Welcome!

Cloud Expo Authors: Yeshim Deniz, Shelly Palmer, Elizabeth White, Liz McMillan, Hovhannes Avoyan

Related Topics: Security, Wireless, SOA & WOA, Web 2.0, Cloud Expo

Security: Article

Online Holiday Sales Have Begun: Have You Secured Your Enterprise Network?

Do employees really need access to the corporate network via their smartphones?

It's that time of the year again. The flood of email alerts showcasing online holiday shopping deals fill the inbox at your office PC, laptops and wireless devices as merchants attempt to lure online shoppers to "click and save" while supplies last. In fact, reports show that this year's "holiday shopping" deals have already started as retailers attempt to stretch the holiday shopping season - to begin even earlier than Black Friday.

According to a recent report in Time, Booz & Co. chief retail strategist, Thom Blischok states. "We're not going to see a huge increase in sales growth for Black Friday this year....What we do expect is a lot of ‘showcasing' on Black Friday. Shoppers will check things out in stores, electronics especially, but then purchase online on the Monday after. Cyber Monday sales will explode this year."

While this is good news for merchants, it can become a virtual nightmare for corporate network administrators. With millions of online shoppers turning their office PCs, laptops, and wireless devices into online shopping carts, they hog valuable network bandwidth meant for corporate applications such as e-mail, SAP, Salesforce, and other business-critical applications.

The onslaught of personal smartphones and tablets connecting to corporate networks fully capable of performing browser-based shopping are further affecting normal business operations. According to ABI Research, more than 36 percent of consumers own at least three wireless devices. eCommerce merchants now alert wired consumers with daily deals almost instantly via mobile marketing. This surge has placed greater demands on network monitoring solutions as the mobile device market continues to grow at an astounding rate of five billion subscribers worldwide.

Most organizations allowing employee-owned devices onto their corporate networks (73% according to Aberdeen) find it not only drains their bandwidth, but also opens up severe internal security threats to proprietary information stored on the network. Employers assume this as increased productivity for employees armed with mobile devices and cost savings for hardware not purchased by the corporate office as most employees (54 percent, according to Yankee Group) demand to use their own devices at work.

According to IDC Research, however, 30-40 percent of Internet use in the workplace is non-business related. Vault.com found 37 percent of workers admit to surfing the Web constantly at work for personal interests. This underscores the need for mobile device traffic monitoring. How can network admins monitor employee internet usage and take corrective action?

Companies can easily set guidelines for network traffic monitoring to safeguard against employees armed with BYOD - especially during high traffic holiday shopping/sale months - in a few easy steps.

MAC Addresses and Mobile Devices
The old and sort of cumbersome way is to monitor the unique MAC addresses that are used by each smart mobile device that accesses an Ethernet network. The 6 byte (i.e., 48 bit) MAC address is generally in two parts: The first 3 bytes are the MAC Address vendor ID generally shared by hundreds or even tens of thousands of devices produced by the manufacturer; the second set of three bytes are unique to the device.

A 48-bit Ethernet MAC address has two components, each of which is 24 bits:

*24-bit Organizational Unique Identifier (OUIIEEE regulates the assignment of OUI numbers. Within the OUI, the two following bits have meaning only when used in the destination address:

  1. Broadcast or multicast bit - indicates to the receiving interface the frame is destined a group of end stations on the LAN segment.
  2. Locally administered address bit - normally combines OUI and a 24-bit station address. This is universally unique; however, if the address is modified locally, this bit should be set. Some vendors like Apple set this bit automatically.

Generally, the MAC address is not changed by the end user, thus dynamic IP addresses are often not used to track or report on mobile phone devices. Organizations using NetFlow and IPIX can in fact track these MAC addresses.

MAC Addresses and NetFlow
Traditional flow data (e.g., NetFlow v5) exports IP addresses, but not MAC addresses. NetFlow v9 and IPFIX introduce the ability to export any information on the router including MAC address.

A reliable Network Traffic Analyzer can be used to report to report on NetFlow and IPFIX. The NetFlow Analyzer should offer a filtering architecture to allow traffic analysts to include or exclude portions of MAC addresses. If the administrator wants to narrow a particular vendor (e.g., 00.00.0c) or the iPhone (e.g., 60:33:4b, 64.b9.38, etc.), a reporting tool can filter on these vendor IDs. Once vendor IDs are added to the report, the type can be changed to view different reports. For example, the top domains these mobile devices are visiting can be obtained if the router, switch, or firewall exporting the NetFlow or IPFIX includes URL information. The IT manager can often click on the domain (e.g. facebook.com) and look at URLs visited with mobile device.

Tracking BYOD
By forcing users to authenticate all devices onto the network and agreeing to an operating system scan, network administrators can maintain an active inventory of who (i.e., username) authenticated onto the network and with what type of device. Detailed reports can be run on the volume of iPhones, Androids, Blackberries, iPads, etc. that have authenticated onto the network. Since the MAC address is obtained from every authenticated device, it can be cross referenced with the NetFlow and IPFIX received to look at traffic patterns. This is a much more scalable solution and less error prone approach than the traditional track-down-all-the-mac-addresses approach.

Smartphones: Network Security Challenge
Allowing smartphone access to corporate resources often requires adapting new corporate mobile strategies and policies. Many companies provide VPN access to the corporate network from computers when working remotely. While VPNs offer a secure connection by encapsulating data, many smartphones don't support them (e.g., iPhone). This is partly because the hardware doesn't have the processing power to keep up with encryption processes on-the-fly. Due to pressure from management and remote users, VPN enforcement is often lax. Most employees obtain corporate access from any public network, which includes public places like local coffee shops. This opens Pandora's Box when it comes to security threats.

Smartphones are an ideal tool for cybercriminals to push their malware, viruses, worms and other threats onto corporate networks. With many important titles, email addresses and phone numbers sitting on just about every network-capable mobile phone, stealing confidential emails or pushing botnets onto the company network is easier with traditional security measures put aside in favor of easy remote access. With smartphone synchronization, infection can easily migrate onto a PC - a Trojan horse method that infects the PC could provide access to the corporate network. On the other hand, the data carried on smartphones can be targeted through malware on PCs.

Direct Attacks on the Mobile Phone
Some employees try to increase the security of their phone with special anti-theft software or by encrypting their memory card. These solutions are aimed at making data protected from physical attacks. However, those are done by pickpockets, who are less interested in the mobile phone content than reusing or reselling the device.

Cybercriminals do care about sensitive information stored on smartphones, but they don't need physical access to the phone to retrieve it. Rather, they will exploit any vulnerability - for instance in the phone's Web browser (such as the WebKit vulnerabilities on Android phones) - or use social engineering tricks to install malware on the phone. Once the phone is infected, it's easy for the cybercriminal to access any data on the device. In those cases, the locks are useless and the memory card is dynamically decrypted when used.

Businesses must add employees to the corporate network easily and cost-effectively while maintaining desired security levels and remote management capabilities. Traditionally, the RIM BlackBerry Enterprise Server (BES) has been the gold standard among organizations with corporate-liable policies, providing sophisticated security and management capabilities.

However, smartphones like Androids and iPhones are becoming more popular, and some organizations feel obligated to embrace these as part of the employee-owned smartphone strategy. These are also supporting minimum security requirements, like timed-lock and remote wipe in the case of a lost or stolen handset. Some mobile apps, like Touchdown for Android, provide Exchange ActiveSync capabilities that support security policies to ensure security of the corporate data on the smartphone. Clearly, organizations need to rethink their mobile Smartphone strategies and take into account the proliferation of employee-owned smartphones.

Setting up single sign-on is another strategy that could be implemented on corporate networks. However, as of today, it's not supported on the iPhone. Whatever the decision, a careful evaluation of mobile devices accessing the network needs to be executed.

Ultimately, the question is: Do employees really need access to the corporate network via their smartphones? If they are provided access, then IT must secure the network to make sure the onslaught of online holiday shopping and sales offerings don't turn the season to "nightmare" before Christmas for the network bandwidth.

So, this holiday season, stay safe out there and don't forget to drive safe - on the road and in cyberspace.

More Stories By Michael Patterson

Michael Patterson, is the founder & CEO of Plixer and the product manager for Scrutinizer NetFlow and sFlow Analyzer. Prior to starting Somix and Plixer, Mike worked in a technical support role at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix and Plixer.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Cloud Expo Latest Stories
14th International Cloud Expo, held on June 10–12, 2014 at the Javits Center in New York City, featured three content-packed days with a rich array of sessions about the business and technical value of cloud computing, Internet of Things, Big Data, and DevOps led by exceptional speakers from every sector of the IT ecosystem. The Cloud Expo series is the fastest-growing Enterprise IT event in the past 10 years, devoted to every aspect of delivering massively scalable enterprise IT as a service.
As more applications and services move "to the cloud" (public or on-premise) cloud environments are increasingly adopting and building out traditional enterprise features. This in turn is enabling and encouraging cloud adoption from enterprise users. In many ways the definition is blurring as features like continuous operation, geo-distribution or on-demand capacity become the norm. NuoDB is involved in both building enterprise software and using enterprise cloud capabilities. In his session at 15th Cloud Expo, Seth Proctor, CTO at NuoDB, Inc., will discuss the experiences from building, deploying and using enterprise services and suggest some ways to approach moving enterprise applications into a cloud model.
Until recently, many organizations required specialized departments to perform mapping and geospatial analysis, and they used Esri on-premise solutions for that work. In his session at 15th Cloud Expo, Dave Peters, author of the Esri Press book Building a GIS, System Architecture Design Strategies for Managers, will discuss how Esri has successfully included the cloud as a fully integrated SaaS expansion of the ArcGIS mapping platform. Organizations that have incorporated Esri cloud-based applications and content within their business models are reaping huge benefits by directly leveraging cloud-based mapping and analysis capabilities within their existing enterprise investments. The ArcGIS mapping platform includes cloud-based content management and information resources to more widely, efficiently, and affordably deliver real-time actionable information and analysis capabilities to your organization.
In his session at 15th Cloud Expo, Mark Hinkle, Senior Director, Open Source Solutions at Citrix Systems Inc., will provide overview of the open source software that can be used to deploy and manage a cloud computing environment. He will include information on storage, networking(e.g., OpenDaylight) and compute virtualization (Xen, KVM, LXC) and the orchestration(Apache CloudStack, OpenStack) of the three to build their own cloud services. Speaker Bio: Mark Hinkle is the Senior Director, Open Source Solutions, at Citrix Systems Inc. He joined Citrix as a result of their July 2011 acquisition of Cloud.com where he was their Vice President of Community. He is currently responsible for Citrix open source efforts around the open source cloud computing platform, Apache CloudStack and the Xen Hypervisor. Previously he was the VP of Community at Zenoss Inc., a producer of the open source application, server, and network management software, where he grew the Zenoss Core project to over 10...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity. In his session at Internet of @ThingsExpo, Mac Devine, Distinguished Engineer at IBM, will discuss bringing these three elements together via Systems of Discover.
Cloud and Big Data present unique dilemmas: embracing the benefits of these new technologies while maintaining the security of your organization’s assets. When an outside party owns, controls and manages your infrastructure and computational resources, how can you be assured that sensitive data remains private and secure? How do you best protect data in mixed use cloud and big data infrastructure sets? Can you still satisfy the full range of reporting, compliance and regulatory requirements? In his session at 15th Cloud Expo, Derek Tumulak, Vice President of Product Management at Vormetric, will discuss how to address data security in cloud and Big Data environments so that your organization isn’t next week’s data breach headline.
The cloud is everywhere and growing, and with it SaaS has become an accepted means for software delivery. SaaS is more than just a technology, it is a thriving business model estimated to be worth around $53 billion dollars by 2015, according to IDC. The question is – how do you build and scale a profitable SaaS business model? In his session at 15th Cloud Expo, Jason Cumberland, Vice President, SaaS Solutions at Dimension Data, will give the audience an understanding of common mistakes businesses make when transitioning to SaaS; how to avoid them; and how to build a profitable and scalable SaaS business.
SYS-CON Events announced today that Gridstore™, the leader in software-defined storage (SDS) purpose-built for Windows Servers and Hyper-V, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Gridstore™ is the leader in software-defined storage purpose built for virtualization that is designed to accelerate applications in virtualized environments. Using its patented Server-Side Virtual Controller™ Technology (SVCT) to eliminate the I/O blender effect and accelerate applications Gridstore delivers vmOptimized™ Storage that self-optimizes to each application or VM across both virtual and physical environments. Leveraging a grid architecture, Gridstore delivers the first end-to-end storage QoS to ensure the most important App or VM performance is never compromised. The storage grid, that uses Gridstore’s performance optimized nodes or capacity optimized nodes, starts with as few a...
SYS-CON Events announced today that Solgenia, the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between personal and professional social, mobile and cloud user experiences, our solutions help large and medium-sized organizations dramatically improve productivity, reduce collaboration costs, and increase the overall enterprise value by bringing collaboration and infrastructure solutions to the cloud.
Cloud computing started a technology revolution; now DevOps is driving that revolution forward. By enabling new approaches to service delivery, cloud and DevOps together are delivering even greater speed, agility, and efficiency. No wonder leading innovators are adopting DevOps and cloud together! In his session at DevOps Summit, Andi Mann, Vice President of Strategic Solutions at CA Technologies, will explore the synergies in these two approaches, with practical tips, techniques, research data, war stories, case studies, and recommendations.
Enterprises require the performance, agility and on-demand access of the public cloud, and the management, security and compatibility of the private cloud. The solution? In his session at 15th Cloud Expo, Simone Brunozzi, VP and Chief Technologist(global role) for VMware, will explore how to unlock the power of the hybrid cloud and the steps to get there. He'll discuss the challenges that conventional approaches to both public and private cloud computing, and outline the tough decisions that must be made to accelerate the journey to the hybrid cloud. As part of the transition, an Infrastructure-as-a-Service model will enable enterprise IT to build services beyond their data center while owning what gets moved, when to move it, and for how long. IT can then move forward on what matters most to the organization that it supports – availability, agility and efficiency.
Every healthy ecosystem is diverse. This is especially true in cloud ecosystems, where portability and interoperability are more important than old enterprise models of proprietary ownership. In his session at 15th Cloud Expo, Mark Baker, Server Product Manager at Canonical/Ubuntu, will discuss how single vendors used to take the lead in creating and delivering technology, but in a cloud economy, where users want tools of their preference, when and where they need them, it makes no sense.
The 15th International Cloud Expo has just expanded its conference program, to bring together Cloud Computing, APM, APIs, Security, Big Data, Internet of Things, DevOps and WebRTC at one location. Cloud Expo is the single show where delegates and technology vendors can meet to experience and discuss the entire world of the cloud. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to learn about the latest technology developments and solutions.
SYS-CON Events announced today that Bsquare Corporation, a leading enabler of smart connected systems, has been named “Bronze Sponsor” of SYS-CON's Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Bsquare is a global leader of embedded software solutions. We enable smart connected systems at the device level and beyond that millions use every day and provide actionable data solutions for the growing Internet of Things (IoT) market. We empower our world-class customers with our products, services and solutions to achieve innovation and success.
SYS-CON Events announced today that NuoDB, Inc., the leader in webscale distributed database technology, has been named “Bronze Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. NuoDB was launched in 2010 by industry-renowned database architect Jim Starkey and accomplished software CEO Barry Morris to deliver a webscale distributed database management system that is specifically designed for the cloud and the modern datacenter.