IST 210 Is “Secure Database” an Oxymoron

IST New technology We all demand more from our technology Devices’ functions start to converge PDA/Phone/Pager devices Networks are extending a DBMSs functionality This can have unintended, and often negative consequences

IST Bluetooth Becoming pervasive Acura, BMW and Daimler-Chrysler vehicles Nokia, Sony-Ericsson and Motorola cell phones Laptops PDAs The convenience and cool-factor are undeniable Lara Croft in Tomb Raider Wireless modems Wireless GPS modules Headsets and car phone kits

IST Bluejacking or Bluesnarfing There’s a new sport - “Warnibbling” Using “Bluesnarf”, attackers can Download your contact list Your last-dialed number list Use your equipment without your knowledge or consent Wireless Internet access Outgoing phone calls Text messages Bluejacking Anonymous text messages to your phone

IST Wireless LANs A whole new list of problems and threats Wireless LAN attacks War Driving/War Flying (!) War Chalking Other issues Drive-by spamming Drive-by worming Printer abuse VoIP over Theft of data and more

IST Attacking the WLANs War Driving and War Chalking This is a concept that has recently gained much popularity Hackers will “war walk” or “war drive” around an area When they find a WLAN, they will make a chalk mark On a building or a sidewalk This mark gives information about the WLAN found The diagram at right is a wallet card showing some of the symbols and their meanings The objectives? Free Internet access, mostly Corporate or entity LAN hacking, sometimes Stealing service – for example, hijacking someone’s MAC address at Starbucks VoIP eavesdropping

IST Drive-by Spamming New phenomenon Attackers equip a van with a toroidal antenna And a server farm Scout business districts and neighborhoods looking for WLANs Once they find an open network, they connect and look for a mail server Often, attackers dump upwards of 1,000,000 s per day through corporate mail servers Drive-by Worming

IST What kind of security is needed? Layered security approach “Defense in depth” Separation of networks from one another WLAN/Data/VoIP/Control System VLANs Monitoring and management can help Clean up-front design Don’t put all your eggs in one basket

IST Conclusion Cool tech can often lead to uncool problems Opportunity is a matter of perspective Just because I’m paranoid… Be careful with your Bluetooth phone A combination of different methods works best Nothing is 100% effective

IST Security is like a lot of things... It can never be 100% effective. It contributes nothing to the performance. You can never be sure you actually need it at the time. You don’t know whether it has worked until after the event – sometimes long after! The only way to measure its effectiveness is in terms of its failures. A combination of methods gives the greatest reduction in risk. You should never rely on someone else’s precautions - to be certain, you have to take care of it yourself.