Hand Note On Mobile and Wireless Security

Prepared By: Samson, P.A
OYO STATE COLLEGE OF AGRICULTURE AND ETCHNOLOGY, IGBOORA, OYO
STATE
DEPARTMENT OF NETWORKING
(NETWORKING/CYBER SECURITY)
LEVEL: HIGHER NATIONAL DIPLOMA (HND I)
COURSE TITLE: MOBILE AND WIRELESS SECURITY
COURSE CODE: CYC 322
CREDIT UNIT: 4 UNITS
SEMESTER: 2ND SEMESTER

UNDERSTANDING TCP/IP AND OSI NETWORK SECURITY AND ACCESS
CONTROL
1.1 Security Concepts And Terminology
Authentication
the process or action of verifying the identity of a user or process.
"user authentication for each device ensures that the individual using the device is recognized by
the company"
Authentication
Authentication technology provides access control for systems by checking to see if a user's
credentials match the credentials in a database of authorized users or a data authentication server.
In doing this, authentication ensures that systems, processes and enterprise information are
secure
Authorization
is a process by which a server determines if the client has permission to use a resource or access
a file. Authorization is usually coupled with authentication so that the server has some concept of
who the client is that is requesting access.
Data privacy
is a discipline intended to keep data safe against improper access, theft or loss. It's vital to keep
data confidential and secure by exercising sound data management and preventing unauthorized
access that might result in data loss, alteration or theft.
Confidentiality
Preserving authorized restrictions on information access and disclosure, including means for
protecting personal privacy and proprietary information…” A loss of confidentiality is the
unauthorized disclosure of information.
Integrity
means that data or information in your system is maintained so that it is not modified or deleted
by unauthorized parties. This is an important element of data hygiene, reliability and accuracy.
Non-repudiation
Protection against an individual falsely denying having performed a particular action. Provides
the capability to determine whether a given individual took a ...

1.2 TCP/IP and OSI model
OSI model vs. TCP/IP model. The OSI reference model describes the functions of a
telecommunication or networking system, while TCP/IP is a suite of communication protocols
used to interconnect network devices on the internet. TCP/IP and OSI are the most broadly used
networking models for communication.
The OSI and TCP/IP models have similarities and differences. The main similarity is in their
construction, as both use layers, although the OSI model consists of seven layers, while TCP/IP
consists of just four layers.
Another similarity is that the upper layer for each model is the application layer, which performs
the same tasks in each model but may vary according to the information each receives.
The functions performed in each model are also similar because each uses a network and
transport layer to operate. The OSI and TCP/IP model are mostly used to transmit data packets,
although they each use different means and paths to reach their destinations.
Additional similarities between the OSI and TCP/IP models include the following:
 Both are logical models.
 Both define standards for networking.
 They each divide the network communication process in layers.
 Both provide frameworks for creating and implementing networking standards and devices.
 They enable one manufacturer to make devices and network components that can coexist and
work with the devices and components made by other manufacturers.
 Both divide complex functions into simpler components.
Differences between the OSI and TCP/IP models include the following:
 OSI uses three layers -- application, presentation and session -- to define the functionality of
upper layers, while TCP/IP uses only the application layer.
 OSI uses two separate layers -- physical and data-link -- to define the functionality of the
bottom layers, while TCP/IP uses only the link layer.
 OSI uses the network layer to define the routing standards and protocols, while TCP/IP uses
the internet layer.

1.3 OSI Layers and Protocols
Model Explained: The OSI 7 Layers
7. Application Layer
It is the top most layer of OSI model .It deals with end-user by interacting with it. This layer
interacts directly with the application software and serves as a bridge between the network and
the user.
6. Presentation Layer
It is responsible for the presentation and formatting of data between network systems. Its main
work is data transformation, encryption and decryption, compression and decompression,
and providing a common representation of data for different systems.

5. Session Layer
It provides services for establishing, managing, and terminating sessions or
connections between applications. Its primary role is to facilitate communication and
coordination between different applications or processes running on different network devices.
4. Transport Layer
Its primary responsibility is to provide reliable and efficient end-to-end delivery of data
between hosts or endpoints on a network. The Transport Layer ensures that data is transmitted
accurately, in the correct order, and without errors or losses.
3. Network Layer
It is responsible for logical addressing, routing, and forwarding of data packets between
different networks. Its primary function is to enable end-to-end
communication across multiple network segments.
2. DataLink Layer
Its primary role is to provide reliable and error-free data transfer between two directly
connected nodes on a network. The Data Link Layer takes packets from the Network Layer
(Layer 3) and encapsulates them into frames for transmission across the physical medium.
1. Physical Layer
It’s main responsibility is to establish and maintain the physical transmission of data between
network devices. It deals with the physical aspects of data transmission, such as the electrical,
mechanical, and procedural characteristics of the physical medium.
2.1 CONCEPT, STANDARD AND THREATS OF WIRELESS NETWORK
Wireless Network Concept
A broadband wireless router is designed for home and small-office users. This term can be used
interchangeably with an access point (AP) for the purpose of this document.
A wireless network connects computers without using network cables. Computers use radio
communications to send data between each other. You can communicate directly with other
wireless computers, or connect to an existing network through a wireless AP. When you set up
your wireless adapter, you select the operating mode for the kind of wireless network you want.
You can use your Intel® PRO/Wireless adapter to connect to other similar wireless devices that
comply with the 802.11 standard for wireless networking.

Choosing a wireless local area network (LAN) mode
Wireless LANs can work with or without an AP, depending on the number of users in the
network. Infrastructure mode uses APs to allow wireless computers to send and receive
information. Wireless computers transmit to the AP: the AP receives the information and
rebroadcasts it to other computers. The access point can also connect to a wired network or to the
Internet. Multiple access points can work together to provide coverage over a wide area.
Peer-to-Peer mode, also called Ad Hoc mode, works without access points and allows wireless
computers to send information directly to other wireless computers. You can use Peer-to-Peer
mode to network computers in a home or small office or to set up a temporary wireless network
for a meeting.
Configuring a wireless LAN
There are three basic components that must be configured for a wireless LAN to operate
properly:
 The network name or service set identifier (SSID) - Each wireless network uses a
unique network name to identify the network. This name is called the service set
identifier (SSID). When you set up your wireless adapter, you specify the SSID.
o If you are connecting to an existing network, you must use the SSID for that
network.
o If you are setting up your own network make up your own SSID and use it on
each computer. The SSID can be up to 32 characters long using a combination of
letters and numbers.
 Profiles - When you set up your computer to access a wireless network, Intel® PROSet
creates a profile for the wireless settings that you specify. To connect to an existing
network, you can make a temporary connection, or create a profile for that network. After
you create profiles, your computer automatically connects when you change locations.

 Cisco* Compatible Extensions - Enabling Cisco Compatible Extensions provides
interoperability with features of a Cisco wireless LAN infrastructure such as CKIP and
LEAP.
 Security - The 802.11 wireless networks use encryption to help protect your data. If you
are connecting to an existing network, use the encryption key provided by the
administrator of the wireless network. When setting up a wireless LAN, you can strongly
increase the level of data protection and access control using one of these methods:
o Wi-Fi Protected Access2 (WPA2) - is currently the highest level of security
offered in Wi-Fi networks. Home and small-office users can implement a
simplified version that requires a preshared key, commonly called WPA2-
Personal or WPA2-PSK. WPA2 implements 802.1x and key-exchange to
strengthen data encryption using the Advanced Encryption Standard (AES).
o Wi-Fi Protected Access (WPA) - is a security enhancement that strongly
increases the level of data protection and access control to a Wireless LAN. Home
and small-office users can implement a simplified version by creating a preshared
key, commonly called WPA-Personal or WPA-PSK. WPA enforces 802.1x
authentication and key-exchange to strengthen data encryption using Temporal
Key Integrity Protocol (TKIP).
Note
The first type of security used in Wi-Fi networks was Wired Equivalent Privacy (WEP),
and used a 64-bit or 128-bit shared encryption key to scramble data. This provided a weak
level of security, and is not recommended.
Identifying a wireless network
Depending on the size and components of a wireless LAN, there are many ways to identify a
wireless LAN:
 The network name or service set identifier (SSID) - Identifies a wireless network. All
wireless devices on the network must use the same SSID.

 Extended Service Set Identifier (ESSID) - A special case of SSID used to identify a
wireless network that includes access points.
 Independent Basic Service Set Identifier (IBSSID) - A special case of SSID used to
identify a network of wireless computers configured to communicate directly with one
another without using an access point.
 Basic Service Set Identifier (BSSID) - A unique identifier for each wireless device. The
BSSID is the Ethernet MAC address of the device.
 Broadcast SSID - An access point can respond to computers sending probe packets with
the broadcast SSID. If this feature is enabled on the access point, any wireless user can
associate with the access point by using a blank (null) SSID.
Note
The following is not intended for home users; it is provided for informational purposes
only.
Surveying your wireless LAN site
Conducting a site survey for your wireless LAN is the most crucial step of setting up a wireless
network. A site survey will greatly reduce the amount of troubleshooting for connection testing.
To conduct a site survey, you need the following tools:
 An access point (AP), or laptop computer that is set up to be the transmitter. It should be
mounted near and at the same height as the designated location of your wireless LAN.
 A laptop loaded with your site survey, to act as the mobile receiver.
 An area or building map, to plot the strength of your signals.
Once you have the tools you need, launch the site survey software on the mobile receiver.
 Carry the mobile receiver around the intended wireless LAN area to test the signal
strength.

 Check the signal strength of each intended AP location. If you encounter a problem with
a location, make sure it is not located on a wall containing metal, such as an air
conditioning duct. Flooring constructed of metal can also impact range in multi-floor
buildings.
 For seamless coverage within your LAN, the signal levels at each point must overlap.
Software available that can seamlessly pass changing signal levels from one AP to
another.
When signal strength is strong inside the building, check the strength outside the building. Carry
the mobile receiver as far down the street or around the building as you can, without losing
significant signal strength.
To improve wireless security, be aware of the types of networks used by the companies around
you. This knowledge will help you select the right channels and best location for your APs.
Factors Affecting Range
An access point (AP) can transmit a signal up to 60 feet in areas with many walled barriers or as
much as 500 feet in large open areas. Range is affected by the following factors:
 Building materials, such as steel and drywall, can shorten the range of the radio signals.
 Physical layout of the area can interfere and cause dropped signals.
 Electronic noise from cell phones, microwave ovens, or other devices on the same
frequency, can interfere with signal transmissions.
 Data rate, impacts signal distance. The faster signals are sent, the less distance they
travel.
Taking these factors into consideration when you survey the site for your WLAN is key to
providing users with undisturbed mobile connectivity. Using multiple APs can reduce the impact
of these factors if your area has dividing walls throughout.

Stronger Security
Your network is still vulnerable, even after you enable the security settings defined in the
802.11b standard, and the security settings of your hardware. Here are a few things you can do to
improve security, making it harder for outsiders to access your network:
 Change the default network name of your WLAN. Every manufacturer's default
settings are public knowledge.
 Enable encryption. TKIP encryption provides greater protection than WEP.
 Change your encryption keys as often as possible. Change the key (or pass phrase) for
Wi-Fi Protected Access (WPA) preshared key (PSK) mode.
 Enable MAC address filtering so that each access point (AP) can generate a list of
approved MAC addresses for your WLAN.
 If you have a small network, use virtual private network encryption.
 If you have a large network, you can install a gateway between your APs and network
clients.
 Intel® wireless adapters and Intel® PROSet Software v7.1.4 and later
versions support the latest security standards, including WPA and WPA2, to address the
security concerns of the original 802.11 implementations. Download the latest
recommended Intel® Software and Drivers for your Intel® wireless adapter.
 Intel® Centrino® Mobile Technology users with Intel® PRO/Wireless 2100 Network
Connection are recommended to upgrade systems to the latest software.

2.2 WIRELESS SNIFFING, WAR DRIVING, UNAUTHORIZED COMPUTER
ACCESS AND SHOULDER SURFING
1. Wireless Sniffing
A network sniffer “sniffs” or monitors network traffic for information (e.g., where it’s coming
from, which device, the protocol used, etc.). Network administrators can use this information to
help optimize their environment.
What are example uses for network sniffers?
For example, a network sniffer can monitor network usage and track down someone using
excessive bandwidth at a university or business organization. You can also use them to help find
security holes in your environment. These are all legitimate uses for a network sniffer.
However, a common use for them today lies in black hat hacking. In the wrong hands, network
sniffing tools can allow anyone with little to no hacking skills to monitor network traffic over
unsecured WiFi networks in order to steal passwords and other private information. This can
give network sniffing tools a bad reputation; however, there are still many legitimate uses for
network sniffers.
Network packet sniffing can help enhance your security, performing network penetration testing
by monitoring the data and ensuring it is encrypted. Other positive uses of network sniffers
include:
 Tracking down network traffic bottlenecks
 Testing firewalls for network security efficacy
 Acquiring statistical data on network bandwidth, availability, etc.
How do network sniffers work?
To best explain how network packet sniffers work, let’s take a step back to review what makes a
network work. Networks function as a collection of “nodes,” such as your smartphone, laptop,
server, etc., which transfer information over a networked connection. To speed these transfers

along their route, networks use packets of data—chunks of data that are broken down and then
reassembled after transmission is complete—to help avoid network congestion.
By using network sniffers to “sniff” the packets en route, a user can analyze the traffic via
“passive sniffing” (i.e., snooping in on the inflight data) or “active sniffing” (i.e., directly
interacting by sending packets and receiving responses from the target devices). The latter
unfortunately also allows for cybercrime instances.
Using encrypted protocols can help prevent unauthorized network sniffing, but since nothing is
100% guaranteed in the world of IT security, using a real-time monitoring system to alert you to
any networking abnormalities is a good idea.
What are some of the best network sniffers?
The best network packet sniffer depends on your use case. Are you primarily looking to:
Monitor bandwidth? If you’re wondering what employee is binging online streaming all day,
look for a network sniffer that lets you specify non-business traffic, like streaming sites,
torrenting, and social media.
Bolster security? Seek out a network sniffer that can detect anomalies and highlight suspicious
activities from outside sources, preferably a packet sniffer with real-time alerts.
Maintain performance? All network sniffers should offer this functionality but consider ease of
use as well. Having customizable dashboards can prove to be a major plus in preparing
stakeholder reports for monitoring metrics.
Finally, consider a network sniffer that can integrate with your existing tools to help keep a lid
on costs. PagerDuty is purpose-built to help you extend your budget. Our real-time monitoring
solution integrates seamlessly with over 350 tools. There’s a good chance you can use your
existing networking tools, saving time, costs, and complexity.
2. Wardriving
Wardriving is the act of searching for open Wi-Fi wireless networks by driving around an area
using a Wi-Fi-enabled device (such as a laptop or smartphone). The purpose of wardriving isn’t
usually to identify just a single open hotspot. Instead, the purpose is to build a larger map of
where these open (or easily accessed and unsecured) networks are located.

In a sense, wardrivers are digital cartographers. Their primary goal is to build a Wi-Fi map of a
particular street, city, or nation. That’s why wardriving is also called by another related name,
“access point mapping.”
Wardriving can go by many names. Near the end of this article, we’ll provide a full list of
alternative terms and their definitions.
Software for Wardriving
1. WiGLE in Google drive
2. Kismet - A powerful and popular tool made by Dragorn. "Kismet is a wireless network
and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection)
framework.It works with Wi-Fi interfaces, Bluetooth interfaces, some SDR (software
defined radio) hardware like the RTLSDR, and other specialized capture hardware."
2. GPSD - gpsd is a computer software program that collects data from a GPS receiver and
provides the data via an IP network to potentially multiple client applications in a server-
client application architecture.
3. Unauthorized Computer Access
Unauthorized access to computer systems refers to the act of gaining entry or attempting to gain
entry to a computer system, network, or any computing resource without the explicit permission
or authorization of the system owner, administrator, or the entity responsible for managing
access. This unauthorized access can take various forms and is typically associated with

malicious intent, ranging from cybercrime activities to espionage, data theft, or other illicit
actions.
Risks of Unauthorized Access
Unauthorized access poses serious risks, making it crucial to implement immediate protective
measures. Individuals who attempt to gain access without permission often have one of the
following goals:
1. Disrupt Electronic Systems: Some hackers aim to cause disruptions or play pranks. By
accessing sensitive data without permission, they can force a company or organization into a
state of high alert, potentially leading to a shutdown of systems.
2. Harm the Target: Unauthorized access to sensitive information can lead to significant
damage for the victim, such as triggering a data breach. This can result in legal issues, loss of
trust, and a damaged reputation.
3. Steal Data: Data theft is one of the most common motives for unauthorized access. Stolen
data can be used to extort individuals, businesses, or organizations. Often, exposed and stolen
credentials are the first targets in a data breach.
4. Cause Physical Damage: If unauthorized access is gained to certain systems, hackers can
cause physical damage to devices connected to the network, leading to costly repairs or
replacements.
By understanding these risks, organizations can better prepare to protect their systems and
sensitive data from unauthorized access.
Possible Causes of Unauthorized Access
Unauthorized computer access can occur due to various factors, often stemming from
vulnerabilities in security practices, technology, or human behavior. Understanding the possible
causes is essential for implementing effective measures to prevent and mitigate such incidents.
Here are some common causes of unauthorized computer access:
Weak Passwords
 Use of easily guessable passwords, such as “password” or “123456.”
 The lack of password complexity and diversity makes it easier for attackers to crack or guess
passwords.

Stolen Credentials
 Phishing attacks targeting users to obtain their login credentials.
 Credential harvesting through malware, keyloggers, or other malicious software.
Insufficient Authentication Measures
 The absence of multi-factor authentication (MFA) allows unauthorized access even with
compromised passwords.
 Weak or easily bypassed authentication processes.
Unpatched Software and Systems
 Failure to apply security patches and updates promptly leaves systems vulnerable to known
exploits.
 Outdated software with unaddressed security vulnerabilities.
Inadequate Access Controls
 Improperly configured access controls, granting unauthorized users or entities excessive
privileges.
 Lack of role-based access controls, allowing individuals to access data or systems beyond
their necessary permissions.
Social Engineering Attacks
 Manipulation of individuals through deceptive means to divulge sensitive information or
perform actions that compromise security.
 Exploitation of trust to gain unauthorized access.
Malicious Insider Threats
 Employees or individuals with authorized access exploit their privileges for malicious
purposes.
 Disgruntled employees seek to harm the organization by accessing and manipulating sensitive
data.
Insecure Network Connections
 Unprotected Wi-Fi networks are susceptible to eavesdropping or unauthorized access.
 Insufficient network security measures allow attackers to intercept data.
Software Vulnerabilities
 Exploitation of software vulnerabilities to gain unauthorized access.
 Use of malware or exploits targeting specific software weaknesses.

Inadequate Monitoring and Detection
 Lack of robust monitoring systems to detect unusual or suspicious activities.
 Failure to respond promptly to security alerts or anomalies.
Ways to Prevent Unauthorized Computer Access Using Unified Endpoint Management
(UEM)
Unauthorized access to work computers poses significant risks for businesses, ranging from data
breaches and hefty regulatory sanctions to brand reputation damage. To address it
comprehensively, the implementation of a robust Unified Endpoint Management (UEM)
solution is essential. This blueprint elucidates key UEM features that serve as techniques to
prevent unauthorized computer access.
All the UEM capabilities mentioned below can be enforced on multiple work computers from a
unified console. Work computers can be categorized into device or user groups after they are
enrolled. Once established, policies can be applied across an entire fleet of work computers,
which are mostly Windows, followed by macOS.
Passcode Policies
A. Complexity Requirements
 Enforce stringent passcode complexity rules to deter easily guessable passwords.
 Require a minimum length, alphanumeric characters, and a combination of uppercase and
lowercase letters.
B. Expiry and Change Policies
 Implement periodic passcode expirations to enhance security.
 Enforce an AUP necessitating users to change their passcodes at regular intervals.
C. Failed Attempts Lockout
 Configure a mechanism that temporarily locks out users after a specified number of
consecutive failed passcode attempts.
 Define a duration for the lockout period to discourage brute-force attacks.
Patch Management
A. Regular Updates
 Establish a systematic approach to ensure timely installation of operating system and software
updates.
 Automate patch deployment processes to minimize the window of vulnerability.

B. Vulnerability Assessment
 Conduct regular vulnerability assessments to identify and prioritize security flaws.
 Develop a protocol for swift patching of identified vulnerabilities based on their criticality.
Web Content Filtering
A. URL Whitelisting and Blacklisting
 Implement URL or website whitelisting to permit access only to approved websites.
 Employ URL blacklisting to block access to known malicious or inappropriate sites
proactively.
B. Category-Based Filtering
 Categorize websites based on content, allowing administrators to define access policies
accordingly.
 Restrict access to specific categories that may pose security threats or violate organizational
policies.
Device Encryption
A. Full Disk Encryption
 Mandate the use of full disk encryption to safeguard data stored on endpoint devices.
 Implement encryption algorithms compliant with established standards to ensure data
confidentiality.
B. Removable Media Encryption
 Extend data encryption measures to removable media to prevent unauthorized data extraction.
 Enforce policies requiring the use of encrypted USB drives for data transfer.
Multi-Factor Authentication (MFA)
A. Authentication Layers
 Integrate MFA to add an additional layer of security beyond traditional username and
password authentication.
 Utilize diverse authentication factors, such as conditional login, to enhance access control.
4. Shoulder Surfing
Shoulder surfing is the term used to describe one person observing another person’s
computer or mobile device screen and keyboard to obtain sensitive information. Direct

observation can be done by simply looking over someone’s shoulder – hence shoulder
surfing – or using binoculars, video cameras (hidden or visible), and other optical devices.
Typically, the objective of shoulder surfing is to view and steal sensitive information like
username and password combinations that can be later used to access a user’s account.
Credit card numbers, personal identification numbers (PIN), sensitive personal information
used in response to security questions (like middle name and birth date used for password
recovery) are also targeted.
Shoulder surfing can be done by someone with malicious intent, in which case it can result
in a security breach. Seeing a password or responses to security questions allows an
attacker to access an account or reset a password. Shoulder surfing can also be done by a
curious or nosy bystander, in which case it is simply an intrusion on privacy. Having your
bank balances, paycheck, or medical history viewed by a nosy guy at the airport is
considered by most to be unpleasant.
If you’ve ever had an IT person help you troubleshoot a problem on your PC or install a
new app, then you might be familiar with the uneasy feeling when you’re asked to enter
your password as the IT guy is looking at you doing this. This is shoulder surfing, only
without the malicious intent.
Protecting against shoulder surfing is not always easy. Simple methods like adding a
privacy screen protector can help limit the field of view to your screen, but it will not
protect your keystrokes from being observed. More elaborate and expensive methods
include gaze-based password entry, which makes it hard to observe password entry, but is
very rare and used only in extraordinary situations.
Adding two-factor authentication will make it harder for an attacker to use stolen
passwords or security questions but will not prevent shoulder surfing.
Passwordless authentication eliminates the use of passwords and therefore takes away the
risk associated with stolen passwords altogether, including those stolen using the shoulder
surfing technique. That said, it will not prevent shoulder surfing from stealing other
sensitive data like responses to security questions or its unpleasant intrusions on privacy.
How to Create an Ad Hoc Connection with Windows
Create an Ad Hoc connection between your iPad and computer by following the appropriate
steps below.

Part 1: Windows 7
1. Open the Start Menu.
2. Click Control Panel.
3. Click Network and Internet.
4. Click Network and Sharing Center.
5. Under Change your networking settings, click Set up a new connection or network.
6. Select Set up a wireless ad hoc (computer-to-computer) network.
7. Click on Next twice.
8. Enter the Network name such as "UplinkNetwork".
9. Select the Security WAP (or WEP).
10. Enter the Security Key or password.
11. Check Save this network check box.
12. Click Turn on Internet connection sharing.
Part 1: Windows 8, 8.1, or 10
1. Open the Command Prompt (CMD) as an Administrator
Windows 8 & 8.1 - Press the Windows key + X + A
Windows 10 - Right click on the Start button and select Command Prompt (Admin).
2. To ensure that your network interface supports the Hosted Network feature, type the
following command and press Enter: netsh wlan show driver
3. If “Hosted network supported” shows “Yes”, proceed to step 4. If it says “No”, you can
try to update your wireless driver. If the updated driver still does not help, then you will need
to upgrade your hardware.
4. To configure Ad Hoc Wireless connection, type this command in the command prompt
and press Enter: netsh wlan set hostednetwork mode=allow ssid= key=
5. To start your new network, type this command and press Enter: netsh wlan start
hostednetwork
6. Navigate to Control Panel > Network and Sharing Center. Click on “Change adapter
settings”
7. Right-click on Wi-Fi adapter > select Properties
8. Select the Sharing tab > Check the box to "Allow other network users to connect through
this computer's Internet connection" > Click on OK button.

Part 2: Connect your iPad device
1. Tap on the Settings icon in your iPad main menu
2. Click on Wi-Fi
3. Your ad hoc network "UplinkNetwork" should appear in the list.
4. Click on your network.
5. Enter the Password.
Start Skanect on your computer.
Start Structure App on your iPad.
You should now see "Uplink" on your iPad.
2.3 SECURITY CONSIDERATIONS FOR 802.15 VARIANTS
The IEEE 802.15 family includes standards for wireless personal area networks (WPANs), such
as Bluetooth (802.15.1), WirelessHART (802.15.4), and Zigbee (also based on 802.15.4). While
these technologies enable convenient connectivity for a wide range of applications, they also
present specific security challenges.
Common Security Threats
1. Eavesdropping: Unauthorized parties can intercept data packets transmitted over the air,
leading to sensitive information being compromised.
2. Man-in-the-Middle (MitM) Attacks: Attackers can intercept and alter communications
between two devices without either party being aware.
3. Device Impersonation: Malicious actors may impersonate legitimate devices to gain
unauthorized access to networks or services.
4. Denial of Service (DoS): Attackers can flood the network with traffic or send malformed
packets to disrupt communication.
5. Replay Attacks: Captured data packets can be resent by an attacker to trick a device into
performing unauthorized actions.
6. Firmware and Software Vulnerabilities: Inadequately secured devices may have exploitable
vulnerabilities that can be targeted by hackers.
Security Mechanisms and Protections
1. Encryption: AES (Advanced Encryption Standard): Widely used in Zigbee and other
802.15.4-based protocols, AES helps protect the confidentiality of transmitted data.

Pairing and Bonding: For Bluetooth, secure pairing methods (like Just Works, Passkey Entry,
or Numeric Comparison) help establish encrypted connections.
2. Authentication: Use of strong authentication protocols ensures that devices can verify each
other's identities before establishing a connection.
- Techniques like public key infrastructure (PKI) can provide robust authentication.
3. Access Control:
- Implementing strict access control lists (ACLs) can restrict which devices can connect to the
network, minimizing the risk of unauthorized access.
4. Regular Firmware Updates: Keeping device firmware updated is crucial for mitigating
known vulnerabilities and ensuring the latest security patches are applied.
5. Intrusion Detection Systems (IDS): Deploying IDS can help detect abnormal traffic patterns
that may indicate malicious activity on the network.
6. Secure Configuration: Default passwords and settings should be changed during device setup
to reduce the risk of unauthorized access.
7. Segmentation: Isolating IoT devices on separate networks can limit the potential impact of a
security breach.
8. Monitoring and Logging: Continuous monitoring of network activity and maintaining logs
can help identify suspicious behavior early on.
In the 802.15, the connectivity must allow innovative connectivity solutions and also require
robust security measures to mitigate risks associated with hacking and unauthorized access. By
implementing a combination of encryption, authentication, access controls, and proactive
monitoring, organizations can better protect their networks and devices against emerging threats.
As the landscape of wireless technology evolves, staying informed about security best practices
will be essential for maintaining the integrity and confidentiality of communications.
VoIP (Voice over Internet Protocol)
Definition: VoIP is a technology that allows voice communication and multimedia sessions to
be transmitted over the Internet, rather than through traditional telephone lines. It converts voice
signals into digital data packets, which are then sent over IP networks.
Techniques:
1. Packet Switching: VoIP breaks voice data into packets, which are sent individually over the
network and reassembled at the destination.

2. Codecs: Various codecs (e.g., G.711, G.729) compress and decompress audio data to optimize
bandwidth usage while maintaining sound quality.
3. SIP (Session Initiation Protocol): SIP is commonly used for initiating, maintaining, and
terminating real-time sessions in VoIP.
4. RTP (Real-time Transport Protocol): RTP is used to deliver audio and video over IP
networks, ensuring timely delivery.
Challenges:
1. Quality of Service (QoS): Ensuring high call quality can be challenging due to network
congestion, latency, and jitter.
2. Bandwidth Limitations: VoIP requires sufficient bandwidth, especially with high-definition
audio.
3. Network Reliability: VoIP performance can be affected by network outages or instability.
4. Interoperability: Different VoIP systems may have compatibility issues.
Multimedia Streaming
Multimedia streaming involves delivering audio and video content over the Internet in real-time.
Unlike VoIP, it often focuses on broadcasting media rather than two-way communication.
Techniques:
1. Adaptive Bitrate Streaming: This adjusts the quality of the video stream based on the user's
network conditions to minimize buffering.
2. HTTP Live Streaming (HLS): A protocol that allows streaming of media over HTTP,
enabling seamless playback across various devices.
3. Content Delivery Networks (CDNs): CDNs distribute content across multiple servers to
reduce latency and improve access speed.
4. Streaming Protocols: RTSP (Real Time Streaming Protocol) and RTP are commonly used
for initiating and controlling media streams.
Challenges:
1. Latency: Minimizing delay is critical for live streaming applications.
2. Network Conditions: Variability in user bandwidth can affect stream quality.
3. Device Compatibility: Ensuring consistent playback across different devices and platforms
can be challenging.

4. Content Protection: Protecting intellectual property rights while allowing streaming can
complicate distribution.
Security Considerations
Both VoIP and multimedia streaming face several security challenges:
1. Eavesdropping: Unencrypted calls or streams can be intercepted, leading to privacy breaches.
2. Denial of Service (DoS) Attacks: Attackers may target VoIP systems to overwhelm them and
disrupt services.
3. Malware and Phishing: VoIP systems can be vulnerable to malware, and users may be
targeted with phishing attacks.
4. Authentication and Authorization: Ensuring that only authorized users can access the
system is crucial for security.
5. Encryption: Using protocols like SRTP (Secure Real-time Transport Protocol) for VoIP and
HTTPS for streaming can help protect against eavesdropping and tampering.
2.4 EXPLAIN AD HOC AND SENSOR NETWORK SECURITY
Wireless Sensor Networks (WSN)
The wireless sensor network is a group of sensors that can communicate wirelessly. The
aforementioned groups of sensors can communicate within their communication range and are
hence capable of operating in changing environments.
Let’s compare the internet with a human’s Central Nervous System (CNS). Wireless sensor
networks are like sensory organs that sense the surrounding environment and gather information
to process it further.
Therefore, WSN is a combination of a large number of sensor nodes. The following sensor nodes
collect, process, and transfer the data to the users.
The nodes mentioned above can either be stationary or mobile.
A few applications of Wireless Sensor Networks (WSN):
 Environmental Monitoring
 Health Care
 Positioning and Monitoring

 Disaster prevention and relief
 Smart Agriculture System
 Infrastructure control
 Security
 Logistics
AD HOC NETWORKS
Ad hoc networks are mainly for data communication and have no sensing ability. These are self-
configuring networks of wireless links connected to mobile nodes.
The aforementioned mobile nodes convey information directly to each other without any access
points; that’s why they are infrastructure-less.
They create an arbitrary topology, where the routers move randomly and arrange themselves as
required.
If we take the same example of the human Central Nervous System, the Ad hoc networks work
like nerve endings to communicate with the brain and body.
However, ad hoc networks were developed by the defense forces in the early seventies to comply
with military frameworks. These networks have now also proven useful in the commercial and
industrial fields.
Some common applications of Ad hoc Networks are:
 Data Mining
 Military Battlefield
 Commercial Sector
 Personal Area Network or Bluetooth
 Emergency and temporary communication

Wireless sensor networks vs. Ad hoc networks: differences
Ad hoc networks are primarily designed for data communication; wireless sensor networks, on
the other hand, are designed for data communication, data collection, and data storage
The following comparison table will help you gain a better understanding of wireless sensor
networks vs. Ad hoc networks.
Wireless Sensor Networks Ad hoc Networks
1. In wireless sensor networks, the mediums used
are mostly radio waves, infrared, and optical
media.
2. WSN uses application-dependent network
3. It is homogenous in type
4. Wireless sensor networks are data-centric.
5. In WSN, the traffic pattern is any-to-any, many-
to-one, many-to-few, and one-to-many.
6. It only supports specific applications
7. Nodes are limited to sensor nodes
8. Sensor nodes in large quantities are used
9. Have high redundancy
10. In remote and hard-to-reach areas, WSN is
deployed
1. There is only one type of medium used
in Ad hoc networks: radio waves.
2. An application-independent network is
used in Ad hoc.
3. It is heterogeneous in type.
4. Ad hoc networks are address-centric.
5. In Ad hoc networks, the traffic pattern
is point-to-point.
6. They can support common services
7. Here, nodes can be any wireless
device.
8. Compared to WSNs, fewer sensor
nodes are used.
9. Have low redundancy
10. It can be deployed in any
environment
Similarities Between WSN And Ad Hoc Networks
Till now we have covered the difference between a wireless sensor network and an Ad hoc
network, but there are also some similarities between the two networks.
In the case of wireless sensor networks vs. Ad hoc networks, the similarities are:
 Both are infrastructure-less wireless networks.
 Routing techniques are more or less the same.
 In both above-mentioned networks, the topology can change over a period of time.
 Nodes can be operated on a battery

 Both use unlicensed spectrum
Market Demand For WSN And Ad Hoc Networks
When we talk about WSN, there are three variables that push the development of WSN:
1. Wireless Effect
The demand for wireless connectivity is increasing every day, as it’s now a trend to go wireless.
Thus, wireless technology has a very wide range and is used for sensing, monitoring, and
control.
2. Economic Driving Forces
Wireless sensor networks can reduce overall operational and labor costs and also bring good
social benefits. Moreover, it will reduce the power consumption of devices and relieve traffic
congestion.
3. Technology Driving Forces
The advancement of technology will keep reducing the cost of hardware and software. In
addition, the WSN market will also benefit from low-priced radio frequency modules.
This is the same case with Ad hoc networks; their market is also agitated by the above-given
points. Similar to WSN, the ad hoc network is also infrastructure-less and features simple
deployment.
The following situations are deemed suitable for ad hoc networks:
 If it is not possible to install the network equipment beforehand
 When it is necessary to quickly self-organize the network
 If the communication equipment is destroyed,
 And a distributed network is required.
3.0 UNDERSTAND NETWORK SECURITY TOOLS AND TECHNOLOGIES
What is Network Security: An introduction to Network Security?
By Michael Warne 06-Jun-2022
What is Network Security?
In the World today organizations are more advanced than ever before. So most of these
organizations works within the range of exchange of data and communication which take place
over wireless networks. Without any walls or security measures, your data is in danger of being
stolen by malicious third parties.

What is Network Security?
Network security plays a major role in every organisation regardless of size, industry or
infrastructure. It refers to the security that networks require against unauthorised access and
risks. Network administrators and cybersecurity experts are responsible for adopting preventive
measures that keep their organisation’s data from potential threats, whether they are large or
small.
There are different measures to be taken for different types of threats. If network security is one
of your career interests, you should know the types of threats, measures you can take and how
infosec can become your new career.
Why is Network Security Important?
Information security is fundamental for an organisation as it has a lot depending on it.
Smooth Operations and Functioning: Cyberattacks affect the workflow and can hamper or
steal valuable data. A small attack can disrupt work for a few hours while a large attack can
cause blackouts that can cost the company huge amounts of data, money and time. Cybersecurity
allows your organisation to function without any hindrances.
Safe Application Operation: Applications can run smoothly thanks to network security.
Cyberattacks can plant bugs or leak data from private applications. Network security prevents
any such mishaps.
Data Protection: Data is the most valuable asset for any organisation today. Network security
measures ensure your company’s data is always safe and secure.
Additional Read: Cisco Certified Network Professional (CCNP) Certification Path 2021
Types of Network Security Attacks:
Active attack:
An active attack is when an attacker tries to make changes to data either at a target site or on its
way to the target site. These are often highly aggressive, unveiled attacks that are immediately
obvious. Hacking and changing emails is one example of an active attack. These attacks attempt
to lock users out of systems, destroy files, or gain illegal access to secure locations.
Passive attack:
A passive attack is mostly a hidden threat. The hacker monitors and scans systems for
vulnerabilities without being detected. The goal here is to gain access to a network and steal

information over time. Network security experts implement different methods and processes to
secure network architecture. This helps detect threats before they enter your network.
Types of Network Security:
Network Access control
This is the process of keeping attackers away from your network, this enables you to have the
control and means to block unauthorised users from accessing your network. This includes NOT
only external parties but internal ones as well.
(Consider one of your employees is quitting the organisation. Make sure their remote access to
the network is restricted and then blocked soon enough. Leaving their single node open and
unmonitored will put you at risk against hackers and unwanted parties.)
Even users who can access your network should meet certain criteria. This includes secure
devices, locations or networks that they must use to connect with your main network.
Application security
This includes hardware, software and processes that can be used to identify and correct
application vulnerabilities. Different platforms offer different applications to enable easier
communication and data sharing across networks. App developers take several precautions to
secure data shared across the application. But since this security information can easily be found
once the application is launched, it is hard to ensure there won’t be any security breach.
Once this application is a part of your network, it is crucial to ensure absolute security so that
your data can be shared and saved securely.
3.2 Explain Network Security Tools
 SolarWinds: Network Performance Monitor is a powerful and affordable network
monitoring software enabling you to quickly detect, diagnose, and resolve network
performance problems and outages.
 Monitor: Network monitoring tools gather and analyze network data to provide network
administrators with information related to the status of network appliances, link
saturation, the most active devices, the structure of network traffic or the sources of
network problems and traffic anomalies.
 Acunetix: Acunetix network security scanner integration lets you check your perimeter
network services for vulnerabilities, misconfigurations, and other security threats. With

Acunetix you can: Test for weak passwords on database servers, IMAP, FTP, POP3,
Socks, SSH, and Telnet.
 ManageEngine: ManageEngine automates ticket management for the IT help desk and
the end user. Users can raise their tickets through emails, websites, and calls
 Vulnerability Manager Plus: is an integrated threat and vulnerability management
software that delivers comprehensive vulnerability scanning, assessment, and remediation
across all endpoints in your network from a centralized console.
 ManageEngine Log360: Log360, a comprehensive SIEM tool, helps you resolve
numerous IT security challenges including log management, Active Directory auditing,
public cloud log management, meeting compliance requirements, protecting confidential
data from security breaches, and much more through a simple and easy-to-use interface.
 NordVPN: A VPN works by creating a secure encrypted connection between your device
and a remote server. This way, your data can travel in secrecy instead of through your
internet service provider. A VPN hides your real IP address and encrypts your internet
connection to make your browsing safer and more private.
 NordLayer: NordLayer is a secure remote access solution born out of Nord Security
powerhouse and consumer product NordVPN. SASE and Zero Trust defined frameworks
are the focus baseline for NordLayer development. The solution introduces SaaS security
features for the internet, network, and resource access control.
 Webroot: is a comprehensive software that offers automated detection, prevention, and
remediation from threats on your endpoints.
Webroot protects your usernames, account numbers, and other personal information
against keyloggers, spyware, and other online threats targeting valuable personal data.
3.3 FIREWALL, TYPES AND CONFIGURATION
What is Firewall?
As cybercrimes continue to escalate, the need to protect information by individuals and
companies has never been more pressing. Your role in this, as a key player in the fight against
cyber threats, is crucial. However, implementing these security measures can be daunting. One
such crucial security device is the firewall, a robust shield that fortifies your network and devices
against external threats.

A firewall is a device or software in a network that controls incoming and outgoing network
traffic according to predetermined security rules. It can be set up as a barrier between an internal
trusted network and external untrusted networks, such as the Internet, and typically allows only
authorized traffic while blocking potentially harmful data.
Key Functions of Firewalls:
1. Traffic Filtering: Firewalls screen data packets (pieces of data) in the network's flow-in and
flow-out directions, allowing or blocking them according to certain rules.
2. Access Control: They decide which applications, services, and devices can access the
network, thus protecting sensitive resources.
3. Threat Detection: Some of them can detect and prevent other types of threats, such as
viruses, malware, or even suspicious behavior.
Types of Firewalls
It can be software or hardware. Software firewalls are applications installed on each computer;
they control network traffic through applications and port numbers. Hardware firewalls are
devices set up between the gateway and your network. You also refer to a firewall provided by a
cloud solution as a cloud firewall.
Depending on their methods of filtering traffic, structure, and functionality, there is more than
one type of firewall. Some of the types of firewalls include:
 Packet Filtering: A packet filtering firewall controls incoming and outgoing traffic
across a network. It allows or rejects the flow of data depending on the packet's source
address, destination address, application protocols involved in transmitting the data, and
more.
 Proxy Service Firewall: This type of firewall works by filtering messages at the
application layer in the network's interest. A proxy firewall is a gateway between two
networks for a specific application.
 Stateful Inspection: A firewall permits or blocks network traffic based on state, port,
and protocol. It decides on filtering based on administrator-defined rules and context.
 Next-Generation Firewall: According to Gartner, Inc., a next-generation firewall is a
deep-packet inspection firewall that adds application-level inspection, intrusion prevention,
and information from outside the firewall to go beyond port/protocol inspection and blocking.

 Unified Threat Management (UTM) Firewall: Commonly, a UTM device combines a
stateful inspection firewall, intrusion prevention, and antivirus functionalities in a loose
coupling. A UTM could provide added services like cloud management. Simply put, UTMs
have been designed to be simple and easy to use.
 Web Application Firewall: It is a security solution that is used for filtering and
monitoring inbound and outbound HTTP/HTTPS traffic towards or from a web application
known as WAF. It protects against various threats targeting web applications, including SQL
injection, cross-site scripting attacks, and other standard web weaknesses.
The WAF works at the application layer by obstructing malicious inputs and suspicious
activities before they get to the web server. It will help prevent attacks on the OWASP Top 10
lists and provide real-time threat detection and bot mitigation to ensure integrity in web
applications.
 AI-Powered Firewall: An AI-powered firewall uses artificial intelligence to enhance
network security by analyzing traffic patterns, detecting emerging threats, and adapting in real
time. It provides advanced threat detection, including zero-day attacks, and reduces false
positives by learning from data.
This makes AI firewalls more effective in identifying and blocking sophisticated, evolving
cyber threats than traditional firewalls.
 Virtual Firewall: A virtual firewall offers protection in the virtualized environment,
including cloud platforms or VPNs. Like hardware firewalls, virtual firewalls work within
VMs to filter and monitor network traffic, but they are virtual. They have the same functions
as physical firewalls, like controlling traffic and detecting possible threats. Still, they've been
designed to provide flexible and scalable protection in cloud and virtual infrastructures.
 Cloud Native Firewall: Cloud-native firewalls are security solutions designed and fitted
for cloud environments. Their seamless integration into the cloud platform ensures the
protection of cloud applications and workloads. Unlike traditional firewalls, this new
generation of cloud-native firewalls will provide features like scaling, flexibility, and
handling dynamic and distributed cloud traffic. They offer advanced security features such as
traffic filtering, threat detection, and compliance optimized for the unique needs of cloud
architectures.

How Firewall Works
After understanding, what is firewall in computer network, let us have a look at how does it
work. As earlier noted, firewalls filter the network traffic within a private network. It analyzes
which traffic should be allowed or restricted according to set rules. Think of a firewall as a
gatekeeper at the entry to your computer, permitting access into your network to only trusted
sources-or IP addresses.
It only accepts incoming traffic that has been configured to do so. Firewalls will distinguish
between good and malicious traffic and allow or block specific data packets based on pre-
established security rules.
These rules depend on multiple aspects that the packet data indicate to, such as source,
destination, content, and so on. Thus, they block traffic coming from suspicious sources to avoid
cyberattacks.
For example, the image depicted below shows how a firewall allows good traffic to pass to the
user’s private network.
Firewall allowing Good Traffic
However, in the example below, the firewall blocks malicious traffic from entering the private
network, thereby protecting the user’s network from being susceptible to a cyberattack.

Firewall blocking Bad Traffic
Firewall Configuration
There are many suitable firewall models that can be used to protect your network. You can
consult a HIPAA security expert or PCI security expert to learn more about your options. The
following steps are critical, regardless of the firewall model you choose. This guide assumes that
you are using a business grade firewall that supports multiple internal networks (or zones) and
performs stateful packet inspection.
Step 1: Secure your firewall
If an attacker is able to gain administrative access to your firewall it is “game over” for your
network security. Therefore, securing your firewall is the first and most important step of this
process. Never put a firewall into production that is not properly secured by at least the following
configuration actions:
Update your firewall to the latest firmware.
 Delete, disable, or rename any default user accounts and change all default passwords.
Make sure to use only complex and secure passwords.
 If multiple administrators will manage the firewall, create additional administrator
accounts with limited privileges based on responsibilities. Never use shared user
accounts.
 Disable simple network management protocol (SNMP) or configure it to use a secure
community string.
Step 2: Architect your firewall zones and IP addresses

In order to protect the valuable assets on your network, you should first identify what the assets
are (for example, payment card data or patient data). Then plan out your network structure so
that these assets can be grouped together and placed into networks (or zones) based on similar
sensitivity level and function.
For example, all of your servers that provide services over the internet (web servers, email
servers, virtual private network (VPN) servers, etc.) should be placed into a dedicated zone that
will allow limited inbound traffic from the internet (this zone is often called a demilitarized zone
or DMZ). Servers that should not be accessed directly from the internet, such as database servers,
must be placed in internal server zones instead. Likewise, workstations, point of sale devices,
and voice over Internet protocol (VOIP) systems can usually be placed in internal network
zones.
If you are using IP version 4, Internal IP addresses should be used for all of your internal
networks. Network address translation (NAT) must be configured to allow internal devices to
communicate on the Internet when necessary.
Once you have designed your network zone structure and established the corresponding IP
address scheme, you are ready to create your firewall zones and assign them to your firewall
interfaces or subinterfaces. As you build out your network infrastructure, switches that support
virtual LANs (VLANs) should be used to maintain level-2 separation between the networks.
Step 3: Configure access control lists
Now that you have established your network zones and assigned them to interfaces, you should
determine exactly which traffic needs to be able to flow into and out of each zone.
This traffic will be permitted using firewall rules called access control lists (ACLs), which are
applied to each interface or subinterface on the firewall. Make your ACLs specific to the exact
source and/or destination IP addresses and port numbers whenever possible. At the end of every
access control list, make sure there is a “deny all” rule to filter out all unapproved traffic. Apply
both inbound and outbound ACLs to each interface and subinterface on your firewall so that only
approved traffic is allowed into and out of each zone.
Whenever possible, it is generally advised to disable your firewall administration interfaces
(including both secure shell (SSH) and web interfaces) from public access. This will help to
protect your firewall configuration from outside threats. Make sure to disable all unencrypted
protocols for firewall management, including Telnet and HTTP connections.

Step 4: Configure your other firewall services and logging
If your firewall is also capable of acting as a dynamic host configuration protocol (DHCP)
server, network time protocol (NTP) server, intrusion prevention system (IPS), etc., then go
ahead and configure the services you wish to use. Disable all the extra services that you don’t
intend to use.
To fulfill PCI DSS requirements, configure your firewall to report to your logging server, and
make sure that enough detail is included to satisfy requirement 10.2 through 10.3 of the PCI
DSS.
Step 5: Test your firewall configuration
In a test environment, verify that your firewall works as intended. Don’t forget to verify that your
firewall is blocking traffic that should be blocked according to your ACL configurations.
Testing your firewall should include both vulnerability scanning and penetration testing.
Once you have finished testing your firewall, your firewall should be ready for production.
Always remember to keep a backup of your firewall configuration saved in a secure place so that
all of your hard work is not lost in the event of a hardware failure.
Remember, this is just an overview to help you understand the major steps of firewall
configuration. When using tutorials, or even if you decide to configure your own firewall, be
sure to have a security expert review your configuration to make sure it is set up to keep your
data as safe as possible.
Firewall Management
With your firewall in production, you have finished your firewall configuration, but firewall
management has just begun. Logs must be monitored, firmware must be updated, vulnerability
scans must be performed, and firewall rules must be reviewed at least every six months. Last of
all, be sure to document your process and be diligent about performing these ongoing tasks to
ensure that your firewall continues to protect your network.
Configuration of Firewall for Windows
Microsoft Defender Windows 11 and Windows 10
It's important to have Microsoft Defender Firewall on, even if you already have another firewall
on. It helps protect you from unauthorized access.
To turn Microsoft Defender Firewall on or off:

1. Select Start, then open Settings. Under Privacy & Security, select Windows
Security > Firewall & network protection. Open Windows Security settings
2. Select a network profile: Domain network, Private network, or Public network.
3. Under Microsoft Defender Firewall, switch the setting to On. If your device is connected
to a network, network policy settings might prevent you from completing these steps. For
more info, contact your administrator.
4. To turn it off, switch the setting to Off. Turning off Microsoft Defender Firewall could
make your device (and network, if you have one) more vulnerable to unauthorized access. If
there's an app you need to use that's being blocked, you can allow it through the firewall,
instead of turning the firewall off.
Note: If you get errors, or if the setting won't turn on, you can use the troubleshooter and then
try again.
4.0 Understand Mobile Technologies, Security and Breaches
GSM and UTMS Network Security
GSM maintains end-to-end security by retaining the confidentiality of calls and anonymity of the
GSM subscriber. Temporary identification numbers are assigned to the subscriber's number to
maintain the privacy of the user.
GSM is the most secured cellular telecommunications system available today. GSM has its
security methods standardized. GSM maintains end-to-end security by retaining the
confidentiality of calls and anonymity of the GSM subscriber.
Temporary identification numbers are assigned to the subscriber’s number to maintain the
privacy of the user. The privacy of the communication is maintained by applying encryption
algorithms and frequency hopping that can be enabled using digital systems and signalling.
This chapter gives an outline of the security measures implemented for GSM subscribers.
Mobile Station Authentication
The GSM network authenticates the identity of the subscriber through the use of a challenge-
response mechanism. A 128-bit Random Number (RAND) is sent to the MS. The MS computes
the 32-bit Signed Response (SRES) based on the encryption of the RAND with the
authentication algorithm (A3) using the individual subscriber authentication key (Ki). Upon

receiving the SRES from the subscriber, the GSM network repeats the calculation to verify the
identity of the subscriber.
The individual subscriber authentication key (Ki) is never transmitted over the radio channel, as
it is present in the subscriber's SIM, as well as the AUC, HLR, and VLR databases. If the
received SRES agrees with the calculated value, the MS has been successfully authenticated and
may continue. If the values do not match, the connection is terminated and an authentication
failure is indicated to the MS.
The calculation of the signed response is processed within the SIM. It provides enhanced
security, as confidential subscriber information such as the IMSI or the individual subscriber
authentication key (Ki) is never released from the SIM during the authentication process.
Signalling and Data Confidentiality
The SIM contains the ciphering key generating algorithm (A8) that is used to produce the 64-bit
ciphering key (Kc). This key is computed by applying the same random number (RAND) used in
the authentication process to ciphering key generating algorithm (A8) with the individual
subscriber authentication key (Ki).
GSM provides an additional level of security by having a way to change the ciphering key,
making the system more resistant to eavesdropping. The ciphering key may be changed at
regular intervals as required. As in case of the authentication process, the computation of the
ciphering key (Kc) takes place internally within the SIM. Therefore, sensitive information such
as the individual subscriber authentication key (Ki) is never revealed by the SIM.
Encrypted voice and data communications between the MS and the network is accomplished by
using the ciphering algorithm A5. Encrypted communication is initiated by a ciphering mode
request command from the GSM network. Upon receipt of this command, the mobile station
begins encryption and decryption of data using the ciphering algorithm (A5) and the ciphering
key (Kc).
Subscriber Identity Confidentiality
To ensure subscriber identity confidentiality, the Temporary Mobile Subscriber Identity (TMSI)
is used. Once the authentication and encryption procedures are done, the TMSI is sent to the
mobile station. After the receipt, the mobile station responds. The TMSI is valid in the location
area in which it was issued. For communications outside the location area, the Location Area
Identification (LAI) is necessary in addition to the TMSI.

UMTS
UTMS is based on the Global System for Mobile Communications (GSM) standards and was
developed by the 3rd Generation Partnership Project (3GPP).
Key benefits of UMTS
UMTS was a huge advancement over previous connectivity options like 2G. Although 4G and
even 5G have become more widespread, UMTS still boasts several benefits that significantly
enhance mobile communication and wireless connectivity in areas where more advanced
networks aren’t available:
High-speed data transfer
With speeds up to two Mbps, UMTS enables faster data transfer, making it ideal for video
streaming and large downloads. With the ability to transfer more data more quickly, high-speed
data transfer enables faster communication, efficient remote work, and quick access to cloud
services.
This enhanced speed also facilitates real-time data exchange and collaboration. Finally, it
supports a wide range of mobile applications and services essential for today's increasingly
mobile, interconnected business environment.
Improved bandwidth and capacity
UMTS networks can handle more simultaneous users per cell, reducing the likelihood of network
congestion. Higher bandwidth is especially crucial for businesses dealing with large volumes of
data, supporting applications like video conferencing, cloud computing, and real-time analytics.
Increased bandwidth also means more devices can connect without compromising performance,
catering to the growing needs of businesses with extensive IoT deployments or large, mobile
workforces.
Global roaming
UMTS operates on internationally recognized frequencies, allowing for seamless connectivity
across different geographical locations. This feature is essential for businesses with a global
footprint. It supports international communication, travel, and operations without the need for
multiple devices or services.
It also ensures employees can stay connected and access critical business applications and data
while traveling, facilitating uninterrupted workflow and collaboration. This global connectivity is

a key driver for businesses operating in multiple markets, offering flexibility and operational
continuity in the global business landscape.
Enhanced security
UMTS networks offer advanced security features, including improved encryption for voice and
data transmission. Enhanced security safeguards sensitive corporate data and communications. It
also reduces the risk of data breaches and cyber threats, which is crucial in an era where digital
information is a valuable asset.
Finally, it ensures secure transmission of data over cellular networks, providing peace of mind
for businesses dealing with confidential information. This security feature is particularly
important for businesses embracing remote work and mobile operations, where data often travels
across various networks and devices.
UMTS's ability to support high-speed data transfer and multimedia applications revolutionized
how people use mobile devices, making it possible to stream videos, play online games, and
access the internet at speeds that were once unimaginable on mobile platforms. Even today,
UMTS’s capabilities make it possible for businesses and consumers to connect wirelessly across
the globe.
SIM and UICC Security
A subscriber identification module (SIM) on a removable SIM card stores securely the
international mobile subscriber identity (IMSI) used to identify a subscriber on mobile devices
(such as mobile phones and computers) in a GSM (Global System for Mobile Communications)
network.
The universal integrated circuit card (UICC) is the chip card, a multi-application platform, used
in mobile devices in GSM and UMTS (Universal Mobile Telecommunications System, one of
the third-generation (3G) mobile telecommunications technologies) networks. In a GSM
network, the UICC contains a SIM application and in a UMTS network it is the USIM
application. A UICC may contain several applications, making it possible for the same chip card
to give access to both GSM and UMTS networks, but also to store a variety of other applications.
4.1 Concept And Types Of Security Breaches In Network
What is security breach?
A security breach can be related to an unauthorized access or compromise of sensitive data, such
as healthcare records, due to vulnerabilities in storage or data sharing systems. It involves

incidents like hacking, phishing, and insider attacks, which can lead to the exposure or tampering
of information.
Types of security breaches
Packet sniffing is a method of detecting and assessing packet data sent over a network. It can be
used by administrators for network monitoring and security. However, packet sniffing tools can
also be used by hackers to spy or steal confidential data.
Spoofing is a type of cybercriminal activity where someone or something forges the sender's
information and pretends to be a legitimate source, business, colleague, or other trusted contact
for the purpose of gaining access to personal information, acquiring money, spreading malware,
or stealing data.
Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or
systems, rendering them inaccessible and unusable until the attacker receives a ransom payment.
The first iterations of ransomware used only encryption to prevent victims from accessing their
files and systems.
Password guessing is the process of attempting to gain access to a system through the
systematic guessing of passwords (and at times also usernames) in an attempt to gain a login to a
target system.
Recording Keystroke logging is an act of tracking and recording every keystroke entry made on
a computer, often without the permission or knowledge of the user.
Phishing is when attackers send scam emails (or text messages) that contain links to malicious
websites.
Websites may contain malware (such as ransomware) which can sabotage systems and
organizations.
4.3 CAUSES OF SECURITY BREACHES AND SOLUTIONS
1. Weak and Stolen Credentials, a.k.a. Passwords
Hacking attacks may well be the most common cause of a data breach but it is often a weak or
lost password that is the vulnerability that is being exploited by the opportunist hacker. Stats
show that 4 in 5 breaches classified as a “hack” in 2012 were in-part caused by weak or lost
(stolen) passwords!
Simple Solution: Use complex passwords and never share passwords.

2. Back Doors, Application Vulnerabilities
Why bother breaking the door down when the door is already open? Hackers love to exploit
software applications which are poorly written or network systems which are poorly designed or
implemented, they leave holes that they can crawl straight through to get directly at your data.
Simple Solution: Keep all software and hardware solutions fully patched and up to date.
3. Malware
The use of both direct and in-direct Malware is on the rise. Malware is, by definition, malicious
software: software loaded without intention that opens up access for a hacker to exploit a system
and potentially other connected systems.
Simple Solution: Be wary of accessing web sites which are not what they seem or opening
emails where you are suspicious of their origin, both of which are popular methods of
spreading malware!
4. Social Engineering
As a hacker, why go to the hassle of creating your own access point to exploit when you can
persuade others with a more legitimate claim to the much sought after data, to create it for you?
Simple Solution: If it looks too good to be true then it probably is too good to be true. If you
were going to bequeath $10 Million US Dollars to someone you had never met, would you
send them an email?
5. Too Many Permissions
Overly complex access permissions are a gift to a hacker. Businesses that don’t keep a tight rein
on who has access to what within their organisation are likely to have either given the wrong
permissions to the wrong people or have left out of date permissions around for a smiling hacker
to exploit!
Simple Solution: Keep it Simple.
6. Insider Threats
The phrase “keep your friends close and your enemies closer” could not be any more relevant.
The rogue employee, the disgruntled contractor or simply those not bright enough to know better
have already been given permission to access your data; what’s stopping them copying, altering
or stealing it?
Simple Solution: Know who you are dealing with, act swiftly when there is a hint of a problem
and cover everything with process and procedure backed up with training.

7. Physical Attacks
Is your building safe and secure? Hackers don’t just sit in back bedrooms in far off lands, they
have high visibility jackets and a strong line in plausible patter to enable them to work their way
into your building and onto your computer systems.
Simple Solution: Be vigilant, look out for anything suspicious and report it.
8. Improper Configuration, User Error
Mistakes happen and errors are made.
Simple Solution: With the correct professionals in charge of securing your data and the
relevant and robust processes and procedures in place to prevent user error, then mistakes and
errors can be kept to a minimum and kept to those areas where they are less likely to lead to a
major data breach.
4.5 CHALLENGES FACED IN SECURITY DATA AND SYSTEM IN AN
ORGANIZATION AND SOLUTION
Data security is no longer a simple IT task and can't be solved with one tool. It's a strategic
imperative that touches every level of an organization.
Data protection is a significant challenge, as more information is processed and stored in more
locations than ever before.
For organizations, operationalizing data security is no longer a simple IT task and can't be solved
with one tool or solution. It's a strategic imperative that impacts every level of an organization.
While technology offers advanced tools and solutions to boost defenses, the key challenge lies in
seamlessly integrating these tools into an organization's operations. Essentially, it's about striking
a balance between robust security and operational efficiency - and ensuring that protective
measures enhance rather than hinder business processes. A holistic approach that encompasses
technology, processes and people is crucial for success.
Challenges
1. Resource Constraints
Implementing robust security measures often requires a large financial investment as well as
dedicated time and expertise. Hiring skilled cybersecurity personnel is expensive, assuming you
can even find the right personnel, and continual training is essential. The deployment of
advanced security tools and infrastructure places an additional strain on an organization's budget.

Data protection solutions with a streamlined implementation process eliminate the need for
extensive resources. Agentless, API-based solutions are easy to deploy and can deliver value in
days, without any upfront work required. As an example, today's managed data security posture
management (DSPM) security solutions enable any size organization to streamline cybersecurity
operations and significantly reduce the burden on in-house IT teams.
2. Diverse Data Sources
Data is everywhere, and organizations use a plethora of platforms and services -- from cloud
storage solutions like Gdrive and Box, to communication tools like Slack, and collaboration
platforms like SharePoint. Even more concerning is that sensitive data is no longer just
structured. At least 80% of an organization's data is unstructured, meaning it's embedded in
millions of financial reports, corporate strategies documents, source code files and contracts
created by CFOs, general managers, engineers, lawyers and others.
To address this challenge, today's DSPM solutions are designed to control information flows
between departments and third parties, ensuring that data at risk is identified and sensitive data
remains protected -- regardless of its location.
3. Data Classification
Data classification is the foundation upon which many security measures are built. By
categorizing data based on its sensitivity and importance, organizations can apply appropriate
protection measures. But the sheer volume of data generated and stored today makes manual
classification a herculean, if not impossible, task, and continually updating classification criteria
in response to an evolving data landscape is crucial.
To address this, best-of-breed AI-based classification solutions leverage sophisticated machine
learning technologies to autonomously scan and categorize documents. With the latest AI models
for fast and accurate data discovery and categorization, organizations can eliminate the need for
manual classification, which has proven to be both inaccurate and inefficient.
4. Access Governance
Some data is public, some is confidential and some is strictly on a need-to-know basis. Managing
who has access to what data is a cornerstone of data security and requires the definition of access
permissions and continually reviewing and updating them. Ensuring that permissions are always
up-to-date and adhere to the principle of least privilege -- where individuals have only the access
they need and nothing more -- is a constant challenge, especially in large, dynamic organizations.

Data access governance (DAG) establishes and enforces policies governing data access and
usage and plays a key role in ensuring that only authorized individuals can access sensitive
information. This process is enhanced by a deep contextual understanding of both structured and
unstructured data, which helps in keeping access permissions current and aligned with the
principle of least privilege. DAG solutions enable organizations to comply with access and
activity regulations, demonstrate control to auditors and adopt zero-trust access practices.
5. Rapid Remediation
Rapid remediation is crucial to minimizing damage and protecting sensitive data when a security
risk or breach is identified. Remediation actions include revoking access permissions, isolating
affected systems or notifying affected parties. But rapid remediation requires swift action, clear
protocols and a well-coordinated response team. Organizations must have these protocols in
place, understand what data is at risk and ensure that all stakeholders know their roles and
responsibilities in the event of a security incident.
6. Compliance and Regulations
Different industries operate under various regulatory frameworks, each with different sets of data
protection and privacy mandates. Operationalizing data security in this context means not only
protecting data but also ensuring that protection measures align with legal and regulatory
requirements.
Data security solutions that assist organizations in meeting regulatory and security mandates,
demonstrating control to auditors and implementing zero-trust access are important in addressing
this challenge. By detecting and remedying risks, these solutions help businesses comply with
various privacy regulations, including managing right-to-know, right-to-be-forgotten and breach
notification requests.
7. Constantly Evolving Threat Landscape
Modern data security approaches go beyond static rules or predefined policies. Innovative
analysis methods continuously compare data against its peers to identify anomalies and potential
risks. This stance ensures that as data changes, its protection mechanisms evolve accordingly. AI
models that leverage continuous monitoring and can learn from the data landscape help
organizations address new risks as they emerge.

8. Complexity and Scope
Data security is a multifaceted domain that encompasses a myriad of components, from network
security and access controls to encryption and authentication. Different data types, whether it's
financial records, personal information or proprietary research, have unique security
requirements. Coordinating these diverse components and tailoring security measures to different
data types adds layers of complexity to the operationalization process.
Using advanced machine learning technologies, today's data security solutions autonomously
scan and categorize data, adapting to its growing complexity and scope. They ensure protection
for all data types and locations. Comprehensive analysis provides a complete view of data,
ensuring protection for both structured and unstructured data, whether stored in the cloud or on-
premises.
9. Monitoring and Auditing
Continuous monitoring is essential for keeping a vigilant eye on systems, data access patterns
and user behaviors to detect anomalies or potential breaches. Regular audits are crucial to assess
the effectiveness of security measures and identify areas for improvement. Conducting these
audits, analyzing the results and implementing changes based on findings demand significant
time and expertise.
Modern data security tools offer accurate data classification without manual rules or policies.
With monitoring, these tools quickly identify any discrepancies or risks in data classification.
10. Integration With Existing Systems
Most organizations have a myriad of existing systems, tools and software in place. When a new
data security solution is introduced, it's crucial that the solution integrates seamlessly with
existing infrastructure. Disruptions, compatibility issues or data silos can undermine the
effectiveness of security measures and create vulnerabilities.
Today's data security solutions are designed to integrate smoothly with established frameworks,
such as those for data classification and management. This integration ensures that data
classification is in line with existing security protocols, boosting the overall data protection
strategy.

Hand Note On Mobile and Wireless Security

More Related Content

Similar to Hand Note On Mobile and Wireless Security (20)

Recently uploaded (20)

Hand Note On Mobile and Wireless Security