fraud results from malpractices such as
card skimming but this number has significantly dropped from what it was a couple of
years prior, largely due to the many safety features put in place for payment cards, such
as EMV chip.
 The fourth is called “never received” — when a new or replacement card is stolen from
the mail, never reaching its rightful owner.
 The fifth is fraudulent application— when a fraudster uses another person’s name and
information to apply for and obtain a credit card.
 The sixth is called “multiple imprint”— when a single transaction is recorded multiple
times on old-fashioned credit card imprint machines known as “knuckle busters”.
 The seventh is collusive merchants — when merchant employees work with fraudsters
to defraud banks.
 The eighth is mail order/telephone order (MO/TO) fraud, which now includes e-
commerce, and is the largest category of total payment card fraud in Asia-Pacific,
amounting to nearly three-quarters of all fraud cases. The payments industry is working
tirelessly to improve card verification and security programs to prevent fraud in so-called
“card-not-present” transactions online or via mail order and telephone transactions.

What Can You Do?

Incorporating a few practices into your daily routine can help keep your cards and account
numbers safe. For example, keep a record of your account numbers, their expiration dates and
the phone number to report fraud for each company in a secure place. Don’t lend your card to
anyone — even your kids or roommates — and don’t leave your cards, receipts, or statements
around your home or office. When you no longer need them, shred them before throwing them
away.
Other fraud protection practices include:

 Don’t give your account number to anyone on the phone unless you’ve made the call to a
company you know to be reputable. If you’ve never done business with them before, do
an online search first for reviews or complaints.
 Carry your cards separately from your wallet. It can minimize your losses if someone
steals your wallet or purse. And carry only the card you need for that outing.
 During a transaction, keep your eye on your card. Make sure you get it back before you
walk away.
 Never sign a blank receipt. Draw a line through any blank spaces above the total.
 Save your receipts to compare with your statement.
 Open your bills promptly — or check them online often — and reconcile them with the
purchases you’ve made.
 Report any questionable charges to the card issuer.
 Notify your card issuer if your address changes or if you will be traveling.
 Don’t write your account number on the outside of an envelope.
Top Mobile Security Threats

OR

Security Challenges posed by Mobile devices

Mobile devices can be attacked at different levels. This includes the potential for malicious apps,
network-level attacks, and exploitation of vulnerabilities within the devices and the mobile OS.

As mobile devices become increasingly important, they have received additional attention from
cybercriminals. As a result, cyber threats against these devices have become more diverse.

1. Malicious Apps and Websites

Like desktop computers, mobile devices have software and Internet access. Mobile malware (i.e.
malicious applications) and malicious websites can accomplish the same objectives (stealing
data, encrypting data, etc.) on mobile phones as on traditional computers.

Malicious apps come in a variety of different forms. The most common types of malicious
mobile apps are trojans that also perform ad and click scams.

2. Mobile Ransomware

Mobile ransomware is a particular type of mobile malware, but the increased usage of mobile
devices for business has made it a more common and damaging malware variant. Mobile
ransomware encrypts files on a mobile device and then requires a ransom payment for the
decryption key to restore access to the encrypted data.

3. Phishing

Phishing is one of the most common attack vectors in existence. Most cyberattacks begin with a
phishing email that carries a malicious link or an attachment containing malware. On mobile
devices, phishing attacks have a variety of media for delivering their links and malware,
including email, SMS messaging, social media platforms, and other applications.

In fact, while emails are what people most commonly think of when they hear phishing, they are
not even close to the most commonly phishing vector on mobile devices. In fact, emails only
account for 15% of mobile phishing attacks, placing them behind messaging, social media and
“other” apps (not social, messaging, gaming, or productivity).

4. Man-in-the-Middle (MitM) Attacks

Man-in-the-Middle (MitM) attacks involve an attacker intercepting network communications to

either eavesdrop on or modify the data being transmitted. While this type of attack may be
possible on different systems, mobile devices are especially susceptible to MitM attacks. Unlike
web traffic, which commonly uses encrypted HTTPS for communication, SMS messages can be
easily intercepted, and mobile applications may use unencrypted HTTP for transfer of potentially
sensitive information.

MitM attacks typically require an employee to be connected to an untrusted or compromised

network, such as public Wi-Fi or cellular networks. However, the majority of organizations lack
policies prohibiting the use of these networks, making this sort of attack entirely feasible if
solutions like a virtual private network (VPN) are not used.

5. Advanced Jailbreaking and Rooting Techniques

Jailbreaking and rooting are terms for gaining administrator access to iOS and Android mobile
devices. These types of attacks take advantage of vulnerabilities in the mobile OSs to achieve
root access on these devices. These increased permissions enable an attacker to gain access to
more data and cause more damage than with the limited permissions available by default. Many
mobile users will jailbreak/root their own devices to enable them to delete unwanted default apps
or install apps from untrusted app stores, making this attack even easier to perform.

6. Device and OS exploits

Often, the focus of cybersecurity is on top-layer software, but lower levels of the software stack
can contain vulnerabilities and be attacked as well. With mobile devices – like computers –
vulnerabilities in the mobile OS or the device itself can be exploited by an attacker. Often, these
exploits are more damaging than higher-level ones because they exist below and outside the
visibility of the device’s security solutions.

Protecting Against Mobile Threats

 With the large and diverse mobile threat landscape, businesses require enterprise mobile
security solutions. This is especially true as the shift to remote work makes these mobile devices
a more common and critical component of an organization’s IT infrastructure.

An effective mobile threat defense solution needs to be able to detect and respond to a variety of
different attacks while providing a positive user experience. Accomplishing this requires
implementing these guiding principles:

 A 360° view of security across device, apps, and the network

 Full flexibility and scalability

 Full visibility into the risk level of the mobile workforce

 Privacy protection by design

 An optimal user experience

Registry Setting for Mobile Devices-

Registry Settings for Mobile Devices: Let us understand the issue of registry settings on mobile
devices through an example: Microsoft Activesync is meant for synchronization with Windows-
powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway
between Windows- powered PC and Windows mobile-powered device, enabling the transfer of
applications such as Outlook information, Microsoft Office documents, pictures, music, videos
and applications from a user's desktop to his/her device. In addition to synchronizing with a PC,
ActiveSync can synchronize directly with the Microsoft exchange server so that the users can
keep their E-Mails, calendar, notes and contacts updated wirelessly when they are away from
their PCs. In this context, registry setting becomes an important issue given the ease with which

various applications allow a free flow of information. Authentication Service Security: There
are two components of security in mobile computing: security of devices and security in
networks. A secure network access involves authentication between the device and the base
stations or Web servers. This is to ensure that only authenticated devices can be connected to the
network for obtaining the requested services. No Malicious Code can impersonate the service
provider to trick the device into doing something it does not mean to. Thus, the networks also
play a crucial role in security of mobile devices. Some eminent kinds of attacks to which mobile
devices are subjected to are: push attacks, pull attacks and crash attacks. Authentication services
security is important given the typical attacks on mobile devices through wireless networks: Dos
attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and session hijacking.
Security measures in this scenario come from Wireless Application Protocols (WAPs), use of
VPNs, media access control (MAC) address filtering and development in 802.xx standards.
Attacks on Mobile-Cell Phones: •Mobile Phone Theft: Mobile phones have become an integral
part of everbody's life and the mobile phone has transformed from being a luxury to a bare
necessity. Increase in the purchasing power and availability of numerous low cost handsets have
also lead to an increase in mobile phone users. Theft of mobile phones has risen dramatically
over the past few years. Since hugesection of working population in India use public transport,
major locations where theft occurs are bus stops, railway stations and traffic signals. The
following factors contribute for outbreaks on mobile devices: 1. Enough target terminals:The
first Palm OS virus was seen after the number of Palm OS devices reached 15 million. The first
instance of a mobile virus was observed during June 2004 when it was discovered that an
organization "Ojam" had engineered an antipiracy Trojan virus in older versions of their mobile
phone game known as Mosquito.

This virus sent SMS text messages to the organization without the users' knowledge. 2. Enough
functionality:Mobile devices are increasingly being equipped with office functionality and
already carry critical data and applications, which are often protected insufficiently or not at all.
The expanded functionality also increases the probability of malware. 3. Enough
connectivity:Smartphones offer multiple communication options, such as SMS, MMS,
synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore, unfortunately, the
increased amount of freedom also offers more choices for virus writers.
•Mobile - Viruses
•Concept of Mishing
•Concept of Vishing
•Concept of Smishing
•Hacking - Bluetooth Organizational security Policies and Measures in Mobile Computing Era:
Proliferation of hand-held devices used makes the cybersecurity issue graver than what we would
tend to think. People have grown so used to their hand-helds they are treating them like wallets!
For example, people are storing more types of confidential information on mobile computing
devices than their employers or they themselves know; they listen to music using their-hand-held
devices.One should think about not to keep credit card and bank account numbers, passwords,
confidential E-Mails and strategic information about organization, merger or takeover plans and
also other valuable information that could impact stock values in the mobile devices. Imagine
the business impact if an employee's USB, pluggable drive or laptop was lost or stolen,
revealing sensitive customer data such as credit reports, social security numbers (SSNs) and
contact information. Operating Guidelines for Implementing Mobile Device Security Policies In
situations such as those described above, the ideal solution would be to prohibit all confidential
data from being stored on mobile devices, but this may not always be practical. Organizations
can, however, reduce the risk that confidential information will be accessed from lost or stolen
mobile devices through the following steps:

1.Determine whether the employees in the organization need to use mobile computing devices at
all, based on their risks and benefits within the organization, industry and regulatory environment.

2.Implement additional security technologies, as appropriate to fit both the organization and the
types of devices used. Most (and perhaps all) mobile computing devices will need to have their
native security augmented with such tools as strong encryption, device passwords and physical
locks. Biometrics techniques can be used for authentication and encryption and have great
potential to eliminate the challenges associated with passwords.
3.Standardize the mobile computing devices and the associated security tools being used with
them. As a matter of fundamental principle, security deteriorates quickly as the tools and devices
used become increasingly disparate.
4.Develop a specific framework for using mobile computing devices, including guidelines for
data syncing, the use of firewalls and anti-malware software and the types of information that
can be stored on them.
5.Centralize management of your mobile computing devices. Maintain an inventory so that you
know who is using what kinds of devices.,
6.Establish patching procedures for software on mobile devices. This can often be simplified by
integrating patching with syncing or patch management with the centralized
7.Provide education and awareness training to personnel using mobile devices. People cannot be
expected to appropriately secure their information if they have not been told how. Organizational
Policies for the Use of Mobile Hand-Held Devices
There are many ways to handle the matter of creating policy for mobile
devices. One way is creating distinct mobile computing policy. Another way is including such
devices existing policy. There are also approaches in between where mobile devices fall under
both existing policies and a new one.In the hybrid approach, a new policy is created to address
the specific needs of the mobile devices but more general usage issues fall under general IT
policies. As a part of this approach, the "acceptable use" policy for other technologies is extended
to the mobile devices. Companies new to mobile devices may adopt an umbrella mobile policy
but they find over time. they will need to modify their policies to match the challenges posed by
different kinds of mobile hand-held devices. For example, wireless devices pose different
challenges than non-wireless Also, employees who use mobile devices more than 20%% of the
time will have different requirements than less-frequent users. It may happen that over time,
companies may need to create separate policies for the mobile devices on the basis of whether
they connect wirelessly and with distinctions for devices that connect to WANs and LANs .
Concept of Laptops: As the price of computing technology is steadily decreasing, usage of
devices such as the laptops is becoming more common. Although laptops, like other mobile
devices, enhance the business functions owing to their mobile access to information anytime and
anywhere, they also pose a large threat as they are portable Wireless capability in these devices
has also raised cyber security concerns owing to the information being transmitted over other,
which makes it hard to detect. The thefts of laptops have always been a major issue, according to
the cybersecurity industry and insurance company statistics. Cybercriminals are targeting laptops
that are expensive, to enable them to fetch a quick profit in the black market. Very few laptop.
thieves. are actually interested in the information that is contained in the laptop. Most laptops
contain personal and corporate information that could be sensitive.. Physical Security
Countermeasures Organizations are heavily dependent upon a mobile workforce with access to
information, no matter where they travel. However, this mobility is putting organizations at risk
of having a data breach if a laptop containing sensitive information is lost or stolen.

Authentication Service Security

Modern computer systems provide service to multiple users and require the ability to accurately
identify the user making a request.

Password based authentication is not suitable for use on computer network – as it can be easily
intercepted by the eavesdropper to impersonate the user.

There are 2 components of security in mobile computing:

1. Security of Devices : – A secure network access involves mutual authentication between the
device and the base station or web servers. So that authenticated devices can be connected to
the network to get requested services. In this regard Authentication Service Security is
important due to typical attacks on mobile devices through WAN:
a. DoS attacks: –
b. Traffic analysis:-
c. Eavesdropping:-
d. Man-in-the-middle attacks: –
2. Security in network: – Security measures in this regard come from
a. Wireless Application Protocol (WAP)
b. use of Virtual Private Networks (VPN)
c. MAC address filtering

What is Authentication Service?

Authentication Service facilitates username/password validation using your on-premises Active
Directory/LDAP server. Authentication Service is installed as a virtual appliance and
communicates with your local directory using LDAP over SSL. It can operate in the DMZ or
inside the local area network (LAN), or both, based on the mode(s) of operation:
1. Desktop single sign-on (SSO). This option applies to end users using cloud or hybrid
filtering to access the Internet from within your network. In this case, the user's desktop
credentials are validated by Authentication Service using Kerberos tickets distributed by your
Key Distribution Center (KDC) machine. Authentication Service is installed inside the LAN
 and acts as a federation server within your network, creating an in-network federation authority
that communicates with the Websense proxy using SAML 2.0 assertions.
The user authenticates with the Active Directory/LDAP server within the network (leveraging
existing network security). When a user from within the corporate network accesses an external
URL, they are redirected to Authentication Service, which authenticates the user with the LDAP
directory and generates a SAML assertion to the Websense proxy. The user credentials never
leave the corporate network.
Note that using this configuration, all user authentications happen in-network; the Websense
proxy does not enforce multiple authentication factors, but simply accepts the SAML assertion
from Authentication Service. Users can also use this mode from outside the network via a VPN
connection.

2. Username/Password verification. This option applies to off-site users. In this case, the
users can access the Websense proxy from outside their LAN and Authentication Service needs
to run in your DMZ. The user's Active Directory/LDAP credentials are collected by the
Websense proxy and passed to Authentication Service to be validated against your Active
Directory/LDAP server. Once authenticated, the user has full access to Web sites according to
 their policy settings.

3.Hybrid (both). Here both internal desktop SSO and external username/password validation
are required. Users can connect to Authentication Service internally or from outside the LAN.

Types of Wireless and Mobile Device Attacks



Wireless and mobile devices have become ubiquitous in today’s society, and with this
increased usage comes the potential for security threats. Wireless and mobile device attacks are
a growing concern for individuals, businesses, and governments.
Below are some of the most common types of Wireless and Mobile Device Attacks:
 SMiShing: Smishing become common now as smartphones are widely used. SMiShing
uses Short Message Service (SMS) to send fraud text messages or links. The criminals
cheat the user by calling. Victims may provide sensitive information such as credit card
information, account information, etc. Accessing a website might result in the user
unknowingly downloading malware that infects the device.
 War driving : War driving is a way used by attackers to find access points wherever
they can be. With the availability of free Wi-Fi connection, they can drive around and
obtain a very huge amount of information over a very short period of time.
 WEP attack: Wired Equivalent Privacy (WEP) is a security protocol that attempted to
provide a wireless local area network with the same level of security as a wired LAN.
Since physical security steps help to protect a wired LAN, WEP attempts to provide
 similar protection for data transmitted over WLAN with encryption. WEP uses a key
for encryption. There is no provision for key management with Wired Equivalent
Privacy, so the number of people sharing the key will continually grow. Since everyone
is using the same key, the criminal has access to a large amount of traffic for analytic
attacks.
 WPA attack: Wi-Fi Protected Access (WPA) and then WPA2 came out as improved
protocols to replace WEP. WPA2 does not have the same encryption problems because
an attacker cannot recover the key by noticing traffic. WPA2 is susceptible to attack
because cyber criminals can analyze the packets going between the access point and an
authorized user.
 Bluejacking: Bluejacking is used for sending unauthorized messages to another
Bluetooth device. Bluetooth is a high-speed but very short-range wireless technology
for exchanging data between desktop and mobile computers and other devices.
 Replay attacks: In a Replay attack an attacker spies on information being sent between
a sender and a receiver. Once the attacker has spied on the information, he or she can
intercept it and retransmit it again thus leading to some delay in data transmission. It is
also known as playback attack.
 Bluesnarfing : It occurs when the attacker copies the victim’s information from his
device. An attacker can access information such as the user’s calendar, contact list, e-
mail and text messages without leaving any evidence of the attack.
 RF Jamming: Wireless signals are susceptible to electromagnetic interference and
radio-frequency interference. Radio frequency (RF) jamming distorts the transmission
of a satellite station so that the signal does not reach the receiving station.

There are several types of attacks that target these devices, each with its own advantages
and disadvantages:

 Wi-Fi Spoofing: Wi-Fi spoofing involves setting up a fake wireless access point to trick
users into connecting to it instead of the legitimate network. This attack can be used to steal
sensitive information such as usernames, passwords, and credit card numbers. One
advantage of this attack is that it is relatively easy to carry out, and the attacker does not
need sophisticated tools or skills. However, it can be easily detected if users are aware of
the legitimate network’s name and other details.
 Packet Sniffing: Packet sniffing involves intercepting and analyzing the data packets that
are transmitted over a wireless network. This attack can be used to capture sensitive
information such as email messages, instant messages, and web traffic. One advantage of
this attack is that it can be carried out without the user’s knowledge. However, the attacker
needs to be in close proximity to the victim and must have the technical skills and tools to
intercept and analyze the data.
 Bluejacking: Bluejacking involves sending unsolicited messages to Bluetooth-enabled
devices. This attack can be used to send spam, phishing messages, or malware to the
victim’s device. One advantage of this attack is that it does not require a network
connection, and the attacker can be located anywhere within range of the victim’s
Bluetooth signal. However, it requires the attacker to have the victim’s Bluetooth device’s
address and is limited to devices that have Bluetooth capabilities.
 SMS Spoofing: SMS spoofing involves sending text messages that appear to come from a
trusted source, such as a bank or a government agency. This attack can be used to trick
users into revealing sensitive information or downloading malware. One advantage of this
attack is that it can be carried out without the user’s knowledge. However, it requires the
attacker to have the victim’s phone number, and it can be easily detected if users are aware
of the legitimate source of the message.
 Malware: Malware is software designed to infect a device and steal or damage data.
Malware can be distributed through email attachments, software downloads, or malicious
websites. One advantage of this attack is that it can be carried out remotely, without the
attacker needing to be physically close to the victim. However, it requires the attacker to
have a way to deliver the malware to the victim’s device, such as through a phishing email
or a fake website.

Conclusion: Wireless and mobile device attacks can have severe consequences, including the
theft of sensitive data, identity theft, financial loss, and reputational damage. To protect against
these attacks, users should always use strong passwords, keep their devices and software up-to-
date, avoid connecting to unsecured networks, and use reputable app stores. Businesses should
also implement security measures such as firewalls, intrusion detection systems, and employee
training to protect against wireless and mobile device attacks.

Security implications for Organizations

Introduction:
In today's digital age, organizations face a constant threat from cyber attacks that can have severe
consequences on their operations, reputation, and financial stability. This newsletter explores the
challenges organizations encounter in dealing with cyber attacks and highlights the implications
for their security posture.
I. Evolving Threat Landscape:
The rapid advancement of technology has led to a parallel rise in sophisticated cyber threats.
Hackers and cybercriminals employ various techniques such as malware, phishing, ransomware,
and social engineering to exploit vulnerabilities in organizational systems. The ever-evolving
nature of these threats poses a significant challenge for organizations to keep up with the latest
security measures.
II. Insider Threats:
One of the most challenging aspects of cyber attacks for organizations is the presence of insider
threats. Employees or former employees with malicious intent can compromise sensitive data,
sabotage systems, or provide unauthorized access to cybercriminals. Mitigating insider threats
requires a delicate balance between trust and security, as organizations must implement robust
access controls, monitoring systems, and employee awareness programs.
III. Data Breaches and Privacy Concerns:
Data breaches have become alarmingly common, leading to the exposure of sensitive
information and violating user privacy. Organizations must adhere to strict data protection
regulations, such as the General Data Protection Regulation (GDPR) in the European Union, to
safeguard customer data. The financial and reputational damage resulting from data breaches can
be significant, necessitating proactive measures to prevent and respond to such incidents.
IV. Resource Constraints:
Many organizations, particularly small and medium-sized enterprises, face resource constraints
when it comes to cybersecurity. Limited budgets and lack of skilled personnel make it
challenging to implement robust security measures and maintain an effective security posture.
Cybersecurity awareness training, regular system updates, and investing in reliable security
solutions are crucial but often overlooked due to resource limitations.
V. Rapid Technological Advancements:
The rapid adoption of emerging technologies such as cloud computing, the Internet of Things
(IoT), and artificial intelligence (AI) brings new security challenges for organizations.
Integrating these technologies into existing infrastructures without compromising security
requires specialized knowledge and expertise. Failure to address these challenges effectively can
expose organizations to vulnerabilities and potential cyber attacks.
VI. Incident Response and Recovery:
Cyber attacks can be disruptive, causing operational downtime and financial losses.
Organizations need to have well-defined incident response plans in place to minimize the impact
of attacks. Incident response teams should be trained and equipped to detect, contain, and
recover from security incidents promptly. Regular testing and updating of incident response
plans are critical to ensure their effectiveness.
VII. Third-Party Risks:
Many organizations rely on third-party vendors and partners for various services and support.
However, these relationships can introduce additional risks. Cyber attacks on third-party vendors
can compromise organizational systems and data. Organizations must conduct due
diligence and establish strong security protocols when engaging with third
parties to mitigate these risks.
VIII. Regulatory Compliance:
Organizations are subject to an increasing number of cybersecurity regulations and compliance
standards. Failure to comply with these requirements can result in legal repercussions and
reputational damage. Navigating the complex landscape of regulatory compliance can be
challenging, particularly for multinational organizations operating in different jurisdictions with
varying data protection laws.
Conclusion:
Cyber attacks pose significant challenges for organizations across all sectors. To mitigate these
threats, organizations must stay vigilant, prioritize cybersecurity measures, and invest in
 robust infrastructure, personnel training, and incident response capabilities. Proactive risk
management, collaboration with security experts, and adherence to regulatory frameworks are
essential to safeguard sensitive data and maintain the trust of customers and stakeholders in
today's digital landscape.

Organizational Measures for Handling Mobiles

Mobile devices have transformed virtually every industry. They streamline tasks, reduce errors,
and connect workers with the information they need to do their jobs wherever they are.

Organizations whose employees use mobile devices on the job benefit from increased efficiency
and productivity. At the same time, these companies face constantly evolving risks to
information security.

While mobile devices support productivity, they’re vulnerable to theft, loss, and security
breaches, as attacks are increasingly designed to target them. A hardware asset management
system can make it easier to monitor company devices throughout their lifecycle—but people
need to do their part, too.

Companies and employees share responsibility for securing valuable assets. Alongside
investments to keep equipment secure, businesses need to educate and engage employees in
security practices to protect sensitive personal and enterprise data.

Whether deploying company-procured smartphones or allowing employees to access enterprise

apps and data with their personal devices, businesses that are proactive about their digital
transformation implement policies that enhance security, support uninterrupted productivity,
and protect valuable assets—including data.

HERE ARE SEVEN ESSENTIAL MEASURES EVERY MOBILITY

EMPLOYER SHOULD HAVE IN PLACE:

1. An organization-level mobile device policy

2. Strong awareness of organizational risks
3. Granular knowledge of the enterprise user, device, and applications environment
4. Security and privacy safeguards
5. User training and education for all mobility employees
6. Ongoing vigilance and regular policy reviews/updates
7. Access to trusted expertise in technology integration

1. ENTERPRISE-LEVEL MOBILE DEVICE POLICIES

Whether you issue company devices to employees or implement a bring-your-own-device
(BYOD) policy, written standards clarify expectations, best practices, and do’s and don’ts for
workers accessing company data, networks, applications, and/or hardware. Both types of device
policies have pros and cons, and not all organizations can simply choose. Your regulatory
environment may rule out a BYOD option (or you may decide the risk is too great to allow
BYOD).

Company-procured devices require lifecycle management, but they’re also easier to remotely
wipe or disable if misplaced or stolen. An asset management system lightens the lift for IT. In a
large organization using potentially thousands of devices, the benefits multiply quickly.

Providing company devices lends control over device types, operating systems, allowed apps and
configurations, security settings, etc. A security policy helps employees understand the potential
impacts of noncompliance—and a mobile device management solution can help IT monitor,
implement proactive measures, and take steps quickly if a problem arises.

A BYOD policy adds complexity because personal devices can involve even more data risk and
privacy concerns. Along with required use of a VPN or other baseline protections, companies
should consider apps on employee devices that could present threats, and whether to permit those
apps or even implement work containerization.

A BYOD policy also needs to address what happens when a worker’s personal device is lost or
stolen, or when they terminate employment.

RELATED: Download Barcoding’s free Guide to Managing and Securing Enterprise Mobile
Devices

2. AWARENESS OF ORGANIZATIONAL RISK

A 360-degree risk assessment will consider all the ways mobile devices access, transmit, receive,
or store organizational information. This includes risks to data associated with clients, customers,
or patients; employees; vendors; or other strategic partners.

What devices are used to interact with organizational applications and systems? Are they
employee-owned, organization-issued, or both? What systems, data, or applications will they
interact with? Are regulatory compliance issues involved?

Devices can be lost or stolen. They can be subject to cyberattacks that introduce malware or
viruses. They can access company data or systems on unsecured WiFi networks and
communications can be intercepted. Passwords can be compromised.
 Threats can come from inside and outside the organization. An effective breach response
depends on a clear-eyed view of physical risks, device attack risks, malicious code, opportunities
to intercept communications, and employees who could pose threats, intentionally or otherwise.
Inadvertent risk-taking can include downloading company data to a device’s memory, using
external email services, installing untrustworthy applications, or failing to update operating
systems or security software.

3. GRANULAR KNOWLEDGE OF USERS, DEVICES, OPERATING SYSTEMS &

APPLICATIONS

Streamlined, on-demand access to the most important details associated with any enterprise
mobile device gives IT leadership not only greater control over device and data security, but also
an all-in-one management solution that can enable IT admins to address all of these concerns in
one place.

It can also help achieve a new level of visibility and awareness of the organizational mobile
environment: Users, devices, operating systems, software applications, configurations, security
settings, update history, even details like device maintenance history, service records and
contracts can be visible on demand. The device performance and usage data captured by an asset
management system can be especially valuable when it comes to IT decision-making.

Companies that use shared mobile devices can reap even more benefits from close monitoring
and IT asset management. A system like VeriMy™ that enables employees to check in and out
with a simple enterprise login shaves seconds or minutes off each user’s check-in. In many
mobile environments, those added seconds of productivity multiply fast.

A system that monitors device performance and battery health can help IT be even more
proactive in their device management, and that can mean more productive, more satisfied
employees. In addition to these capabilities, Barcoding’s IntelliTrack® asset tracking solution can
even help locate a misplaced device on-premises with an audible ping.

4. SECURITY & PRIVACY SAFEGUARDS

Security practices should be clearly outlined in any mobile user policy, and can run the gamut
from restricting device use to company-approved activities and applications, to action steps to
take in the event of a breach or lost device. Safeguards typically include:

 User authentication
 Encryption
 Device firewalls
 Security software
 Practice guidelines such as system updates and backups
 Enterprise implementation of a mobile threat defense tool
 5. EMPLOYEE TRAINING & EDUCATION ON MOBILE DEVICE SECURITY

Ongoing training and communications from IT to device users helps ensure all employees are
aware of threats as they emerge, and take steps to mitigate the risks. But they also help
communicate the role every worker plays in helping protect sensitive company information.
Mobile workers should receive regular training, education, and updates on topics such as:

 Device safety and physical security

 Acceptable and prohibited applications
 Password policies and multifactor authentication
 VPN use
 System updates
 Phishing and other scams
 Security enhancements as they’re rolled out

6. ONGOING VIGILANCE & REGULAR POLICY REVIEWS

With the amount of effort that goes into developing data, user, and security policies, they can be
daunting to revisit on a regular basis. But policies should never be considered final; most experts
agree that at a minimum, reviews should happen on an annual basis. But events can precipitate a
need for more frequent reviews:

 Breaches or other cybersecurity incidents

 Introducing new technologies, applications, or process automation
 Operational changes that lead to altered communication or collaboration needs
 New compliance, legal, and/or contract requirements

7. A TRUSTED TECHNOLOGY INTEGRATION PARTNER

If your organizational IT leadership is like most today, they’re already overburdened with day-
to-day tasks involved with mobile device deployments, troubleshooting, and solving problems
for users. An expert in technology integration acts as an extension of your own team, helping you
identify and implement the right solutions and practices to help all your enterprise users do their
best work—while protecting your data and physical assets and helping you make data-informed
decisions about technology innovations that will support ongoing success.

Organizational Security Policies & Measures in Mobile Computing Era

Purpose

The Office of Policy and Management (OPM) has established this policy on the secure
implementation and deployment of mobile computing and storage devices within State
government for the protection of State data that may be stored on those devices.
This policy refers to and enhances State of Connecticut Network Security Policy and Procedures.
The Policies should be read together to ensure a full understanding of State Policy.

Scope

This policy covers all State of Connecticut Executive Branch agencies and employees whether
permanent or non-permanent, full or part-time, and all consultants or contracted individuals
retained by an Executive Branch Agency with access to State data (herein referred to as “users”).

This policy does not apply to the Judicial or Legislative Branches of government, or State
institutions of higher education. However, these branches and institutions may consider adopting
any or all parts of this policy.

This policy covers mobile computing devices and mobile storage devices (herein referred to as
“mobile devices”).

Authority

In accordance the Office of Policy and Management is responsible for developing and
implementing policies pertaining to information and telecommunication systems for State
Agencies.

Policy Statements

1.a. No confidential or restricted State data shall reside on any mobile devices except as set
forth in paragraph

b. Agencies are required to utilize secure remote data access methods, as approved by the
Department of Administrative Services, Bureau of Enterprise Systems and Technology (DAS-
BEST), in support of mobile users.

2. In the event utilization of secure remote access methods are not possible, the Agency must
adhere to the following restrictions and requirements:

a. The Agency Head must authorize and certify in writing, in advance, that the storing of
restricted and confidential State data on the mobile device is necessary to conduct Agency
business operations;

b. The Agency Head or their designee must determine and certify in writing that reasonable
alternative means to provide the user with secure access to that State data do not exist;
c. The Agency Head or their designee must assess the sensitivity of the data to reside on a secure
mobile device and determine that the business need necessitating storage on the mobile device
outweigh(s) the associated risk(s) of loss or compromise; and

d. The Agency Head or their designee must authorize, in writing, the storage of specific State
data on a secure mobile device and the acceptance of all associated risk(s).

3. State data that an Agency Head has authorized to be stored on a secure mobile device shall
be:

a. the minimum data necessary to perform the business function necessitating storage on the
mobile device;

b. stored only for the time needed to perform the business function;

c. encrypted using methods authorized by DAS-BEST;

d. protected from any and all forms of unauthorized access and disclosure; and

e. stored only on secure mobile devices in accordance with OPM polices and DAS-BEST
standards and guidelines.

4. Any State data placed on a mobile device shall be documented, tracked, and audited by the
authorizing Agency. The information tracked shall include the identification of the individual
authorizing storage of the data on the mobile device, the authorized user of the mobile device,
the asset tag of the mobile device, information about the stored data, and the final disposition of
that data.

5. Agencies will configure mobile devices to allow only the minimum features, functions, and
services needed to carry out Agency business requirements.

6. Agencies will ensure that mobile computing devices are configured with approved and
properly updated software-based security mechanisms including anti-virus, anti-spyware,
firewalls, and intrusion detection. Users shall not bypass or disable these security mechanisms
under any circumstances.

7. Users in the possession of State owned mobile devices during transport or use in public
places, meeting rooms and other unprotected areas must not leave these devices unattended at
any time, and must take all reasonable and appropriate precautions to protect and control these
devices from unauthorized physical access, tampering, loss or theft.

8. Agencies shall establish and document reporting, mitigation and remediation procedures for
lost or stolen mobile devices containing State data and for State data that is compromised
through accidental or non-authorized access or disclosure.
9. In the event that a mobile device containing State data is lost, stolen, or misplaced, and/or the
user has determined unauthorized access has occurred, the user must immediately notify his or
her Agency of the incident. The affected Agency must immediately notify the DAS-BEST
helpdesk of the incident in order to initiate effective and timely response and remediation.

10. Agencies shall develop and implement a formal, documented security awareness and
training program sufficient to ensure compliance with this policy.

11. Agencies must obtain a signed, formal acknowledgement from users indicating that they
have understood, and agreed to abide by the rules of this policy.

12. Agencies and users shall adhere to this security policy and associated procedures; failure to
do so may result in sanctions.

Confidential or Restricted State Data

Confidential or restricted State data includes but is not limited to;

Personally identifiable information that is not in the public domain and if improperly disclosed
could be used to steal an individual’s identity, violate the individual’s right to privacy or
otherwise harm the individual;

Organizational information that is not in the public domain and if improperly disclosed might:
cause a significant or severe degradation in mission capability; result in significant or major
damage to organizational assets; result in significant or major financial loss; or result in
significant, severe or catastrophic harm to individuals.

In accordance with the State of Connecticut Network Security Policies and Procedures, each
Agency is responsible for the assessment and categorization of their data as Confidential or
Restricted in accordance with the definitions set forth in this policy.

Mobile Computing Devices

The term "mobile computing devices" refers to portable or mobile computing and
telecommunications devices that can execute programs. This definition includes, but is not
limited to, notebooks, palmtops, PDAs, IPods, BlackBerry devices, and cell phones with internet
browsing capability.

Mobile Storage Devices

The term "mobile storage devices" includes but is not limited to, mobile computing devices,
diskettes, magnetic tapes, external/removable hard drives, flash cards (e.g., SD, Compact Flash),
thumb drives (USB keys), jump drives, compact disks, digital video disks, etc.
Secure Mobile Devices

A mobile device that has a sufficient level, as defined by this policy and DAS-BEST standards,
of access control, protection from malware and strong encryption capabilities to ensure the
protection and privacy of State data that may be stored on the mobile device.