Wireless, PDA and Instant Messaging: Achilles' Heel?

Abstract

Half divine, half human, Achilles, the son of a king and a sea goddess, was the greatest warrior of the ancient Greeks. He was fearless, brazen and impulsive. He could turn the tide of great battles simply by appearing on the field. Enraged, he slew mighty Hector at the walls of Troy in Agamemnon's war over Helen's love for Paris. The source of Achilles strength and prowess was supernatural. When he was a baby, his goddess mother doused him in the River Styx to make him immortal. But she overlooked something. Holding him by one of his feet meant that the heel of the foot was not immersed in the dark, mystical current. Therefore, for the rest of his life, Achilles had a serious vulnerability in a seemingly harmless and insignificant place. And, indeed, Paris, his hand guided by Aphrodite, slew him with an arrow that pierced his heel. Well, you could be quite proud and confident about your information security program, and the robust network security defenses that you have built up (e.g., firewalls, intrusion detection, encryption, etc.) and yet, like Achilles, you could be seriously vulnerable to attack in a seemingly harmless and insignificant point in your organization's cyber anatomy. Your weak point could be: a rogue wireless node, or a lost PDA or Blackberry, or even an over-heated Instant Messaging (IM) correspondence. Let's look at some attacks that exploit these technologies, and then explore best practices and tried and true approaches for securing each one of them from global organizations we have worked with.