Effects of Security Policy on Mobile Applications

Previous page
Table of content
Next page


You’ve accomplished what most developers only dream of doing—your application is completely secure. All sensitive data is hidden from the prying eyes of mobile users, you have all of the proper security measures in place, check every user’s identity, encrypt data as needed, and even worked with the administrator to ensure that the firewall and other protection are in place. The fact that you have both a written and a configured security policy in place makes you feel as if your application could take on a world of crackers and come out on the winning end. You’re in the most dangerous position that any developer can be in because it’s too easy to become complacent when everything seems to be going your way.

Here’s one example from a real company (name withheld for the obvious reasons). The company had all of the proper security measures in place, including data hiding for their mobile applications. The lack of information frustrated User A, who depended on his cellular telephone for almost every communication possible. User B decided to help User A by forwarding the sensitive data to User A’s email. The email automatically forwarded the information to User A’s cellular telephone. The security breach could have gone on for years, but the company performed email audits regularly and caught the problem before it became an issue. Theoretically, neither User A nor User B did anything wrong. The company had no policy in place that prohibited one user from sending data to another user in the company’s email. Likewise, the company had no policy in place for forwarding email to a mobile device such as a cellular telephone. The company no longer allows email forwarding—an employee has to take care of company email from within the confines of the company. However, the security breach could have become significant due to the lack of a simple policy—one that no one thought the company actually needed.

Policies, both written and configured, must work with your code to ensure the integrity of your applications and data. Fortunately, developers and network administrators don’t have to do all of the work in this area. Organizations such as the SANS Institute have already compiled template information for policies that you should implement along with your mobile application. See the SANS Security Policy Project (http://www.sans.org/resources/policies/) for details.

Once you have a policy in place, you need to implement best practices for configuration and setup to ensure that your application remains as safe as possible (realizing, of course, that a wireless application is never truly secure). Microsoft has put together an impressive collection of security resources in a white paper titled “Protecting Your Network: Wireless, Firewall, and Perimeter Security” at http://www.microsoft.com/technet/security/prodtech/network/default.asp. These resources discuss issues that I haven’t discussed in this chapter, such as the use of Internet Protocol Security (IPSec) and how to limit your security risk when using Windows features such as Internet Connection Sharing (ICS).


Previous page
Table of content
Next page
.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168
Authors: John Paul Mueller
BUY ON AMAZON
MySQL Stored Procedure Programming
Absolute Beginner[ap]s Guide to Project Management
Building Web Applications with UML (2nd Edition)
Visual C# 2005 How to Program (2nd Edition)
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
InDesign Type: Professional Typography with Adobe InDesign CS2
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy