Posts Tagged ‘Android’

Dark ReadingHalf Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Midsize Insider  – IT Security Threats: The Predictive Problem 
SearchCloudApplications Mobile cloud trends: Apps let enterprises handle the risks of cloud computing
TabTimes  Study: Forget corporate deployments, BYOD will drive business adoption of Windows 8 tablets

LinuxInsider – It’s Not You, Android – It’s Your Apps
Network WorldGartner: Mobile Device management tech set to take off
InformationWeekWindows 8: A Win for Enterprise Security
Ars TechnicaAndroid apps used by millions vulnerable to password, e-mail theft

The following the first in a series of excerpts from NCP engineering‘s technical white paper, Automated Mobile Security:  Leveraging Trusted Network Connect (TNC) IF-MAP to provide automated security for company networks and mobile devices.

The increasing use of mobile devices like smartphones and tablet PCs introduce new threats to enterprise IT networks. While most of the well known security programs such as desktop firewalls,  antivirus and harddrive encryption work pretty well for laptops, they are still not available for these kinds of mobile devices. The only way to keep your network secure is by providing additional security on the central IT infrastructure.

The problem is, most of today’s security systems work isolated from each other and if they offer interoperability they do so only to a limited extent, which is insufficient to counter the new threats network security faces every day. A new specification developed by the Trusted Computing Group (TCG) strives to solve this interoperability problem with the development of IF-MAP. IF-MAP provides the possibility to interconnect different IT-security systems and provide an accurate representation of the health status of your IT network. It even can automate security responses to network  threats and enforce security without the need for human interaction.
The support for IF-MAP is steadily increasing, as more and more vendors and open source products are supporting the IF-MAP technology.

Stay tuned for the next post that explains IF-MAP in more detail.

Today, we round out our conversation with Jens Lucius, QA manager and trainer at NCP engineering on the ESUKOM project, an initiative that aims to develop a real-time security solution for enterprise networks based upon the correlation of metadata. As a core member of the project, NCP has compiled a technical paper on the project, as well.

Q: NCP is also involved in the VOGUE project, which aims to develop an integrated security platform allowing mobile devices to access different IT systems securely. Can you provide any updates on this? 

Jens: The VOGUE project has already reached its official end date but the results are still very exciting for current development in the market. The goal of VOGUE was to create a mobile system (in this case, an Android phone) with a reliable system configuration that cannot be easily changed.

A serious problem introduced by smartphones connecting to company infrastructure is, an administrator does not know what components are running on that system and if the system is still in good health. VOGUE uses another TCG technology (the TPM) to “measure” the system state, transfer that to an enforcement system (via TNC protocol) and only allow VPN access if that state is correct.  While in ESUKOM, we try the secure the network on the central side, VOGUE aims at securing the mobile endpoint.

At the time of the VOUGUE project there was no mobile phone with an integrated TPM, but now Windows 8 tablets are soon to be released including a TPM to secure the mobile platform so the results are still valid for upcoming technology. A demonstrator for the project result is hosted by the Fraunhofer SIT, a leading research institute for IT Security in Germany, which you can see here:

With the launch of NCP’s universal Android IPsec VPN clients this week, we’re curious to know which versions of the OS that our Android-equipped readers are using.  Are you ahead of the curve with Jelly Bean, behind the pack with Éclair, or tastefully in the middle with one of the other deliciously named updates Android has released in recent years? If there are particular features of each that you like –  or dislike –  let us know in the comments.