Welcome!

Cloud Security Authors: Elizabeth White, Liz McMillan, Ed Featherston, Donald Meyer, Pat Romanski

Related Topics: Cloud Security, Mobile IoT, Microservices Expo, Agile Computing, @CloudExpo

Cloud Security: Article

Online Holiday Sales Have Begun: Have You Secured Your Enterprise Network?

Do employees really need access to the corporate network via their smartphones?

It's that time of the year again. The flood of email alerts showcasing online holiday shopping deals fill the inbox at your office PC, laptops and wireless devices as merchants attempt to lure online shoppers to "click and save" while supplies last. In fact, reports show that this year's "holiday shopping" deals have already started as retailers attempt to stretch the holiday shopping season - to begin even earlier than Black Friday.

According to a recent report in Time, Booz & Co. chief retail strategist, Thom Blischok states. "We're not going to see a huge increase in sales growth for Black Friday this year....What we do expect is a lot of ‘showcasing' on Black Friday. Shoppers will check things out in stores, electronics especially, but then purchase online on the Monday after. Cyber Monday sales will explode this year."

While this is good news for merchants, it can become a virtual nightmare for corporate network administrators. With millions of online shoppers turning their office PCs, laptops, and wireless devices into online shopping carts, they hog valuable network bandwidth meant for corporate applications such as e-mail, SAP, Salesforce, and other business-critical applications.

The onslaught of personal smartphones and tablets connecting to corporate networks fully capable of performing browser-based shopping are further affecting normal business operations. According to ABI Research, more than 36 percent of consumers own at least three wireless devices. eCommerce merchants now alert wired consumers with daily deals almost instantly via mobile marketing. This surge has placed greater demands on network monitoring solutions as the mobile device market continues to grow at an astounding rate of five billion subscribers worldwide.

Most organizations allowing employee-owned devices onto their corporate networks (73% according to Aberdeen) find it not only drains their bandwidth, but also opens up severe internal security threats to proprietary information stored on the network. Employers assume this as increased productivity for employees armed with mobile devices and cost savings for hardware not purchased by the corporate office as most employees (54 percent, according to Yankee Group) demand to use their own devices at work.

According to IDC Research, however, 30-40 percent of Internet use in the workplace is non-business related. Vault.com found 37 percent of workers admit to surfing the Web constantly at work for personal interests. This underscores the need for mobile device traffic monitoring. How can network admins monitor employee internet usage and take corrective action?

Companies can easily set guidelines for network traffic monitoring to safeguard against employees armed with BYOD - especially during high traffic holiday shopping/sale months - in a few easy steps.

MAC Addresses and Mobile Devices
The old and sort of cumbersome way is to monitor the unique MAC addresses that are used by each smart mobile device that accesses an Ethernet network. The 6 byte (i.e., 48 bit) MAC address is generally in two parts: The first 3 bytes are the MAC Address vendor ID generally shared by hundreds or even tens of thousands of devices produced by the manufacturer; the second set of three bytes are unique to the device.

A 48-bit Ethernet MAC address has two components, each of which is 24 bits:

*24-bit Organizational Unique Identifier (OUIIEEE regulates the assignment of OUI numbers. Within the OUI, the two following bits have meaning only when used in the destination address:

  1. Broadcast or multicast bit - indicates to the receiving interface the frame is destined a group of end stations on the LAN segment.
  2. Locally administered address bit - normally combines OUI and a 24-bit station address. This is universally unique; however, if the address is modified locally, this bit should be set. Some vendors like Apple set this bit automatically.

Generally, the MAC address is not changed by the end user, thus dynamic IP addresses are often not used to track or report on mobile phone devices. Organizations using NetFlow and IPIX can in fact track these MAC addresses.

MAC Addresses and NetFlow
Traditional flow data (e.g., NetFlow v5) exports IP addresses, but not MAC addresses. NetFlow v9 and IPFIX introduce the ability to export any information on the router including MAC address.

A reliable Network Traffic Analyzer can be used to report to report on NetFlow and IPFIX. The NetFlow Analyzer should offer a filtering architecture to allow traffic analysts to include or exclude portions of MAC addresses. If the administrator wants to narrow a particular vendor (e.g., 00.00.0c) or the iPhone (e.g., 60:33:4b, 64.b9.38, etc.), a reporting tool can filter on these vendor IDs. Once vendor IDs are added to the report, the type can be changed to view different reports. For example, the top domains these mobile devices are visiting can be obtained if the router, switch, or firewall exporting the NetFlow or IPFIX includes URL information. The IT manager can often click on the domain (e.g. facebook.com) and look at URLs visited with mobile device.

Tracking BYOD
By forcing users to authenticate all devices onto the network and agreeing to an operating system scan, network administrators can maintain an active inventory of who (i.e., username) authenticated onto the network and with what type of device. Detailed reports can be run on the volume of iPhones, Androids, Blackberries, iPads, etc. that have authenticated onto the network. Since the MAC address is obtained from every authenticated device, it can be cross referenced with the NetFlow and IPFIX received to look at traffic patterns. This is a much more scalable solution and less error prone approach than the traditional track-down-all-the-mac-addresses approach.

Smartphones: Network Security Challenge
Allowing smartphone access to corporate resources often requires adapting new corporate mobile strategies and policies. Many companies provide VPN access to the corporate network from computers when working remotely. While VPNs offer a secure connection by encapsulating data, many smartphones don't support them (e.g., iPhone). This is partly because the hardware doesn't have the processing power to keep up with encryption processes on-the-fly. Due to pressure from management and remote users, VPN enforcement is often lax. Most employees obtain corporate access from any public network, which includes public places like local coffee shops. This opens Pandora's Box when it comes to security threats.

Smartphones are an ideal tool for cybercriminals to push their malware, viruses, worms and other threats onto corporate networks. With many important titles, email addresses and phone numbers sitting on just about every network-capable mobile phone, stealing confidential emails or pushing botnets onto the company network is easier with traditional security measures put aside in favor of easy remote access. With smartphone synchronization, infection can easily migrate onto a PC - a Trojan horse method that infects the PC could provide access to the corporate network. On the other hand, the data carried on smartphones can be targeted through malware on PCs.

Direct Attacks on the Mobile Phone
Some employees try to increase the security of their phone with special anti-theft software or by encrypting their memory card. These solutions are aimed at making data protected from physical attacks. However, those are done by pickpockets, who are less interested in the mobile phone content than reusing or reselling the device.

Cybercriminals do care about sensitive information stored on smartphones, but they don't need physical access to the phone to retrieve it. Rather, they will exploit any vulnerability - for instance in the phone's Web browser (such as the WebKit vulnerabilities on Android phones) - or use social engineering tricks to install malware on the phone. Once the phone is infected, it's easy for the cybercriminal to access any data on the device. In those cases, the locks are useless and the memory card is dynamically decrypted when used.

Businesses must add employees to the corporate network easily and cost-effectively while maintaining desired security levels and remote management capabilities. Traditionally, the RIM BlackBerry Enterprise Server (BES) has been the gold standard among organizations with corporate-liable policies, providing sophisticated security and management capabilities.

However, smartphones like Androids and iPhones are becoming more popular, and some organizations feel obligated to embrace these as part of the employee-owned smartphone strategy. These are also supporting minimum security requirements, like timed-lock and remote wipe in the case of a lost or stolen handset. Some mobile apps, like Touchdown for Android, provide Exchange ActiveSync capabilities that support security policies to ensure security of the corporate data on the smartphone. Clearly, organizations need to rethink their mobile Smartphone strategies and take into account the proliferation of employee-owned smartphones.

Setting up single sign-on is another strategy that could be implemented on corporate networks. However, as of today, it's not supported on the iPhone. Whatever the decision, a careful evaluation of mobile devices accessing the network needs to be executed.

Ultimately, the question is: Do employees really need access to the corporate network via their smartphones? If they are provided access, then IT must secure the network to make sure the onslaught of online holiday shopping and sales offerings don't turn the season to "nightmare" before Christmas for the network bandwidth.

So, this holiday season, stay safe out there and don't forget to drive safe - on the road and in cyberspace.

More Stories By Michael Patterson

Michael Patterson, is the founder & CEO of Plixer and the product manager for Scrutinizer NetFlow and sFlow Analyzer. Prior to starting Somix and Plixer, Mike worked in a technical support role at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix and Plixer.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, will provide an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life ...
SYS-CON Events announced today that IBM Cloud Data Services has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. IBM Cloud Data Services offers a portfolio of integrated, best-of-breed cloud data services for developers focused on mobile computing and analytics use cases.
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in Embedded and IoT solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and ...
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
18th Cloud Expo, taking place June 7-9, 2016, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some...
SYS-CON Events announced today that MobiDev will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobile software company with over 200 develope...
SoftLayer operates a global cloud infrastructure platform built for Internet scale. With a global footprint of data centers and network points of presence, SoftLayer provides infrastructure as a service to leading-edge customers ranging from Web startups to global enterprises. SoftLayer's modular architecture, full-featured API, and sophisticated automation provide unparalleled performance and control. Its flexible unified platform seamlessly spans physical and virtual devices linked via a world...
SYS-CON Events announced today that BMC Software has been named "Siver Sponsor" of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. BMC is a global leader in innovative software solutions that help businesses transform into digital enterprises for the ultimate competitive advantage. BMC Digital Enterprise Management is a set of innovative IT solutions designed to make digital business fast, seamless, and optimized from mainframe to mo...
"What we see what happens when you have a completely networked society and the potential to now drive the value creation and the collaboration and the ecosystems that are possible when you start to be able to connect people and industries together in ways that have never been possible before," explained Esmeralda Swartz, VP of Marketing Enterprise & Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
Companies can harness IoT and predictive analytics to sustain business continuity; predict and manage site performance during emergencies; minimize expensive reactive maintenance; and forecast equipment and maintenance budgets and expenditures. Providing cost-effective, uninterrupted service is challenging, particularly for organizations with geographically dispersed operations.
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data...
The IoTs will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm and share the must-have mindsets for removing complexity from the development proc...
SYS-CON Events announced today TechTarget has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Its extensive global networ...
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device. For more information, please visit https://www.mangoapps.com/.
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
The essence of data analysis involves setting up data pipelines that consist of several operations that are chained together – starting from data collection, data quality checks, data integration, data analysis and data visualization (including the setting up of interaction paths in that visualization). In our opinion, the challenges stem from the technology diversity at each stage of the data pipeline as well as the lack of process around the analysis.
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
In his session at 18th Cloud Expo, Bruce Swann, Senior Product Marketing Manager at Adobe, will discuss how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects). Bruce Swann has more than 15 years of experience working with digital marketing disciplines like web analytics, social med...
Designing IoT applications is complex, but deploying them in a scalable fashion is even more complex. A scalable, API first IaaS cloud is a good start, but in order to understand the various components specific to deploying IoT applications, one needs to understand the architecture of these applications and figure out how to scale these components independently. In his session at @ThingsExpo, Nara Rajagopalan is CEO of Accelerite, will discuss the fundamental architecture of IoT applications, ...