US-CERT Cyber Security Tip ST05-017 -- Cybersecurity for Electronic Devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                       Cyber Security Tip ST05-017
                   Cybersecurity for Electronic Devices

   When you think about cybersecurity, remember that electronics such as
   cell phones and PDAs may also be vulnerable to attack. Take
   appropriate precautions to limit your risk.

Why does cybersecurity extend beyond computers?

   Actually,   the   issue  is  not  that  cybersecurity  extends  beyond
   computers;  it is that computers extend beyond traditional laptops and
   desktops.  Many electronic devices are computers--from cell phones and
   PDAs  to  video  games  and  car  navigation  systems. While computers
   provide  increased features and functionality, they also introduce new
   risks.  Attackers may be able to take advantage of these technological
   advancements  to  target  devices  previously  considered  "safe." For
   example,  an  attacker  may  be  able to infect your cell phone with a
   virus,  steal  your  phone  or wireless service, or access the data on
   your  PDA.  Not  only  do  these activities have implications for your
   personal information, but they could also have serious consequences if
   you store corporate information on the device.

What types of electronics are vulnerable?

   Any  piece of electronic equipment that uses some kind of computerized
   component is vulnerable to software imperfections and vulnerabilities.
   The  risks  increase  if  the device is connected to the internet or a
   network  that  an  attacker  may  be  able  to access. Remember that a
   wireless connection also introduces these risks (see Securing Wireless
   Networks  for more information). The outside connection provides a way
   for  an  attacker  to  send information to or extract information from
   your device.

How can you protect yourself?

     * Remember  physical  security  - Having physical access to a device
       makes it easier for an attacker to extract or corrupt information.
       Do not leave your device unattended in public or easily accessible
       areas (see Protecting Portable Devices: Physical Security for more
       information).
     * Keep  software up to date - If the vendor releases patches for the
       software  operating your device, install them as soon as possible.
       These patches may be called firmware updates. Installing them will
       prevent  attackers  from  being  able  to  take advantage of known
       problems  or  vulnerabilities  (see Understanding Patches for more
       information).
     * Use good passwords - Choose devices that allow you to protect your
       information   with   passwords.  Select  passwords  that  will  be
       difficult  for  thieves  to guess, and use different passwords for
       different  programs  and  devices  (see  Choosing  and  Protecting
       Passwords  for more information). Do not choose options that allow
       your computer to remember your passwords.
     * Disable  remote  connectivity  - Some PDAs and phones are equipped
       with wireless technologies, such as Bluetooth, that can be used to
       connect  to  other  devices or computers. You should disable these
       features  when  they  are  not in use (see Understanding Bluetooth
       Technology for more information).
     * Encrypt  files  - Although most devices do not offer you an option
       to encrypt files, you may have encryption software on your PDA. If
       you are storing personal or corporate information, see if you have
       the  option  to encrypt the files. By encrypting files, you ensure
       that  unauthorized  people  can't  view  data  even  if  they  can
       physically  access it. When you use encryption, it is important to
       remember  your  passwords  and  passphrases; if you forget or lose
       them, you may lose your data.
     _________________________________________________________________

     Authors: Mindi McDowell, Matt Lytle
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-017.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSKxD63IHljM+H4irAQIuXQf+JgW5XZr/YIPmzIAaWfh3x/MiH0l4bONv
JbVogx9e1K7TpwzwGMyMoBDL6I+1kI5SviBgFxvFLlBNQPDeZF8i31KQv4vn/ZWY
Qq/hH2hBN2hUdvpIXCFEGBMJcEDbUDNkoiEM/mSLrK5W795Vc1vJ+eMK24OcrffH
nyI45hSpw952J/bvNFMolG3Vy9o7xslpZ4qeHZDgHFqFezUYSfZdwqXPXdDnoCD9
9eNAk3USwkY95p3rrPmCNdzenE7moqIS5XmYymTkPQHMS9YOfbCZxlvTz0wf7TZn
Pftp4yvEuSTDNY3Uu21mCzP/cfqkOwriJosVdQiFB11YBJxtlmrGHQ==
=3N6X
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux