Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise

Description

Great book on BlackBerry and Mobile Device Security
Blackjacking takes on the task of educating both administrators and management about the threats of mobile devices to their enterprise. I believe this book succeeds in its task and serves as a great reference not only for the blackberry enterprise server (BES) administrators out there but also for the network administrators, help desk personnel, security personnel as well as a book that can aid in the education of the end users. It is written in a tone and dialog that can be useful to the technical reader and non-technical reader and does well digging into the relatively new field of mobile device (especially BlackBerry) security.

The book starts out with a very good overview of the threats to mobile devices (Malware, Direct Attack, Data Communication Interception, Spoofing and Sniffing, and Physical Compromise). It then moves into an excellent overview of the devices that will be covered in the book (BlackBerrys, Pocket PCs, Palm Handhelds, and Cell Phones).
From there each device is covered in depth with “Exploiting the Device”, “Hacking the Supporting Device Infrastructure”, and “Protecting your PC and LAN from the Device.”

The BlackBerry section (which is probably why you are thinking about purchasing the book) does a great job covering the current and future attacks given the fairly limited publicly available research, tools, and code and gives solid advice on setting up your network infrastructure to deal with the growing threat with mobile devices. The vignettes discussing plausible attacks for each attack scenario serve as good feasible examples to think about for your enterprise and users and how to protect your network.

Likes: Discussion of how BlackBerry communications work with your cell phone provider and within a BlackBerry Enterprise Server environment, all the background material on the BlackBerry device, multiple examples (for further research on what is best for your environment) for AV and firewall solutions for each type of device, and seeing attacks on most of the threats in the lab using available tools.

Dislikes: while not in the scope of the book more code examples would be nice (of course it would take away from the usability of the book to “non-technical” people) and the book didn’t list links for the tools and malware discussed (yes I know Google exists).

Overall an excellent book. I purchased the book for my BlackBerry admin (but I read it first) and I think he will find it useful since he is not a “security” guy. It really ties together networking best practices and technologies and while not a “BlackBerry (or mobile device) or network lockdown guide” blackjacking serves as a good reference for further research into AV, firewalls, and VPNs for mobile devices as well as safe methods for allowing those devices entry and access into your network.

TABLE OF CONTENTS:

Chapter 1 Understanding the Threats.

Quantifying the Threat.

The Malware Threat.

Direct Attack.

Data-Communication Interception.

Authentication Spoofing and Sniffing.

Physical Compromise.

Mobile Device Enterprise Infrastructure.

PC and LAN Connectivity.

Fundamental Changes in Security Strategy.

Protecting the Mobile Device Itself.

Enforcing Compliance on the Mobile Device.

Addressing Security Deficiencies Automatically.

Implementing Layered Security.

Controlling and Protecting Data.

Things to Remember.

Chapter 2 Understanding the Devices.

BlackBerrys.

BlackBerry Business Phones.

BlackBerry Handheld Devices.

BlackBerry-Enabled Devices.

Pocket PCs.

Dell Axim Pocket PCs.

HP Pocket PCs.

Palm Pocket PCs.

Motorola Pocket PC.

Palm Handhelds.

Palm Smartphones.

Cell Phones.

Symbian OS Cell Phones.

Non¨CSymbian OS Cell Phones.

Things to Remember.

Chapter 3 Exploiting BlackBerry Devices.

Malware Is Threatening Your BlackBerry.

Analyzing a Malware Attack.

Gathering Information.

Setting Up for the Attack and Covering His Tracks.

Launching the Attack.

Protecting Against This Attack.

Learning about New Vulnerabilities.

BlackBerry Antivirus Software.

Attacking a BlackBerry Directly.

Attacking via IP Address.

Attacking via Malware.

Antimalware Applications.

Enterprise-Grade Firewall with IDS/IPS.

The BlackBerry Firewall.

Ensuring the Device Has the Latest Updates.

Educating Users about Risks.

Intercepting BlackBerry Communication.

What Data Is Being Transmitted?

How Is Data Being Transmitted?

Carrier Internet Access.

Bluetooth.

The BlackBerry Wi-Fi Interface.

Physically Compromising a BlackBerry by Spoofing and Intercepting Authentication.

How Physical Compromise Happens.

Preventing Physical Compromise.

Protecting a Stand-Alone BlackBerry.

Preventing Unauthorized Access.

The Truth About Wiping A Lost or Stolen BlackBerry.

Implementing Content Protection.

Spoofing and Intercepting Authentication.

BlackBerry Security Checklist.

Things to Remember.

Chapter 4 Hacking the Supporting BlackBerry Infrastructure.

Good and Bad: A Conduit to Your LAN.

Understanding the BlackBerry Infrastructure.

BlackBerry Infrastructure Components.

Infrastructure Design Considerations.

Attacking the BlackBerry Infrastructure.

The Attacker¡¯s Side of the Story.

Insecure Server Configuration.

Insecure Topology.

BBProxy.

Things to Remember.

Chapter 5 Protecting Your PC and LAN from BlackBerrys.

Controlling Data Is Critical.

How Companies Lose Control of Data.

How to Control Data.

Create and Communicate a Formal Policy.

Enforce Security Policies with Available Technology.

Threats from BlackBerry-Provided Internet Access.

Internet Attack.

The Attacker¡¯s Side of the Story.

Preventing the Attack.

Stay Up-to-Date with Patches.

Use a Personal Firewall.

Controlling Data Coming from a BlackBerry.

Analyze the Data Coming from the BlackBerry.

Analyze the Data as It Resides on the BlackBerry.

Control Which Devices Can Connect to Your Enterprise PCs.

Things to Remember.

Chapter 6 Exploiting PDAs.

Corrupting Your PDA with Malware.

Backdoor Malware for the Pocket PC.

Other PDA Malware.

PDA Antimalware Programs.

Kaspersky Security for PDAs.

JSJ Antivirus.

Trend Micro Mobile Security.

Symantec AntiVirus for Handhelds.

McAfee VirusScan Mobile.

Targeting a PDA Directly.

Finding a PDA.

Making a PDA Stealthy.

PDA Firewall Applications.

Trend Micro Mobile Security (for PDA).

Airscanner Mobile Firewall (for Pocket PC).

Intercepting PDA Communication.

Surfing the Internet at Public Wi-Fi Hotspots.

Using IM and Checking Email at Public Wi-Fi Hotspots.

Using Virtual Private Networks (VPN) to Secure Data.

PDA Authentication Spoofing and Interception.

Sniffing Email Authentication.

Stealing Credentials with Access Point (AP) Phishing.

Intercepting Authentication via SSL Man-in-the-Middle.

Compromising the PDA Physically.

Controlling Access to the PDA.

Palm PDA Security.

Pocket-PC Security.

Encrypting Data on the PDA.

Palm PDA Encryption.

Pocket-PC Encryption.

Things to Remember.

Chapter 7 Hacking the Supporting PDA Infrastructure.

Connecting a PDA to the LAN Is Good and Bad.

You Get What You Pay For.

Strengthen the Wireless Infrastructure.

Using PDA VPN Clients to Protect the Infrastructure.

Be Smart about Providing Access.

Protect Credentials ¡ª Protect the Infrastructure.

Control Access to Email with VPN Clients.

Things to Remember.

Chapter 8 Protecting Your PC and LAN from PDAs.

Connecting PDAs to Enterprise Resources.

Transferring Data with a Pocket PC.

Transferring Data with a Palm Device.

Why Transferring Data Is a Problem.

PDAs May Be Contagious.

Good Intentions, Bad Results.

Anatomy of an Infection.

Infection by a Pocket PC.

Infection by a Palm Device.

Preventing PDAs from Bringing Malware into the Enterprise.

Ensure PCs Are Using Antivirus Software Properly.

Ensure All PDAs Contain Antivirus Software.

Control Whether PDAs Can Connect to PCs.

Centralized Management Tools for the PDA.

Things to Remember.

Chapter 9 Exploiting Cell Phones.

Cell-Phone Malware.

The King of All Cell-Phone Malware?

FlexiSpy: Trojan or Valid Software?

Other Cell-Phone Malware.

Stopping Cell-Phone Malware.

Trend Micro Mobile Security for Symbian.

Symantec Mobile Security for Symbian.

F-Secure Mobile Security.

Stealing Data via Bluetooth.

Discovering a Cell Phone via Bluetooth.

Attacking a Cell Phone via Bluetooth.

Preventing Bluetooth Attacks.

Intercepting Cell-Phone Communication.

Physical Compromise and Cell-Phone Authentication Spoofing.

A Real-World Example.

Analyzing Physical Tampering.

Preventing Physical Tampering.

Spoofing Authentication with a Cell Phone.

Things to Remember.

Chapter 10 Protecting the Enterprise PC and LAN from Cell Phones.

Cell Phones May Bring in Malware.

How It Happens.

How to Stop the Attack.

Exposing Enterprise Email.

A Creative Way to Access Enterprise Email.

Prevent Email Forwarding.

Exporting Enterprise Data and Clandestine Data Gathering.

Mobile Phone Tools.

Clandestine Information Gathering.

Things to Remember.

http://rapidshare.com/files/47492069/Wiley.Blackjacking.Apr.2007.eBook-BBL.rar.html

http://rapidshare.com/files/47502569/Wiley.Blackjacking.Apr.2007.eBook-BBL.rar

Disclaimer:
Contents of this page are indexed from the Internet. All actions are under your responsability. Email us to report illegal contents or external links and we'll remove them immediately.

Please check the description for download links if any or do a search to find alternative books.

Can't Download?
Please search mirrors if you can't find download links for "Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise" in "Description" and someone else may update the links. Check the comments when back to find any updates.

Search Mirrors
Maybe some mirror pages will be helpful, search this book at top of this page or click here to find more info.

1. Ebooks list page : 1195
2. Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise
3. Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise
4. Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise
5. Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise
6. Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise
7. Daniel V. Hoffman - Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise (Repost)
8. Blackjacking: Security Threats to Blackberry, PDA's, and Cell
9. [request_ebook] Alternate Data Storage Forensics: Raising Digital Fingerprints from iPods, PDAs, Cell Phones, Digital Cameras, and Game Systems
10. [share_ebook] Blackjacking 2008
11. Portable Electronics Product Design & Development : For Cellular Phones, PDAs, Digital Cameras, ....
12. Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security
13. Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security ...
14. Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management C
15. Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures [ILLUSTRATED
16. Java Development on PDAs: Building Applications for Pocket PC and Palm Devices