GSM: A Double-edged Sword Tom Kellermann, CISM Sr. Data Risk Management Specialist, The World Bank.

Slides:

Advertisements

Similar presentations

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Advertisements

SANS Technology Institute - Candidate for Master of Science Degree Design Phase 1 of an iPhone Rollout Mark Baggett, Jim Horwath June 2010.

Mr C Johnston ICT Teacher

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Mobile Payment Forum of India: Regulatory Sub-Committee Sachin Khandelwal June 07, 2008.

Top of Content Box Line Subtitle Line Title Line Right Margin Line Wearables: Panacea or Pandora’s Box – A Security Perspective Gary Davis | Chief Consumer.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Lucent Technologies - Proprietary 27 September, A look at security of Voice over IP protocols Irene Gassko Lucent Technologies Bell Laboratories.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

5 EASY STEPS : Online Card Payments for your INUKA Orders

Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.

PCI: As complicated as it sounds? Gerry Lawrence CTO

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.

Mobile and Cyber Threat Issues The Fifth Annual African Dialogue Consumer Protection Conference Livingstone, Zambia September 2013.

World Bank Integrator Unit Electronic Security and Payment Systems: Some New Challenges Tom Glaessner Thomas Kellermann Valerie McNevin The World Bank.

Bluetooth By Andrew Breen and Chris Backo. Presentation Overview Bluetooth overview Bluetooth vs. WiFi ProductsInstallationDemonstration Security Issues.

Wireless Security: Protect yourself when you’re mobile.

Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.

Payment Gateways for e-Government services 24 May 2007

1 Prepared by: Les Cottrell SLAC, for SLAC Network & Telecommunications groups Presented to Kimberley Clarke March 8 th 2011 SLAC’s Networks.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Public Key Infrastructures and mCommerce Baltimore’s offerings for wireless technologies.

Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.

Initial Tiger Team Briefing New Dells with TPM Peter Leight Richard Hammer May 2006.

Secure Systems Research Group - FAU Patterns for Wireless Web Services Nelly Delessy January 19, 2006.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Module 11: Designing Security for Network Perimeters.

Online Parking System.

Wireless Networks. Wireless Network A wireless network transports data from one device to another without cables or wires – RF signals – Microwaves –

MBL 305 ASP.NET Mobile Controls: Best Practices Gökşin Bakir CSA Yage Ltd. Microsoft Regional Director.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Policies and Security for Internet Access

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

TAKE CHARGE OF YOUR FINANCES Submitted by- Ankita Pabale WRO ONLINE BANKING.

Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.

Copyright © 2008 AusCERT 1 Practical Computer Security See the notes section throughout the slide presentation for additional information.

Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.

SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.

Information Management System Ali Saeed Khan 29 th April, 2016.

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

Performing Risk Analysis and Testing: Outsource or In-house

VPN Joshua Turner.

E-commerce companies Here the focus is on the different business models for selling online: Business-to-consumer (B2C): when a company sells to an individual;

What this activity will show you

Business Risks of Insecure Networks

Virtual Private Networks (VPN)

smartmail & smartportal: Introducing Two-Factor Authentication

12 STEPS TO A GDPR AWARE NETWORK

Introduction to Networking Security

Presentation transcript:

GSM: A Double-edged Sword Tom Kellermann, CISM Sr. Data Risk Management Specialist, The World Bank

Global System Mobile GSM has over 787 Million users worldwide Most PDAs and cell phones will be VOIP enabled by 2005 More robust security than a,b and g however….

Comparison of Wireless & Fixed Telecom Penetration

The Achilles Heal of Security Wireless is growing at 3X the rate of landlines globally. The wireless boom is compounding the security quagmire.

GSM Vulnerabilities  SIM-CARD Vulnerability  SMS Bombs  Gateway Vulnerability  WAP Vulnerability  Man in the Middle Attack

The Man in the Middle Attack

Security Recommendations Enable a power-on password Install anti-virus software Install personal firewall Use robust encryption e.g. S/MIME Ensure that devices are stored securely Ensure that the desktop application mirroring software is password protected Install VPN software

Over reliance on VPNs

Mobile User Business Risk Policies Authentication-Banks should directly authenticate their customers. 3 rd parties should neither obtain nor store customers banking PINs. Stored Value Accounts (SVAs)-Bank accounts should not be accessed when making a payment. Bank accounts should only be used for replenishing SVAs in the customers direction. Interactive Voice Response (IVR)-mobile IVR sessions should be recorded and not be utilized for value services. PINs--Banks should educate their customers to use different robust pins for different online services and to change their PINS periodically.

Conclusion Wireless connections are the weakest link in the security chain. CISOs and CIOs must ensure that no rogue access points exist and that all wireless usage is security in a layered fashion.

World Bank Integrator Unit Website For more information on these and other issues related to e-finance and e-security please refer to our website at: www1.worldbank.org/finance (Click on E-security)