Part II in .NET

Integrating Denso QR Bar Code in .NET Part II
Part II
QR Code ISO/IEC18004 barcode library in .net
Using Barcode Control SDK for visual .net Control to generate, create, read, scan barcode image in visual .net applications.
How BlackBerrys Are Hacked, and How to Protect Them
Attach qr code 2d barcode for .net
using barcode generating for visual .net control to generate, create qrcode image in visual .net applications.
Patching server
.net Framework qr bidimensional barcode decoderfor .net
Using Barcode decoder for .net vs 2010 Control to read, scan read, scan image in .net vs 2010 applications.
Hacker can easily attack an unpatched system Patches only PCs on the LAN
Bar Code drawer for .net
using barcode integrating for .net vs 2010 control to generate, create bar code image in .net vs 2010 applications.
Internet
decode bar code for .net
Using Barcode reader for visual .net Control to read, scan read, scan image in visual .net applications.
Mobile PC with BlackBerry doesn t receive hotfixes and patches
.net Framework qr code generatingin .net c#
use visual .net qr-codes implementation toinclude quick response code on visual c#.net
Firewall
QR Code generation for .net
use asp.net web service qr-codes encoding toembed qr barcode in .net
Figure 5.8: How LAN-based patching solutions are inadequate
Control quick response code data with visual basic.net
to attach qr code jis x 0510 and denso qr bar code data, size, image with vb barcode sdk
Patching server
Code 3/9 barcode library in .net
generate, create 3 of 9 barcode none with .net projects
Hacker is unable to execute exploit because the mobile device is properly patched Patches devices any time they are on the Internet
Visual .net Crystal matrix barcode integrationin .net
using barcode encoder for visual .net crystal control to generate, create 2d barcode image in visual .net crystal applications.
Patching server for mobile devices
Visual .net Crystal barcode integratingin .net
generate, create bar code none with .net projects
Patches only PCs on the LAN
VS .NET identcode makeron .net
generate, create identcode none for .net projects
Internet
Control upc-a image for vb
using barcode implementation for .net framework control to generate, create upc-a supplement 2 image in .net framework applications.
Mobile PC with BlackBerry receives hotfixes and patches
Web.net barcode encoderwith .net
using asp.net web service toembed barcode in asp.net web,windows application
Firewall
Control barcode 128 size in word
to build code 128a and code 128c data, size, image with word documents barcode sdk
Figure 5.9: Using a patching server for mobile devices
Qrcode barcode library for vb
use web form crystal qr code jis x 0510 printer todisplay qr code on vb.net
5
Control uss code 39 image for microsoft excel
use office excel barcode 3 of 9 writer toinsert barcode code39 in office excel
Protecting Your PC and LAN from BlackBerrys
Control 2d data matrix barcode image in vb.net
using barcode generator for .net control to generate, create gs1 datamatrix barcode image in .net applications.
Patching server
Render gtin - 128 with visual c#.net
use web pages crystal ean 128 printing toincoporate gs1-128 in .net c#
Hacker is unable to execute exploit because the mobile device is properly patched
Web.net Crystal ean-13 supplement 2 integrationwith c#
generate, create european article number 13 none with c#.net projects
Patches only PCs on the LAN
Internet
Patches devices any time they are on the Internet
Firewall Managed patching solution
Figure 5.10: A managed patching solution
As mentioned in the holiday example, ensuring that antivirus is up-to-date is also critical. Consequently, any patching solution to address mobile devices will also need to be able to push antivirus definition updates. This is very important.
Use a Personal Firewall
There is another technology that Sharelle s company needed to implement: a personal firewall for the PC. This shouldn t be just the firewall that comes with Windows, either. A quality, enterprise-grade personal firewall would have helped in preventing Sharelle s system from being exploited. A good example of an enterprise-grade personal firewall is ISS s Proventia. Some major differences between an enterprise-grade personal firewall, such as Proventia, and the Windows firewall are as follows:
IPS capability Virus-detection capability Ability to implement different firewall rule sets based on the location of the mobile system Ability to modify firewall settings when the system is remote
Part II
How BlackBerrys Are Hacked, and How to Protect Them
Ability to implement outbound firewall rules Increased reporting capability Increased granularity in firewall policies
An enterprise-grade personal firewall could have done a few things to prevent the security breach at Sharelle s company. First, the IPS capability of the firewall would have stopped the exploit, even if the machines weren t patched. Outbound firewall rules could have also prohibited communication between the Trojan/key logger and Lane. Additionally, the virus-detection capability could have caught the Trojan as it was being loaded onto the system. These are important capabilities that Sharelle s system just didn t have. The Sharelle scenario is a good example of where layered security should have been used to addressed the threats. This is true in many cases and mobility is certainly one of them. The moral of Sharelle s story is that companies cannot ignore the threats that mobility brings to mobile systems. Rolling out the BlackBerry to Sharelle was a great way to increase efficiency, as was allowing her to utilize that same BlackBerry to provide Internet connectivity to her PC. The problem was that the company simply didn t think they had to do anything to the PC when the BlackBerry was connected to it. They weren t knowledgeable about the threats or the technologies they had to put into place. The ignorance and apathy proved to be costly.
Controlling Data Coming from a BlackBerry
Earlier in this chapter I discussed how enterprises need to be able to control the data leaving their network and being copied to BlackBerrys and other devices. Conversely, there is a strong need to be able to control the data that is coming from the BlackBerry and is being copied over to the PC and the LAN. As you ve seen in previous examples, BlackBerrys can be used to simply transfer files. Ensuring that BlackBerrys do not bring anything malicious into the enterprise is an important task. There are three means to address this:
Analyze the data coming from the BlackBerry. Analyze the data as it resides on the BlackBerry. Control which devices can connect to your enterprise PCs.
Analyze the Data Coming from the BlackBerry
As has been stated numerous times in this book, enterprises have spent millions on protecting their infrastructure from outside attack. Part of this consists
5
Protecting Your PC and LAN from BlackBerrys
of antimalware solutions. Antimalware solutions can take numerous forms, such as the following:
Antivirus solutions on email servers Packet-sniffing technology that analyzes data for malware as it travels the network Content-filtering solutions Antivirus software on computers
The use of BlackBerrys can throw a monkey wrench into these solutions, mainly by just bypassing them. If malware resides on a BlackBerry and that BlackBerry connects directly to a PC, the malware doesn t get seen by a lot of these solutions. Also, mobile PCs that have antiviruses installed may not be able to receive antivirus definition updates in a timely manner (if they need to be on the LAN to receive updates). This problem requires a layered approach. Before we get into that, let s explore how a piece of malware can be placed on a BlackBerry and make its way to a corporate PC. The first step is that a piece of malware gets onto a noncorporate computer system. This can happen pretty easily with workers using their own computers from home. The user then copies that infected file to his BlackBerry. This can be done using the eOffice application I spoke about earlier. So, the user has an infected file on his home computer and he wants to transfer it to his work laptop. He decides to utilize the aforementioned eFile desktop program to do so. Figure 5.11 shows the user copying the infected file, called Blast, over to his BlackBerry with eFile.