Essay Sample on WLAN and Mobile Security Plan

Vulnerability is an inactive fault in a system that might be exposed by a threat, whereas a risk is defined as any occurrence that can be the source of damage to a method and can generate a loss of confidential information. These mobile network threats have done many businesses to suffer from losing confidential information of the employees, and now there is a plan to cope up with the situation. Therefore, this paper aims at discussing how to address the vulnerabilities and threats in cellular and mobile networks.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

WLAN Vulnerabilities that Present Risks for Alliah

In this scenario, there are some WLAN vulnerabilities that present risks for Alliah. One of the WLAN vulnerabilities is Man in the middle attack, where the aggressor secretly transfers and alters with the communication between two parties or group who think they are directly communicating with each other. One of the examples of this man in the middle attack is where the aggressor makes independent connections with the parties involved or rather the victims and makes them believe their conversation is on an individual situation making them talk all their sensitive information. The attacker, however, controls the whole of the discussion by injecting new messages and intercepting messages of the victims. Now for the attacker to succeed the man in the middle attack the endpoints should be impersonated sufficiently. As for Alliah, she has a higher risk of WLAN vulnerabilities because some of the employees are having access to the seven wireless access points. Alliah should now ensure that her employee uses new and reliable ways to ensure that they are genuinely using each other public key, rather than the aggressor's public key to interfere with their confidential information.

In the same scenario, there is another WLAN vulnerabilities which is encryption. Encryption is defined as the form of translating data into a secret code by having a secret key or source to decrypt it. As for Alliah, she has many employees and has given them specific duties to run them, and due to not having the knowledge who to trust, she just decided to assume the trust issues and let them work as a team. This working as a team makes one of the employees decided to take the risk and share the secret key or source of secretive information to the external environment. This bringing of your own device to the working premises is the main course of encryption. Alliah, to prevent this encryption, she should rethink about bringing your device and try having other reliable tricks of working.

Mobile Vulnerabilities that Present Risks for Alliah

There are also mobile vulnerabilities in which one is spyware. Spyware is a software used to transfer information from one computer to another using a hard drive. In many cases, the co-workers, spouses, or employers are involved in installing spyware to keep track of your whereabouts instead, not the malware as expected. This spyware may collect all the confidential data that one needs to protect appropriately, which should be prevented by downloading a legitimate antivirus and malware detector. As for Alliah, spyware may affect her through her employees or spouse to collect useful data from her.

Moreover, there are other mobile vulnerabilities, which are phishing attacks where it is defined as stealing of data from another device like a mobile or desktop using email or messages. Alliah is likely to go through this because her employees most likely are not educated to ignore unfamiliar email links through words.

Steps Used to Mitigate Man in the Middle Attack

Mitigation is defined as lessening the strength of an offence or problem. Now in man in the middle attack should be mitigated with a few steps to help to cope up with such threats. One should employ encryption where not only the communication should be encrypted, but also emails, every enterprise application, web, and voice traffic should be encrypted. The Virtual Private Network should be used to bring more and reliable security to the man in the middle attacks. There is also manage enterprise-wide certificates, which is a step to be used. The IT managers should ensure that only people with valid documents to work with enterprise applications and whenever a local certificate is used, it should be preload to all the devices using the business' tool, which is the Mobile Device Management.

Steps Used to Mitigate Encryption

In the second WLAN vulnerabilities, which is encryption, there are some steps to lessen the threat. The first step should be a collaboration where the stakeholders, workers, and management should come together and identify the laws and regulations of the organization. From there, one should ensure data classification where there should be a couple of workers being in the most sensitive information and others being in the knowledge that should only be used by the stakeholders where it refers to data loss prevention, which is essential in an organization. There should also be crucial proper management where keys and certificates should be appropriately managed and protected by understanding the documents and the information, thus sharing duties to those who will be in charge of individual keys and certificates. This leads it to access control, making it easier for the authorized staff to access the approved data.

Steps Used to Mitigate Spyware

Mitigating the spyware as a mobile vulnerability also has steps to be used, like installing quality antivirus on the mobile phone or the computer. It helps by protecting the device from a spyware infection. One should also install real-time antispyware protection which safeguards more than the antivirus because this real-time antivirus helps to detect the exact time the device has the virus rather than the quality antivirus which can discover after the device has already been infected. (Friedman, & Hoffman, 2008). The last step here is that one should perform daily scanning of your computer because regular scans add another layer of security in the device.

Steps Used to Mitigate Phishing

One should also mitigate phishing by regularly screening of the mails. This regular screening is the massive barrier of this phishing as a threat because it helps protect an organizations' letters through having many anti-phishing tools. The next step is sticking to the old means of security like antivirus software and firewalls, which is beneficial and a more reliable way of preventing phishing. (Shaulov, 2016). Lastly, managers should educate employees on how scammers work, and the consequences of certain behaviours will help lessen the threat.

Preventive Measures to Maintain the Security Posture of WLAN Vulnerabilities

One of the preventive measures is what kind of technology should be used to prevent the threat. The criteria to be used is like having wired equivalent privacy, which is old security encryption used to overcome security threats. There should also be improved security by introducing the crucial temporal integrity protocol, which is efficient for any small business. (Sundar, Aravamudan, Naqvi, Iyer, Vishwanathan, & Pai, 2006). Ensuring users are aware of the disadvantages of WLAN vulnerabilities and educating them on how to avoid unrecognized certificates or keys on their mobile phones or computer. Also, the IT managers should mitigate many of the risks expected at the same time, to increase the security by depending on the reliable method of preventing WLAN vulnerabilities.

Preventive Measures to Maintain the Security Posture of Mobile Vulnerabilities

One should take protective measures here, like wiping the company's device apps and settings regularly. Secondly, one can block the exchange of emails directly, which is a positive aspect. One can also delete the confidential information from the system, and either has it as a soft copy. (Suo, Liu, Wan, & Zhou, 2013). IT managers should also remediate all the actions happening or rather all the interactions between the management server and the device to improve security issues.

Solution for the Company's BYOD Approach

In BYOD, one should present a selective wipe to evict work management, apps, and email accounts. In company-owned devices, one should perform an enterprise wipe regularly, which erases all the information in the system. However, the device should support persistent storage or be recognized as an enrolment service to support enterprise wipe. When an organization suffers from entirely stolen data or information should perform a full enterprise wipe.

Conclusion

In either small or large businesses, there will be WLAN vulnerabilities and mobile vulnerabilities affecting the organization. However, one should practice mitigation to try to prevent or control the threat. The management should take measures and train IT managers and let them be aware of the consequences.

Reference

Friedman, J., & Hoffman, D. V. (2008). Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information Knowledge Systems Management, 7(1, 2), 159-180. Retrieved from: https://content.iospress.com/articles/information-knowledge-systems-management/iks00122

Landman, M. (2010, October). Managing smart phone security risks. In 2010 Information Security Curriculum Development Conference (pp. 145-155). ACM. Retrieved from: https://dl.acm.org/citation.cfm?id=1940971

Shaulov, M. (2016). Bridging mobile security gaps. Network Security, 2016(1), 5-8. Retrieved from: https://www.sciencedirect.com/science/article/pii/S135348581630006X

Sundar, R., Aravamudan, M., Naqvi, S. A., Iyer, P. R., Vishwanathan, K. K., & Pai, G. U. (2006). U.S. Patent No. 7,149,521. Washington, DC: U.S. Patent and Trademark Office. Retrieved from: https://patents.google.com/patent/US7149521B2/en

Suo, H., Liu, Z., Wan, J., & Zhou, K. (2013, July). Security and privacy in mobile cloud computing. In 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC) (pp. 655-659). IEEE. Retrieved from: https://ieeexplore.ieee.org/abstract/document/6583635/