Case Study 1: Mobile Devices

Case Study 1: Mobile Devices

Introduction

The paper presents a solution to an issue in the given case study related to mobile and wireless communication devices. There is a small doctor's office, with just two nurses and three doctors. The geographical location of the office is amongst various other professional offices. It has been decided by the doctors that they would substitute the existing method of maintaining medical records in papers with automated medical records. It has been suggested that the doctors use mobile devices over a wireless network for the purpose of moving from one examination room to another for documenting the patient visits. Considering the exceedingly sensitive information captured by the wireless network and the mobile devices, the doctors have hired an information security consultant for providing a comprehensive plan. This plan would identify the risks allied to such a network environment and would also present wireless and mobile security methods for the order of mitigating those risks.

Risk Identification

Wireless mobile networks have several security risks in common with the wired networks. For this reason, both of them necessitate authorization, authentication, protection, and auditing of the users from the internet vulnerabilities like malicious code and viruses. Nevertheless, there are some additional risks and vulnerabilities allied to the wireless mobile networks which are typically related to the nature of technology itself, and which are outside the company's control. The wireless mobile networks may not be limited within a physical area; anybody lying in the range of transmission may listen in, subterfuge as the trusted participants, extend the network surreptitiously, and interrupt the ongoing operations. Wireless networks have increasingly become notorious for attackers and hackers, as well as games like “war chalking”, “war flying”, “war sailing”, and “war driving”, have come to be known as famous pastimes for the community of attackers. With the emergence of such novel games, novel tools are becoming accessible on the Web for being employed by the attackers. Such tools help in capturing data, like Ethereal, looking for APs, sniffing for Media Access Control (MAC) addresses and Service Set Identifiers (SSIDs), and traversing through the Wired Equivalent Privacy (WEP) encryption, like AirSnort and WEPCrack (Bahli & Benslimane, 2004).

Risk Analysis

Exposed Access Points

One of the basic features of the wireless technologies is that, by design, it transmits data over a space which might be over the area of organization's physical control. Every device, in IEEE 802.11 ...