The majority of current security measures rely on strong perimeter defenses and rarely employ defense in depth. Even with defense in depth it is not possible to completely protect internal systems. Protocols like SMB or services such as RPC DCOM on Windows require certain ports are servers to be exposed if services are to be used.
TelecommutersTelecommuting has taken on an increasingly important role in many organizations. Increased productivity, flexible scheduling, increased accessibility (i.e. new mothers, people on the road, etc.) and other reasons have swelled the number of remote users. Most organizations have responded to this by implementing VPN solutions that allow remote systems to interface with protected internal systems as if they were local. This has led to a wide variety of problems, the primary one being weak security on "remote" systems that are tied directly into sensitive internal systems. This has led to an increased number of potential avenues for virus infections, worms (such as SQL slammer) and hostile attackers leapfrogging in past firewalls. In some cases companies do not even control the remote end, and cannot enforce basic security measures such as anti-virus software or firewalls.
Wireless LANsWireless LANs, primarily in the form of 802.11X (a, b or g currently) networks are becoming increasingly popular. The cost of hardware has dropped, and manufacturers such as Intel are now including wireless capabilities by default in a number of new chipsets. The result of this is that in a few short years the majority of mobile computing devices (PDAs, laptops, cell phones, etc.) will include wireless LAN capabilities by default, and selectively restricting or disabling their capabilities will be difficult. With a good directional antenna and a powerful transmitter attackers can easily attack wireless networks at long range if they can attain line of site (such as from a neighboring building).
BluetoothBluetooth is a supposedly "short range" wireless protocol for communication between devices such as cell phones, PDAs, laptops and so on. Three classes of Bluetooth devices exist, with "maximum" ranges of 10cm, 100cm and 100M (approximately 330 feet). Class 1 devices with a 100M range can easily be accessed remotely if line of sight, such as a window exists. Since the other two classes have such limited range (10cm and 100cm, about 4 inches and 3.5 feet respectively) it is likely that the majority of higher end Bluetooth items (such as cell phones) will be Class 3 devices with an extremely long range.
The danger of these items will increase as Bluetooth becomes more widely deployed. Many devices such as cell phones, PDAs and laptops currently support Bluetooth, in future virtually any electronic device that needs to connect to another device wireless is likely to support Bluetooth. This will allow laptop users to connect to the Internet via their cell phone without requiring a cable, or to transfer appointment data from a laptop to a cell phone. With widespread deployment it becomes possible for a physically close attacker to connect to Bluetooth devices and exploit them, from there they can leapfrog to other systems or Bluetooth devices.
Cellular phonesThis ain't your daddy's phone. The majority of current phones include network capabilities such as WAP and email/text messages. Newer phones can directly interface with email systems, and process executable content such as Java. High end phones exist that are capable of running office applications and custom programs written in any number of programming languages. Already a wide number of cell phones have been found vulnerable to email and text message based attacks. These problems will only increase as phones handle more and diverse data, from video and image files to GPS and network information retrieval applications; "list the five closest Mexican restaurants". Many of these phones include Bluetooth capabilities so that they can be interface with computers, it is inevitable that attackers will find attacks that allow them to compromise cellular phones and leapfrog from them onto other devices and networks.
The solutionThe solution is actually quite simple in theory. Create a perimeter around each potentially vulnerable system and device. This can range from network switches that support access lists to universal anti-virus software deployments on computers, servers, PDAs, phones and so on. When purchasing technology devices find out not only what security measures they support to keep attackers out, but what features they support to detect attackers once in and what measures exist to keep them in. Parts 2 and 3 will cover detection and resolution of attacks.