Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security
gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the
tethered connection and corporate data is stolen. Which of the following would BEST prevent this
from occurring again?
A.
Disable the wireless access and implement strict router ACLs.
B.
Reduce restrictions on the corporate web security gateway.
C.
Security policy and threat awareness training.
D.
Perform user rights and permissions reviews.
Another daft scenario:
As we know “tethering” is the term given to connecting your phone via USB, Bluetooth, or Wi-Fi to your computer and using the Internet connectivity from the phone to provide an Internet connection to the computer.
In here, Sara is quite clearly able to tether her smartphone to her work PC.
Also:
• Sara quite clearly does not mind her data allowance to be eaten away by the Corporate PC. She uses her mobile connection to send/receive emails, transfers files, access remote shared drives, apply Microsoft updates, etc. She must have quite a data plan!
• Sara goes to lunch without her mobile phone, which she leaves till tethered to her corporate PC, consuming more of her apparent inexhaustible data plan
• Sara purposely tethered the corporate PC to her mobile phone in order to light. “bypass the corporate web security gateway while connected to the LAN”
As for the wrong answers:
A- Disable the wireless access and implement strict router ACLs.–Disabling the wireless would affect everyone and Sara still could use her own roaming data to tether
B- reduce restrictions: Quite to the contrary, we want them increased
D- Perform user rights and permissions reviews. —How will this help?
The correct answer is: “C- Security policy and threat awareness training.”
BYOD (In this case Sara’s smart phone) involves the possibility of a personal device that is infected with malware introducing that malware to the network and security awareness training will address the issue of the company’s security policy with regard to BYOD.
Yet, this to my mind does not go far enough and is a very light slap on the wrists.
Sara is quite clearly aware of such rules, and she still purposely tethered her mobile in order to knowingly bypass security.
This means that she is perfectly aware of what the security measures in place actually are.
Sara should instead be raked over the coals and be at the receiving end of a “disciplinary action”.
0
0