Are You Inviting Hackers into Your Network?

by Peter Martini, COO iboss Security

It no longer requires high tech tools to hijack an imperiled network.  Are you using a traditional MDM solution?  You could be leaving the backdoor to your network swinging wide open for anyone to slip inside.  For example, when you set the traditional proxy settings on iOS devices to extend web filtering when users are off-premise and allow users to enter their directory credentials to authenticate, you could be exposing the credentials to the public. Even when utilizing HTTPS login on the mobile device, the data is sent in simple encryption.

Cyberdefense-magazine-image

All the thief needs is a receiver, some free software, and about 15 seconds of patience.   ‘Recently, the iboss Mobile Security team identified a network vulnerability when securing tablets and mobile devices with MDM when off-premise. They showed how a hacker could access the network using nothing more than tools you can buy anywhere and free software on the web.  They didn’t even have to download it!  How can this be you ask?

  • Tools are cheap – free even!
  • Takes less than one minute to gain access.
  • Anyone can do it!

It is horrifyingly simple. Once a user inputs his/her username and password, even if it is only once during initial authentication, that information is communicated every time the device connects to the internet and then again it is transmitted to each new site or page visited.  The proxy portion of the request to connect is never encrypted even when accessing an https site because the device still has to handshake with the page in a brief communication.  Usernames and passwords are easy to collect because that information is transferred during the handshake with each and every connection.

Hackers can also see IP addresses and then set themselves up on your network.  With very little patience and some testing, a hacker can find the credentials of your network management staff and with that can hijack the entire network.  The time has passed when this type of simple proxy setting secured a network from even the laziest hacker.  To learn more about how to close this backdoor and secure your network, contact iboss Security at www.iboss.com.

About iboss Security
iboss NxtGen SWG Web Security solutions are highly scalable providing layer 7 granular HTTP, SSL, Threat and Application control across on-premise and mobile devices with dynamically searchable user based reporting. Integrated directory aware Intelligent Bandwidth Management extends network access for BYOD and mobile devices while ensuring mission critical services remain uninterrupted.

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X