Print Email Download Reference This Send to Kindle Reddit This
submit to reddit

Essential of computer in daily life

1. INTRODUCTION

In our daily life computers have become the integral part due to their vast usage, and inventions that has been taking place day by day, and also the usage of mobile devices PDA's, Smart phones have been considerably increased. These devices are used for saving business data and most of the confidential information. As per the survey done by Nokia in the year 2005 says that 21% of the US employees are using PDA's and 63% uses mobile phones for business purpose, which has incredibly increased by now. With this vast development the threats caused by them are also increasing at a same pace. To reduce these risks a proper information security policy is very much needed for all the companies, organisations shouldn't consider these policies as one-time event and they must update these policies every time with response to new threats. In this document I am going to discuss about some of the threats and mobile security policies that has to be takes by an organization.

2. Information Security

For so many decades information security has been considered as the most important task for the administrators of an organization. Where information security is mainly maintained on three major principles known as CIA triad (Confidentiality, Integrity, and Availability).

Confidentiality:- This is the process of preventing from disclosure of the information to unauthorised users or systems. This may takes place in many ways, while transferring the data from one place to another place by encrypting the data and making it visible to only authorised users. In this case an access to any confidential data that has been stored in mobile devices to eavesdroppers is considered as a breach of confidentiality.

Integrity:- The process of saving the data from modifying are manipulating by the unauthorised users for their personal benefits. It can be violated in many ways, by simply using a malicious code and manipulating the code, or by simply an employee knowingly or unknowingly telling wrong information to their clients.

Availability:- This is the process of making the data available when it is needed. This means that the systems saving the information need to be available all the time and any viruses or hackers violating the code and freezing the systems will be considered as breach to availability.

COMPUTER SECURITY:- The protection afford to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

Security Policy:- to ensure that CIA triad is working properly every company must and should follow some security policies. These are nothing but a set of general statements, which has to be followed by each and every individual to be considered as an authorised user.

3. CRITICAL DISCUSSION OF POSSIBLE THREATS

While mobile phones, PDA's, smart phones and many number of hand held devices are widely used as an integral part of business purpose, threats and insecurity caused by these devices are also widely increasing due to the sensitive information that has been carried by these devices. These handheld devices are not much capable of security features that a pc's are capable of, which makes them easily exposed to threats. Due to the limitations they have these devices are not even able to centrally monitored and maintain in an organisation. With the latest emerging technologies these devices are having a memory capacity equals to a computer. This makes life easier for an employee to store sensitive organisational and personal information such as passwords, email accounts, company's orders, latest price updates and companies financial statements, which results in highly insecurity. Highly potential risk that these portable handheld devices made is the accessibility of these devices using wireless network.

Here are the some of the threats caused by the handheld devices, which are similar to the threats that have been found by the desktop computers.

LOST, STOLEN OR DISPOSAL:-

Due to the portability of the handheld devices they have the more chances of lost or misplace. Chances of theft of these handheld devices are even more and due to the weak data security they have, data in these devices can be easily manipulated and stolen. In spite of the proper wireless VPN's being installed once these handheld devices are stolen by an hackers whole organisations intranet will be threatened. Hence to protect this proper security passwords must be configured to these devices. In case of disposal of the devices proper manual resetting of the devices is needed which clears all the stored data and any kind of cache information and bring the device to its original settings. This is not yet secure at because of the latest technologies all the erased data can be recovered from the flash memory of the handheld devices. According to the number of survey's across the world number of mobile devices left behind by the users in airports and taxi's and restaurants are incredibly increasing, organisations must educate their employees regarding the usage and safeguarding of their devices carrying sensitive information continuously.

HACKERS:-

The word hacker is nothing but a person who tries to accesses the devices without authorization it can be done in any form from the outside world. In spite of proper security measures has been implemented in the form of passwords and credentials there is a possibility of cracking these credentials by random guessing or knowing the personal information of the user. According to the survey of the network forensic department it is stated that most of the threats are caused because of the weak passwords like 1234, 0000...etc are using their own date of births, which are the common credentials that can be guessed by the eavesdroppers. To avoid this kind of threats employees must be given proper guidance in setting their passwords and also they need to reset passwords most often. There are also devices which provide two way access mechanism which are a basic phone lock to access the device and the other is the security code to reset the device phone lock in case if it is forgotten. In this most of the user forgot to change the security code which makes a way for the hackers to access the data. There are some of the cases that the manufacturers incorporate backdoors into device for testing the devices for the manufacturer purpose.

The most common example for the hacker's threat is, breaking down into the public telephone system by which they trap the employee's devices by which they crack the data from their handheld devices. This cannot be identified by the user and which makes a major harm to the company's data. The most common reasons for this hackers threat is

MALICIOUS CODE, VIRUSES OR MALWARE:-

It's nothing but the viruses, worms, logic bombs, Trojan horses and other kind of ads that we get on the web pages that pops up when we are at work. These kinds of threats are more prone to the devices which have Software Development Kit (SDK) then the devices which don't support Software Development Kit (SDK) as these malware's can't be developed. This can be affected in any form while synchronising mobile devices with the storage devices for the data transfer. Some of them are discussed below.

Ø Employees trying to accesses files from internet, surfing on the mobile devices, checking their mail account, accessing media sites are some of the major threats. At this time malicious codes are downloaded at the back end and they give access to the mobile data with out any interference of the user. These are known as the backdoor vulnerabilities.

Ø With emerging technology MMS (Multimedia Message Service) is widely used and most popular kind of messaging service that a mobile devices can deliver. But this is becoming the most threatening form of virus that these devices are affecting because of the kind of viruses they can cause. So users must aware of these threats and they must be careful while opening unknown messages.

Ø One more advantage that mobile devices provide is the Bluetooth technology. This is the most cheapest and convenient way of data transferring from one device to another in a limited range. Threat caused by this service is highly vulnerable to the devices data, because of the easy access of the device by any other Bluetooth enabled device These viruses are a kind of serious threat to the data once they attack our systems they start doing their work by replicating the same data and creating multiple number of copies in our system, and viruses does their work by deleting the data and some by deactivating our accesses to the device.

Once if a device is attacked using any of this kind eavesdropper will be having full access to the device and they start copying sensitive information , deleting files, sending abusing messages, calling tool numbers like 0845 0807, they can enter in to the company's network and also disabling the device. One of this kind called 911 virus discovered in Japan effected 13million I-mode user to call Japans emergency number.

CLONING:-

As we know that all the devices have unique identifier code which is useful to identify the device globally, if such an identifier is copied and placed for an another mobile a clone is formed which acts as an original mobile. Compared to analog devices which came early digital devices are more secured and transmits data using cryptography which is highly is highly secured to crack compared to analog devices. But still accessing the device physically may help to use the information and make a clone device of early generation.

4. CRITICAL REVIEW OF POLICY

As we had discussed usage of mobile devices is very effective and profitable in terms of cost, time and productivity. But there was a discussion for the usage of mobile phones in the work place due to the security measures they cause. Though the usage of mobile devices owned by employees are most cost effective for an organisation compared to the devices given by the company's, central administering of the employee owned devices are very difficult compared to the devices given by the company's.

A policy should meet some basic criteria before implementing them:-

Ø A policy must effectively communicate with the employees what the management is expecting them to follow.

Ø It should be able too withstand legal examination to fight back for the companies rights in case of judicial processing

If some of these policies are not met by a company before introducing some policy, then it cannot be considered as Effective. Hence the policies that have to be followed are divided in to two types User-oriented policies and organisational oriented policies.

User- Oriented Policies:-

Organisation Oriented Policies:-

5. CONCLUSION

From the above report we came to conclude that the Software related company must follow some policies and rules, by which the threats can be avoided to a company. These policies must be keep on changing from time to time according to the threats that are affecting to a company at that time. The awareness of the threats to the employees is compulsory.