by Peter Martini, COO iboss Security
It no longer requires high tech tools to hijack an imperiled network. Are you using a traditional MDM solution? You could be leaving the backdoor to your network swinging wide open for anyone to slip inside. For example, when you set the traditional proxy settings on iOS devices to extend web filtering when users are off-premise and allow users to enter their directory credentials to authenticate, you could be exposing the credentials to the public. Even when utilizing HTTPS login on the mobile device, the data is sent in simple encryption.
All the thief needs is a receiver, some free software, and about 15 seconds of patience. ‘Recently, the iboss Mobile Security team identified a network vulnerability when securing tablets and mobile devices with MDM when off-premise. They showed how a hacker could access the network using nothing more than tools you can buy anywhere and free software on the web. They didn’t even have to download it! How can this be you ask?
- Tools are cheap – free even!
- Takes less than one minute to gain access.
- Anyone can do it!
It is horrifyingly simple. Once a user inputs his/her username and password, even if it is only once during initial authentication, that information is communicated every time the device connects to the internet and then again it is transmitted to each new site or page visited. The proxy portion of the request to connect is never encrypted even when accessing an https site because the device still has to handshake with the page in a brief communication. Usernames and passwords are easy to collect because that information is transferred during the handshake with each and every connection.
Hackers can also see IP addresses and then set themselves up on your network. With very little patience and some testing, a hacker can find the credentials of your network management staff and with that can hijack the entire network. The time has passed when this type of simple proxy setting secured a network from even the laziest hacker. To learn more about how to close this backdoor and secure your network, contact iboss Security at www.iboss.com.
About iboss Security
iboss NxtGen SWG Web Security solutions are highly scalable providing layer 7 granular HTTP, SSL, Threat and Application control across on-premise and mobile devices with dynamically searchable user based reporting. Integrated directory aware Intelligent Bandwidth Management extends network access for BYOD and mobile devices while ensuring mission critical services remain uninterrupted.