The Need to Increase Mobile and Homeland Security

Mobile Application Architecture

With the increasing numbers of mobile applications and flexibility of mobile devices, it’s beginning to make more sense to push towards fully functioning on the go, designing a mobile application that will allow employees to push the envelope without pulling out a huge laptop. Our sales force will be more app to use and app, versus plugging in a laptop. Since we’ve released our android and apple products to all of the sales team, moral and sales have increased by 30%. This proposal will boost our company and salesforce leaps and bounds above our competitors.

The software isn’t just your tradition interface to the company portal, this is a fully functional production tool. The application will be called, pending approval Production+. Though we are one of the largest wine distributers in the nation it’s key to lead not only with production but innovation. We are currently using IPad and iPhones for our sales force so they will be the first one who will field the application for real time production test. These devices are powered on the Verizon service, voice and data capable. We will use their network and work with several other partner companies to help us complete this ground breaking tool.

Security protocols can be implemented to encrypt the data transmitted from mobile devices and prevent unauthorized access to confidential data. Cyber Security Division of the Department of Homeland Security (DHS) focuses on mobile internet infrastructure security by 'developing security protocols for the existing Internet infrastructure (browsers and routers, essential to daily Internet operation) so that users are not redirected to unsafe websites or pathways by malicious actors' (U.S. Department of Homeland Security, n.d.)

The weakest point within any system is often the end-user. It comes as no surprise therefore that a large percentage of security breaches over the last decade have come from the inside of an organization, often unknowingly by the user. Either through careless actions or by deliberate intent, this is something that should be considered first and foremost in securing an OS. The application won’t allow for as many issues as a typical web based connection to an in-house server (Carnaghan, n.d.) Threats or vulnerabilities to network security can be broadly classified into three categories: accidental disclosures, deliberate penetrations, and physical attacks (Ware, n.d.) Accidental disclosures can occur due to hardware/software failures, or improper actions of users with access to secure data. Deliberate penetrations can happen because of active infiltration by insiders who are authorized to access confidential data. Physical attacks refers to risks posed on physical infrastructure or environment, usually by outsiders. The network protocols that are being used will be used once the application connects through a VPN connection are, https, UDP, FTP,SFTP. When working with our partner companies to stream images and commercials of merchandise or transmitting a sales sheet, having this information on the go will change the sales force (Ware, n.d.)

Since the devices are set with multiple means to help with authentication we will use these methods in addition to the traditional password. We will use two level authentication that will allow access to the application. The device will have password and fingerprint to access the device set to the user, with the fingerprint being the primary access with the pin as backup. None of the smart devices security will be altered. The application will not be used on Wi-Fi to secure the application and not allow it to be used on Wi-Fi unless there is a manual override because of service issues. The devices application store will not have the application upon release we will manually push it to the devices with our management software since they are company devices (FCC, 2015.)

Due to the growing numbers of mobile applications and mobile devices being more flexible, it is best to create mobile applications to be fully functioning during everyday use. It will benefit the public to create a mobile application in which there is no need to utilize an oversized laptop. Releasing products to an entire sales team will increase their sales. Also, it will increase my company’s numbers causing competitors to fall below.

This software will be a fully efficient production tool. Even if my company is leading in the industry, it is essential to keep my products modernize. In order to complete the test, it is important to choose a cell-phone company to utilize its’ network. To encrypt information that is spread between mobile devices, safety protocols are executed. This keep the confidentiality of the information from unauthorized personnel. The Cyber Security Department of the Department of Homeland Security developed safety protocols for internet infrastructures, so users are not exposed to threats or insecure websites (U.S. Department of Homeland Security, 2017) Usually the end-user is the weakness part of a system. The vast amount of security breaches came from the inner part of an organization. That is essential when protecting an Operation System. The application will decrease the problems when connecting a web based to a house server (Carnaghan, 2017).

Accidental disclosure, deliberate penetrations, and physical attacks are vulnerabilities to a network (Ware, 2017). Accidental disclosure happens from hardware/software crashes and malicious decisions of a user that has full access to protected information. Deliberate penetrations happen when accessed daily by authorized users that has access to discrete information. Physical attack are the dangers modeled by users on physical infrastructure or environments. HTTPS, UDP, FTP, SFTP are the networks protocols that are utilized when the application connects through a VPN connection.

Due to the devices having various ways of benefiting with authentication, using the traditional password method would be utilized. Using a two-level authentication will allow the application to be accessible. The device will be protected by a password and fingerprint to allow access. The application would not be used over Wi-Fi unless a manual override is inputted because of the service problems. The application will be manually put into devices with the primary software on company devices (FCC, 2015).

Application Requirements

The sales representatives that will use this application, will increase their efficiency and production at each location they visit. Having the ability to have all the vendor information and sales of each product with ad’s can help them market and show projected sales and more. Even being able to process new orders and product displays on the fly can help them sell the product and give a new comfort level to the business owner.

The data from other companies is connected to cloud based servers that will allow inter-connectable operations with minimal downtime from server redundancy through a major provider like amazon. For cloud storage backup data and information exchange, done through a cloud provider allow all the companies to interact copying a directory to the cloud as a backup that will be used for the mobile application. This is more an order system that allows the salesperson the ultimate control of their transaction. There will be no personal data that will overlap with any corporate or partner company data. The only material that it will allow to import from the phone is geographic location and contact information (NIST, 2005)

Remote connectivity to all of the components that help the sales person is done through a VPN. A mobile virtual private network (VPN) “is a virtual network, built on top of existing physical networks, that can provide a secure communications mechanism for data and other information transmitted” between a mobile device and network (NIST, 2008). Mobile VPNs protect the confidentiality, integrity, access, and availability of sensitive data and are always connected, although the networks and locations may change. Mobile VPNs differ from other VPNs, including secure sockets layer (SSL) VPNs, which connect users to web browsers and IPsec VPNs which connect fixed endpoints (NIST, 2008 and NIST, 2005).

Threats

No matter how secure a system is, there will always be a vulnerability with the software or equipment. Staying proactive in this approach with system maintenance and patches is key to protecting against known vulnerabilities. There are a list of threat agents that have been calculated into the build of our application that we’ve prepared for and can be broken into two categories, human interaction and automated programs.

Human interaction leaves plenty of chance in the users hand, here are some of the issues that may arise do to human interaction/error. Stolen Device User: A user who obtained unauthorized access to the device aiming to get the memory-related sensitive information belonging to the owner of the device. Once the application hasn’t been used for 5 consecutive minutes or phone has locked, it will ask for the fingerprint in order to continue. Owner of the Device: A user who unwillingly has installed a malicious phone application that gains access to the device application memory. This feature isn’t going to affect our operations because we manage phone with our mobile Iron application, which disables the usage of unapproved apps, and pushes all required software to the device. Organization Internal Employees: Any user who is part of the organization (may be a programmer/admin/ user/ etc.), anyone who has privileges to perform an action on the application. There are very few rights given to certain administrators that needs approval by an additional administrator, two parties must authenticate (Umuc, 2016.)

Automated programs that don’t require much interaction from the user are a threat as well, these threats may take place without it even being detected. Malware on the device: Any program/mobile application that performs suspicious activity. It can be an application that is copying real-time data from the user’s device and transmitting it to any server. This type of program executes parallel to all the processes running in the background and stays alive, performing malicious activity all the time, which can steal text messages and browsing history. We’ve designated all devices as work devices and policy has been set that limits usage to preapproved sites sales representative would visit, vendor websites, order sheets, etc. Malicious SMS: An incoming SMS redirected to trigger any kind of suspicious activity on the mobile device. There are multiple services that keep running in the background. Each of these services has listeners which might be active to listen for the content of an incoming SMS. An SMS message may be a sort of trigger for the service to perform some suspicious activity. This will be handled on a case by case basis and if suspicious messages are sent the I.T. department will be notified as soon as possible. Malicious App: Failure to detect malicious or vulnerable code and the likelihood of a compromise or attack against the app store itself, potentially turning legitimate code into hostile things including updates and new downloaded apps. Since the app store will be limited to preapproved apps, this won’t be much of an issue, all required applications will be pushed to each device, as well as updates (Umuc, 2016.)

Spoofing and tricking are synonyms. To fully comprehend a spoofing attack, you must study the IP packet construction in detail. Majority cyber-attack start from errors within the fundamental network designs. The attacker construct IP packets that highlights a location, but the source IP field is changed to cover the attacker’s computer and IP address (Phatak, 2016.).

Initially, your network must be hidden. Sniffing can cause a greater chance of an attacker gaining more information on a particular computer. It could lead to open ports, operating systems, and cryptography being accessed. For example, a spoof can be sent by an attacker to know if they are utilizing a web server. When the port data is revealed, other spoof packets can be delivered to start a telnet session, and analyze web server headers. That could result in the Operating System and safety support information being revealed (Phatak, 2016.).

Some ways of spoofing are IP port spoofing, ARP poisoning and DNS spoofing. IP port spoofing is utilized to bypass the NAT devices, firewalls, and move deeper within a network. If you do not watch the firewall, it will leave outdated guidelines and that will make outgoing ports susceptible to attacks. ARP poisoning are packets that are delivered to a LAN to attack an IP of a particular host. Because of the binding and MAC address, it would be classified as a man-in-the-middle attack. Attackers can discretely send data to a particular destination and no information would be misplaced. DNS spoofing effects the main name server and it changes DNS entries into the attackers IP address. This will send an email and web traffic to the attacker. Websites can be ruined, and email information can be lost. This leads to email and web spoofing. This impersonation is possible be generating a false email, web address, or hyperlink. This procedure is initiated by implanting a virus, inserting a denial of service attack, and keeping the attacker discrete (Phatak, 2016.).

Methods of Attack

Spoofing, by definition, means to imitate or trick someone. To understand the spoofing attack, we need to examine the IP packet structure in detail. Many cyber-attacks stem from design flaws in the fundamental network designs; packet spoofing is no exception. The hacker creates IP packets targeting a location, but the source IP field is altered to hide the hacker’s computer and, the computer can be used as a data collector or sniffer by the hacker (Phatak, 2016).

Hiding on the network is the first step in the process, by sniffing the hacker can gain a lot more information about the target computer. It can reveal information such as open port, operating system, cryptography types used, layer 7 applications etc., without revealing their identity. Just as an example, a hacker can send a spoofed packet to find out if the target is running a Web server. Once the port information is revealed on the sniffer, another chunk of spoofed packets can be sent to the target to establish a telnet session, and check Web server headers, which would reveal OS information as well as the type of Web server and security support information (Phatak, 2016.)

Here are a few different methods of spoofing that are commonly used by hackers to gain unauthorized access to remote devices. IP port spoofing is used to cheat the NAT devices and fire walls and hide deeper in the network. A poorly managed firewall that leave old rules in action can leave certain outgoing ports open for an attack. ARP spoofing or ARP poisoning is sent packets on a LAN to attack a target IP of another host. Due to the binding IP address and the MAC address, this would be considered a local Man in the middle attack. Attackers can forward information to the intended destination and no data would be lost, making them almost impossible to discover. DNS Spoofing or poisoning is a critical attack that effects the domain name server, spoofing alters DNS entries to the hacker’s IP address. This will send web as well and email traffic to the Hacker. Websites can be defaced and email data can be stolen. Which leads to email and web spoofing, taking the previous a step out of the equation yielding similar results. This impersonation is done by creating a fictitious email, web address, or hyperlink. This process is started by planting a Trojan or virus, embedding a denial of service attack, keeping the attacker completely concealed (Phatak, 2016.)

Controls

Securing the network and devices are key to our success. Some of the controls that have been put in place have been discussed while describing the threats but here are the controls that will increase the likelihood of a breach free environment. In many cases, criminals will get inside a network thanks to one of your employees clicking on a line in an email or using a poor password. It is important to stay updated on the latest scams that are going around and to keep your employees aware of the scams, as well. Creating an internal Policy that incorporates strong password policy and two factor authentication is the baseline to security, changing passwords every 90 days (Manning, 2015.)

Keeping devices updated to fight against known vulnerabilities is very important. Operating systems, antivirus software, web browsers and firewalls, intrusion detection systems (IDS), ignoring any of these essentially leaves cracks in the defense system. The usage of ad blockers and encrypting all data will aid in protecting each device. HTTP open session’s time out, TCP time out will be set at a reasonable time that will be agreed upon. The firewall will be set to prevent HTTP threads from spawning for attack packets. (Manning, 2015.)

Increasing the awareness in employees is one of the most cost effecting method of preventing cyber-attacks. Today, only 58 percent of U.S. mid-size companies train employees on cybersecurity. It is critical to understand that cyber-attacks can occur just by a cybercriminal having access to an employee laptop. This is why it’s imperative for our company to implement privacy/security training. Training for new employees is mandatory before gaining access to the information. Current employees must complete the training and are require to complete the training twice per year (Manning, 2015.)

Using tools like Wireshark or other protocol analyzers will aid us in identifying suspicious/malicious network activity. Maintaining a proactive approach to security is the only approach is the only way to stay current with this ever changing aspect of computing. Also the IDS will present suspicious or malicious activity and alert for activity that has been selected to be specified.

User security is a priority, whether it be a customer or a sales person, personal information will be secured using the two factor authentication method. When trying to access our enterprise email fingerprint or pin can be used to access. When a customer is trying to input new data the sales rep with have to authenticate the transaction with fingerprint before transmission is allowed.

Knowing how critical this application will be to the future success of this company is key to how important it is for us to precede with the delivery to all of our sales force. There will be a 3 tier release of the program, starting with the sales managers, once their process of testing and reliability in reference to oversight of operations. The sales force will have select users from each manager’s team to field test the application. The final release with be a mass release to all sales representatives. We look forward to the decision of the board.