Click here to close now.

Welcome!

Web 2.0 Authors: Pat Romanski, Liz McMillan, AppDynamics Blog, Elizabeth White, Tim Hinds

Related Topics: Security, Wireless, Microservices Journal, Web 2.0, Cloud Expo

Security: Article

Online Holiday Sales Have Begun: Have You Secured Your Enterprise Network?

Do employees really need access to the corporate network via their smartphones?

It's that time of the year again. The flood of email alerts showcasing online holiday shopping deals fill the inbox at your office PC, laptops and wireless devices as merchants attempt to lure online shoppers to "click and save" while supplies last. In fact, reports show that this year's "holiday shopping" deals have already started as retailers attempt to stretch the holiday shopping season - to begin even earlier than Black Friday.

According to a recent report in Time, Booz & Co. chief retail strategist, Thom Blischok states. "We're not going to see a huge increase in sales growth for Black Friday this year....What we do expect is a lot of ‘showcasing' on Black Friday. Shoppers will check things out in stores, electronics especially, but then purchase online on the Monday after. Cyber Monday sales will explode this year."

While this is good news for merchants, it can become a virtual nightmare for corporate network administrators. With millions of online shoppers turning their office PCs, laptops, and wireless devices into online shopping carts, they hog valuable network bandwidth meant for corporate applications such as e-mail, SAP, Salesforce, and other business-critical applications.

The onslaught of personal smartphones and tablets connecting to corporate networks fully capable of performing browser-based shopping are further affecting normal business operations. According to ABI Research, more than 36 percent of consumers own at least three wireless devices. eCommerce merchants now alert wired consumers with daily deals almost instantly via mobile marketing. This surge has placed greater demands on network monitoring solutions as the mobile device market continues to grow at an astounding rate of five billion subscribers worldwide.

Most organizations allowing employee-owned devices onto their corporate networks (73% according to Aberdeen) find it not only drains their bandwidth, but also opens up severe internal security threats to proprietary information stored on the network. Employers assume this as increased productivity for employees armed with mobile devices and cost savings for hardware not purchased by the corporate office as most employees (54 percent, according to Yankee Group) demand to use their own devices at work.

According to IDC Research, however, 30-40 percent of Internet use in the workplace is non-business related. Vault.com found 37 percent of workers admit to surfing the Web constantly at work for personal interests. This underscores the need for mobile device traffic monitoring. How can network admins monitor employee internet usage and take corrective action?

Companies can easily set guidelines for network traffic monitoring to safeguard against employees armed with BYOD - especially during high traffic holiday shopping/sale months - in a few easy steps.

MAC Addresses and Mobile Devices
The old and sort of cumbersome way is to monitor the unique MAC addresses that are used by each smart mobile device that accesses an Ethernet network. The 6 byte (i.e., 48 bit) MAC address is generally in two parts: The first 3 bytes are the MAC Address vendor ID generally shared by hundreds or even tens of thousands of devices produced by the manufacturer; the second set of three bytes are unique to the device.

A 48-bit Ethernet MAC address has two components, each of which is 24 bits:

*24-bit Organizational Unique Identifier (OUIIEEE regulates the assignment of OUI numbers. Within the OUI, the two following bits have meaning only when used in the destination address:

  1. Broadcast or multicast bit - indicates to the receiving interface the frame is destined a group of end stations on the LAN segment.
  2. Locally administered address bit - normally combines OUI and a 24-bit station address. This is universally unique; however, if the address is modified locally, this bit should be set. Some vendors like Apple set this bit automatically.

Generally, the MAC address is not changed by the end user, thus dynamic IP addresses are often not used to track or report on mobile phone devices. Organizations using NetFlow and IPIX can in fact track these MAC addresses.

MAC Addresses and NetFlow
Traditional flow data (e.g., NetFlow v5) exports IP addresses, but not MAC addresses. NetFlow v9 and IPFIX introduce the ability to export any information on the router including MAC address.

A reliable Network Traffic Analyzer can be used to report to report on NetFlow and IPFIX. The NetFlow Analyzer should offer a filtering architecture to allow traffic analysts to include or exclude portions of MAC addresses. If the administrator wants to narrow a particular vendor (e.g., 00.00.0c) or the iPhone (e.g., 60:33:4b, 64.b9.38, etc.), a reporting tool can filter on these vendor IDs. Once vendor IDs are added to the report, the type can be changed to view different reports. For example, the top domains these mobile devices are visiting can be obtained if the router, switch, or firewall exporting the NetFlow or IPFIX includes URL information. The IT manager can often click on the domain (e.g. facebook.com) and look at URLs visited with mobile device.

Tracking BYOD
By forcing users to authenticate all devices onto the network and agreeing to an operating system scan, network administrators can maintain an active inventory of who (i.e., username) authenticated onto the network and with what type of device. Detailed reports can be run on the volume of iPhones, Androids, Blackberries, iPads, etc. that have authenticated onto the network. Since the MAC address is obtained from every authenticated device, it can be cross referenced with the NetFlow and IPFIX received to look at traffic patterns. This is a much more scalable solution and less error prone approach than the traditional track-down-all-the-mac-addresses approach.

Smartphones: Network Security Challenge
Allowing smartphone access to corporate resources often requires adapting new corporate mobile strategies and policies. Many companies provide VPN access to the corporate network from computers when working remotely. While VPNs offer a secure connection by encapsulating data, many smartphones don't support them (e.g., iPhone). This is partly because the hardware doesn't have the processing power to keep up with encryption processes on-the-fly. Due to pressure from management and remote users, VPN enforcement is often lax. Most employees obtain corporate access from any public network, which includes public places like local coffee shops. This opens Pandora's Box when it comes to security threats.

Smartphones are an ideal tool for cybercriminals to push their malware, viruses, worms and other threats onto corporate networks. With many important titles, email addresses and phone numbers sitting on just about every network-capable mobile phone, stealing confidential emails or pushing botnets onto the company network is easier with traditional security measures put aside in favor of easy remote access. With smartphone synchronization, infection can easily migrate onto a PC - a Trojan horse method that infects the PC could provide access to the corporate network. On the other hand, the data carried on smartphones can be targeted through malware on PCs.

Direct Attacks on the Mobile Phone
Some employees try to increase the security of their phone with special anti-theft software or by encrypting their memory card. These solutions are aimed at making data protected from physical attacks. However, those are done by pickpockets, who are less interested in the mobile phone content than reusing or reselling the device.

Cybercriminals do care about sensitive information stored on smartphones, but they don't need physical access to the phone to retrieve it. Rather, they will exploit any vulnerability - for instance in the phone's Web browser (such as the WebKit vulnerabilities on Android phones) - or use social engineering tricks to install malware on the phone. Once the phone is infected, it's easy for the cybercriminal to access any data on the device. In those cases, the locks are useless and the memory card is dynamically decrypted when used.

Businesses must add employees to the corporate network easily and cost-effectively while maintaining desired security levels and remote management capabilities. Traditionally, the RIM BlackBerry Enterprise Server (BES) has been the gold standard among organizations with corporate-liable policies, providing sophisticated security and management capabilities.

However, smartphones like Androids and iPhones are becoming more popular, and some organizations feel obligated to embrace these as part of the employee-owned smartphone strategy. These are also supporting minimum security requirements, like timed-lock and remote wipe in the case of a lost or stolen handset. Some mobile apps, like Touchdown for Android, provide Exchange ActiveSync capabilities that support security policies to ensure security of the corporate data on the smartphone. Clearly, organizations need to rethink their mobile Smartphone strategies and take into account the proliferation of employee-owned smartphones.

Setting up single sign-on is another strategy that could be implemented on corporate networks. However, as of today, it's not supported on the iPhone. Whatever the decision, a careful evaluation of mobile devices accessing the network needs to be executed.

Ultimately, the question is: Do employees really need access to the corporate network via their smartphones? If they are provided access, then IT must secure the network to make sure the onslaught of online holiday shopping and sales offerings don't turn the season to "nightmare" before Christmas for the network bandwidth.

So, this holiday season, stay safe out there and don't forget to drive safe - on the road and in cyberspace.

More Stories By Michael Patterson

Michael Patterson, is the founder & CEO of Plixer and the product manager for Scrutinizer NetFlow and sFlow Analyzer. Prior to starting Somix and Plixer, Mike worked in a technical support role at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix and Plixer.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focused on understanding how industrial data can create intelligence for industrial operations. Imagine ...
For years, we’ve relied too heavily on individual network functions or simplistic cloud controllers. However, they are no longer enough for today’s modern cloud data center. Businesses need a comprehensive platform architecture in order to deliver a complete networking suite for IoT environment based on OpenStack. In his session at @ThingsExpo, Dhiraj Sehgal from PLUMgrid will discuss what a holistic networking solution should really entail, and how to build a complete platform that is scalable, secure, agile and automated.
Hadoop as a Service (as offered by handful of niche vendors now) is a cloud computing solution that makes medium and large-scale data processing accessible, easy, fast and inexpensive. In his session at Big Data Expo, Kumar Ramamurthy, Vice President and Chief Technologist, EIM & Big Data, at Virtusa, will discuss how this is achieved by eliminating the operational challenges of running Hadoop, so one can focus on business growth. The fragmented Hadoop distribution world and various PaaS solutions that provide a Hadoop flavor either make choices for customers very flexible in the name of opti...
In the consumer IoT, everything is new, and the IT world of bits and bytes holds sway. But industrial and commercial realms encompass operational technology (OT) that has been around for 25 or 50 years. This grittier, pre-IP, more hands-on world has much to gain from Industrial IoT (IIoT) applications and principles. But adding sensors and wireless connectivity won’t work in environments that demand unwavering reliability and performance. In his session at @ThingsExpo, Ron Sege, CEO of Echelon, will discuss how as enterprise IT embraces other IoT-related technology trends, enterprises with i...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
Wearable devices have come of age. The primary applications of wearables so far have been "the Quantified Self" or the tracking of one's fitness and health status. We propose the evolution of wearables into social and emotional communication devices. Our BE(tm) sensor uses light to visualize the skin conductance response. Our sensors are very inexpensive and can be massively distributed to audiences or groups of any size, in order to gauge reactions to performances, video, or any kind of presentation. In her session at @ThingsExpo, Jocelyn Scheirer, CEO & Founder of Bionolux, will discuss ho...
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
Every day we read jaw-dropping stats on the explosion of data. We allocate significant resources to harness and better understand it. We build businesses around it. But we’ve only just begun. For big payoffs in Big Data, CIOs are turning to cognitive computing. Cognitive computing’s ability to securely extract insights, understand natural language, and get smarter each time it’s used is the next, logical step for Big Data.
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will want to use their existing identities, but these will have credentials already that are (hopefully) i...
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
Container frameworks, such as Docker, provide a variety of benefits, including density of deployment across infrastructure, convenience for application developers to push updates with low operational hand-holding, and a fairly well-defined deployment workflow that can be orchestrated. Container frameworks also enable a DevOps approach to application development by cleanly separating concerns between operations and development teams. But running multi-container, multi-server apps with containers is very hard. You have to learn five new and different technologies and best practices (libswarm, sy...
SYS-CON Events announced today that DragonGlass, an enterprise search platform, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. After eleven years of designing and building custom applications, OpenCrowd has launched DragonGlass, a cloud-based platform that enables the development of search-based applications. These are a new breed of applications that utilize a search index as their backbone for data retrieval. They can easily adapt to new data sets and provide access to both structured and unstruc...
Converging digital disruptions is creating a major sea change - Cisco calls this the Internet of Everything (IoE). IoE is the network connection of People, Process, Data and Things, fueled by Cloud, Mobile, Social, Analytics and Security, and it represents a $19Trillion value-at-stake over the next 10 years. In her keynote at @ThingsExpo, Manjula Talreja, VP of Cisco Consulting Services, will discuss IoE and the enormous opportunities it provides to public and private firms alike. She will share what businesses must do to thrive in the IoE economy, citing examples from several industry sector...
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, June 9-11, 2015, at the Javits Center in New York City. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be