A global association serving more than 95,000 IT governance, assurance and security professionals—will feature international cloud computing experts at its free virtual seminar and tradeshow, titled Security and Compliance in the Cloud: Define, Defend and Regulate, from 9 a.m. to 4 p.m. (CST) on Tuesday, 8 December 2010. Attendees can participate without leaving their offices.
The event kicks off with a keynote presentation by Dave Cullinane, chief information security officer and vice president of eBay. His presentation at ISACA’s Virtual Seminar, titled Cloud Security: Building Trust in the Cloud, will detail his experience in building a trustworthy reputation while creating a cloud computing presence.
ISACA will also offer three educational sessions that explain how to how to define, defend and regulate cloud environments. Sessions include:
- Data Protection and Access Control in the Cloud
- Compliance and the Cloud
- Vendor Management in the Cloud
During live Q&A sessions, attendees can interact directly with the speakers, including Joseph C. Granneman, CISSP, active member in the US FBI Infragard program and the Chicago Electronic Crimes Task Force; Richard E. Mackey, Jr., vice president of SystemExperts; and Jeffrey Ritter, founder and chief executive officer of Waters Edge Consulting, a well known online host and moderator of e-symposia for ISACA, ISC2 and ISSA.
“The age of cloud computing is upon us and can be confusing to navigate,” said Emil D’Angelo, CISA, CISM, international president of ISACA. “ISACA’s virtual conference will help IT professionals better trust and value cloud computing. This opportunity also allows attendees to network with global experts and peers, while obtaining low-cost continuing education credits without leaving the office.”
In addition to gaining practical information from sessions, participants will be able to network with other professionals and “visit” exhibitor booths, where they can interact live with top IT vendors to discuss innovative ways to create cost-effective risk management programs.
Additional information about the free virtual conference is available at www.isaca.org/elearning. Attendees can earn up to four free continuing professional education (CPE) hours. To learn more about ISACA’s global events, please visit www.isaca.org/conferencesA report just published - which identifies mobile networks as having a number of key security vulnerabilities that must be addressed - has been welcomed by Secure Browsing Service specialist Trusteer.
Trusteer, whose secure browsing service is offered by a number of banks, says that the Heavy Reading report is quite correct in identifying a potential problem with the security of mobile networks, for the simple reason that the wireless nature of the cellular networks makes them more susceptible to criminal attack.
“If anything, our research suggests that the report understates the security risk that the last mile of the cellular-delivered mobile Internet now represents, as A5/1 – the main GSM encryption algorithm – was cracked in a practical attack late last year by Karsten Nohl (http://bbc.in/f8n4rP),” said Amit Klein, Trusteer’s chief technology officer.
“Put simply, this means that, with sufficient equipment and CPU power, we believe that a cybercriminal can now mount a practical eavesdropping or Web browser injection attack on a cellular delivered Internet connection,” he added.
According to Klein, whilst a WiFi-based Internet connection can be said to be less secure than a desktop link, on the basis that the wireless signal can be intercepted and/or eavesdropped in some way, its range is relatively short before it hits the landline networks.
With the cellular mobile Internet, however, the signal can reach for several miles, and is therefore a lot more vulnerable to electronic trickery, he explained.
The Trusteer CTO went on to say that Heavy Reading's report reinforces his research team’s observations, since it adds the very real prospect of criminal tampering with the network infrastructure to the mix.
So far, he says, the industry has not seen any proven cases of network infrastructure tampering or Web browser injections, but the possibility grows stronger by the day, especially given the steady march of the mobile Internet.
With mobile dongles and MiFi units now becoming more and more popular - largely owing to their considerable flexibility and the fact that the technology also frees users from the `line rental tax' that almost also telcos impose on their broadband users – Klein says that more and more Web traffic is being carried the last mile by cellular means.
With the GSM Association having reported the number of high-speed mobile broadband connections have topped the 150 million mark around the world in the summer of last year (http://bit.ly/oaKPx), it can be seen that cellular infrastructure - because of its wireless nature - now poses an IT security risk that many users overlook.
This, says Klein, is what makes this report so timely, and reinforces previous warnings about the mobile Internet security threat that few experts have even considered as a possibility.
Add in the fact that mobile Internet connections are highly transient, with dynamic IP addresses that are used and re-used on a cyclic basis, and you begin to see the nature of the problem, he noted.
"Until the hardware vendors and networks address the issue, perhaps with the assistance of IT security software vendors as well, it's clear that mobile Internet connections need to be considered less safe than their landline equivalents," he said.
That isn't to say the problem isn't surmountable, as users of online financial services should employ any and all security measures available to them - such as installing in-browser security such as Trusteer Rapport - in addition to their existing IT security measures,” he added.
“Add in some serious commonsense when using mobile Internet connections, and your online session should be safe, despite the underlying insecurities in cellular encryption and the network infrastructures."
Meanwhile, a report just published - which identifies mobile networks as having a number of key security vulnerabilities that must be addressed - has been welcomed by Secure Browsing Service specialist Trusteer.
Trusteer, whose secure browsing service is offered by a number of banks, says that the Heavy Reading report is quite correct in identifying a potential problem with the security of mobile networks, for the simple reason that the wireless nature of the cellular networks makes them more susceptible to criminal attack.
“If anything, our research suggests that the report understates the security risk that the last mile of the cellular-delivered mobile Internet now represents, as A5/1 – the main GSM encryption algorithm – was cracked in a practical attack late last year by Karsten Nohl (http://bbc.in/f8n4rP),” said Amit Klein, Trusteer’s chief technology officer.
“Put simply, this means that, with sufficient equipment and CPU power, we believe that a cybercriminal can now mount a practical eavesdropping or Web browser injection attack on a cellular delivered Internet connection,” he added.
According to Klein, whilst a WiFi-based Internet connection can be said to be less secure than a desktop link, on the basis that the wireless signal can be intercepted and/or eavesdropped in some way, its range is relatively short before it hits the landline networks.
With the cellular mobile Internet, however, the signal can reach for several miles, and is therefore a lot more vulnerable to electronic trickery, he explained.
The Trusteer CTO went on to say that Heavy Reading's report reinforces his research team’s observations, since it adds the very real prospect of criminal tampering with the network infrastructure to the mix.
So far, he says, the industry has not seen any proven cases of network infrastructure tampering or Web browser injections, but the possibility grows stronger by the day, especially given the steady march of the mobile Internet.
With mobile dongles and MiFi units now becoming more and more popular - largely owing to their considerable flexibility and the fact that the technology also frees users from the `line rental tax' that almost also telcos impose on their broadband users – Klein says that more and more Web traffic is being carried the last mile by cellular means.
With the GSM Association having reported the number of high-speed mobile broadband connections have topped the 150 million mark around the world in the summer of last year (http://bit.ly/oaKPx), it can be seen that cellular infrastructure - because of its wireless nature - now poses an IT security risk that many users overlook.
This, says Klein, is what makes this report so timely, and reinforces previous warnings about the mobile Internet security threat that few experts have even considered as a possibility.
Add in the fact that mobile Internet connections are highly transient, with dynamic IP addresses that are used and re-used on a cyclic basis, and you begin to see the nature of the problem, he noted.
"Until the hardware vendors and networks address the issue, perhaps with the assistance of IT security software vendors as well, it's clear that mobile Internet connections need to be considered less safe than their landline equivalents," he said.
That isn't to say the problem isn't surmountable, as users of online financial services should employ any and all security measures available to them - such as installing in-browser security such as Trusteer Rapport - in addition to their existing IT security measures,” he added.
“Add in some serious commonsense when using mobile Internet connections, and your online session should be safe, despite the underlying insecurities in cellular encryption and the network infrastructures."