Virtual Office (Mobile User) Security Previous Screen Ralph R

83-02-16 Virtual Office (Mobile User) Security Previous screen Ralph R. Stahl, Jr. Payoff When attempting to ensure virtual office integrity, confidentiality, and availability for its mobile users, each organization's business and technology requirements may be different. Therefore, this article suggests a framework for achieving these objectives rather than a single approach. It addresses what must be considered and provides information about solutions and options.

Introduction Information technology professionals today are unsure of themselves in a strange new environment. However, end users are telling security practitioners that they can no longer perform optimally and beat the competition if their access to information and processing power is restricted by the mainframes in the corporate data center. The days when security practitioners arrived at the office to find a stack of computer printouts on their desks are gone. Paper has been replaced by computers on the desktop in the environmentally correct and secure office. In addition, users today expect to be able to connect their notebooks by modem from any location to the server at headquarters. Tomorrow, mobile users may expect connectivity for their notebooks in the air as they fly and on the ground as they drive to their next destination. The business traveler may anticipate that all applications will behave in exactly the same manner on the road as in the office. Large companies like AT are encouraging employees to telecommute for three major reasons: á State and local governments are requiring companies to take action to reduce air pollution and traffic congestion. á Office sharing allows companies to reduce their real estate expenses. á Telecommuting benefits employees by allowing them more flexibility in managing their professional and personal lives. LINK Resources Corp., a New York City consulting firm, reports that Americans bought for home use a record 5.85 million microcomputers last year. One out of three American households already has a microcomputer. BIS Strategic Decisions estimates that 45 million workers in the United States are considered part of the mobile work force. Other surveys estimate that, in addition to the time spent in the office, the average white collar worker spends six hours a week working at home. Against this backdrop, the challenge for the application developer is to develop systems that may be used in any environment. The information architecture for the enterprise must also accommodate many methods of remote connectivity (i.e., dial-up, Integrated Services Digital Network [ISDN], Cellular Digital Packet Data [CDPD], Internet, wireless, video, and image transmission)in addition to the traditional local area network and Wide Area Network connectivity. This article is divided into four major sections: availability and continuity; integrity; confidentiality; and new technology considerations, which briefly reviews the security implications for some of the emerging technologies. The architectural model of the security services in Exhibit 1 provides a high-level view of the interdependence of identification and authentication, authorized privileges, availability, continuity, integrity, and confidentiality in providing a trustworthy environment that supports nonrepudiation and mobile power Previous screen user security.

Model of Security Services

Availability In this article, availability is defined as the assurance that an authorized user's access to an organization's resources will not be improperly impaired. Achieving such assurance involves properly categorizing information privilege keys and ensuring that the mobile user's authorized privileges are properly associated with these privilege keys. Availability also involves physical considerations(e.g., theft prevention, device identification, mobile uninterrupted power supply), notebook connectivity (e.g., a power source, telephone communications tools), and miscellaneous toolkit necessities.

Scheduling Considerations Information availability is an operations scheduling issue, although some organizations believe that all availability needs are covered by their business resumption practices. The security practitioners must be aware of the need to maintain operational schedules. If the backup and batch processing is scheduled to end at a precise time so that the online or remote Transaction Processing may start, then the credibility of the central staff to meet their commitments to the field are tested every day. Although capacity planning is not a security issue, the complete information protection plan will make sure that the topic is adequately addressed by the appropriate operational staff members.

Physical Considerations Concerns associated with the desktop microcomputers in the corporate office also apply to notebooks for the mobile user. However, with respect to mobile computing, security practitioners may need to be more creative to achieve the desired results. Theft-Prevention Devices. Such theft-prevention devices as cabling and bolting plates can be used to minimize the potential of notebook theft by opportunity. The cables are designed so that they may be looped through an opening in a stationary object to tie the laptop down while the user is traveling. Resistance to these devices exists because many users feel that having these devices gives the impression of not trusting coworkers or business associates. However, security administrators who use theft-prevention devices in their companies indicate that they have experienced a significant decrease in loss. Although the products are effective, corporate procedures with strong enforcement practices are usually required before these products are put into use. Device Identification. Device identification is critical to the ability to identify a misplaced or stolen notebook. In addition to traditional identification methods (e.g., serial number registers, tags, labels, and engraving), microcomputers can be marked by using invisible ink to record the company's name and the notebook's serial number on the inside of the lid just under the monitor display area. The invisibly inked number must match the serial number recorded in the corporation's asset inventory register. This practice can also be used to resolve disputes associated with ownership of the microcomputer. Mobile Uninterrupted Power Supply. Previous screen Mobile uninterrupted power supply implies that each mobile user should have a portable surge protector with sufficient electrical outlets for each device that is connected to the microcomputer or notebook. Electricity follows the path of least resistance, and it will reach the microcomputer through any device cable if the power source for the device is not protected. Surge protector plugs are available at most hardware and electronics retailers. It is also recommended that the user carry a fully charged spare battery pack for the notebook. Usually the battery can be purchased from the dealer that sells the notebook.

Notebook Connectivity To ensure the notebook's power source, the electrical wall connection should be used so that the notebook's battery can be conserved or recharged. For proper grounding, the electrical code requires that all computer male plugs be three-pronged. In some facilities, the female electrical wall receptacles may accept only two-pronged male plugs. In such cases, the problem can be averted by carrying a female/male converter plug that converts three-pronged plugs to two-pronged plugs and has a grounding wire that may be attached to the wall receptacle's holding screw. This type of converter is available in hardware stores. If the user travels internationally, the toolkit must also include an international voltage adapter that eliminates the need to carry different converter plugs.

Telephone Communications Tools Offices and hotels are updating their telephone Private Branch eXchange to digital service, but modems and the majority of the PBXs are still analog systems. To ensure connectivity in either environment, a converter should be purchased that can covert the phone line to analog at the modem connection. The complete converter kit should include alligator clips for phones that do not have RJ-11 jacks. The phone line converter requires an Alternating Current adapter as the power source; the full-functioning kit will have the capability to use a 9-volt battery when an electrical wall outlet is not available. Data transmission may be interrupted if a phone system with call-waiting capability is used. The feature can be suspended during the data transmission call by adding *70 (occasionally #70) at the beginning of the dial string. As a general rule, this is probably not required. However, if a transmission session is interrupted for an unknown reason, call waiting may be responsible. A miscellaneous toolkit should include the following items:

á A small screwdriver with both a flat and a phillips head. á An extra-long telephone cord with male RJ-11 connectors on both ends. á A connector with two female RJ-11receptacles.

Continuity Continuity is defined in this section as the processes of preventing, mitigating, and recovering from service disruption. The terms business resumption planning, disaster recovery planning, and contingency planning may also be used in this context; they concentrate on the recovery aspects of continuity that ensure availability of the computing platform and information when needed. Recovery diskettes will reduce the user's lost time when access to information and remote computing resources is lost due to a major breakdown of the notebook. Recovery diskettes should be customized to the exact configuration of the notebook and should Previous screen contain the following files: á DOS system files (COMMAND.COM and the two hidden files), which make the recovery diskettes bootable.

á PARTNSAV.FIL, which contains the hard drive partition table, boot sector, and Complementary MOS information.

á CONFIG.SYS, which contains the appropriate values for files, buffers, stacks, and hard disk drivers.

á REBUILD.COM, which restores the CMOS.

á SYS.COM, which enables the transfer of the operating system to another disk. á Copies of any special drivers that are necessary to meet the standard operational configuration of the organization's protocol stack. á Communication programs that support emergency downloading of files and programs.

Creating Mobile Backup The fastest and easiest backup medium is a cassette tape; however, this represents an additional cost and bulky devices to transport. Most (if not all) mobile users want to travel as lightly as possible. The diskette then becomes the most acceptable medium, but care must be taken to minimize the number of diskettes needed. The proper organization of the notebook's hard drive will minimize the time and number of diskettes required to create a backup. A directory called data can be created with all of the subdirectories necessary to easily organize, track, and access data unique to the user. Application software, data bases, or operating software should not be included in the data directory. These files should be stored in other appropriately established directories. When necessary, these software and data base files may be downloaded from the office server. The backup diskettes should be kept in a different place than the notebook. If the notebook is lost, the backup diskettes will not be lost.

Loss of Computing Resources Loss of computing resources as a result of the loss or theft of a notebook or its mechanical failure is the most difficult problem to deal with. The user is away from the office yet may need to repair or replace the notebook immediately, and canceling the next few days' ppointments is not an acceptable option. The recovery process requires planning and discipline on the part of the notebook's user. The data files on the notebook should be backed up regularly. If any ingredient of the business resumption plan is missing or incomplete, lengthy delays are unavoidable. Mechanical Failure. When the problem is a mechanical failure, the existence and awareness (by the user) of a national maintenance agreement with a rapid response clause can ensure fast repair. The remote user should be able to easily obtain the location of the nearest repair location. This can be handled by the organization's help desk service, which should provide 24-hour accessibility. After the notebook is repaired, the user must determine if any data or application programs were lost or damaged. Lost or damaged software may be replaced by Previous screen using the emergency recovery diskettes to download the needed data from the office server. Although this may be a long transmission session, it is preferable to getting on an airplane and flying back to the office. After this is accomplished, the notebook owner can restore individual files from the backup diskettes. This process may consume a full day and may require the active participation of the remote user, but after it is done, the user's machine has been restored with the least amount of lost time. Lost or Stolen Notebook. When the notebook is lost or stolen, the plan must provide rapid delivery of a new notebook to the user in the field. Spare notebooks with the standard operating software, application software, master file, and current data bases should be available at the data center. After a call is received to ship a backup machine, the only step necessary is to find the quickest method. Airlines and bus depots should be called to determine whether they provide shipment that is faster than that provided by the standard 24-hour service providers. After the shipment arrives, the next step is for the user to restore personal data from the separately stored backup diskettes. If backup procedures for mobile users are to be effective, they should be tested and adjusted frequently. The recovery process may never be needed, and these procedures may be regarded as taking a lot of time. However, without such procedures, it may take the better part of a week just to obtain a replacement microcomputer. After that, it must be determined what applications and data bases must be loaded. Finally, if backup procedures are not enforced, how will the user's personal information be restored to a new notebook?

Integrity In this section, integrity is defined as the process of ensuring that the intended meaning of information is maintained. Information integrity is provided by allowing only authorized persons and processes to perform only those tasks that they are authorized to perform. Everything else is prohibited.

Software Considerations

Virus Protection. Remote users are no more or no less susceptible to viruses than their office-based counterparts. Therefore, they are likely to experience a virus infection of their computer within the next few years. Proper procedures can prevent the virus from attaching itself to any of the hard drive's files. A corporate contract should be purchased for one of the leading virus detection and eradication software products. The cost can be suprisingly reasonable, in some cases less than $15.00 per user per year, although some very good products may be even cheaper. The secret of success is to have the detection software active in memory at all times as a Terminate and Stay Resident program. Some vendors can relocate the terminate and stay resident (TSR) so that base memory is not used at all, while other terminate and stay resident (TSR) programs may take as little as 5K bytes of base memory. With the detection software active in memory, the computer's user may remain passive. Many organization's detection programs have limited success because they require the user to execute a scan program to check diskettes or hard drives after disconnecting from a bulletin board. During a normal day's workload, users may often overlook this program. If Terminate and Stay Resident software is used, however, the microcomputer should lock up when it detects a virus, and it should not allow the user to proceed. The eradication or cleaning program should be run immediately to remove the virus. The remote user should be provided with a system-bootable diskette that contains a virus detection and Previous screen eradication program. If additional directions are required to remove the virus, the mobile user should contact the organization's help desk for assistance. Notebook Configuration Integrity. Although the name personal computer may have been appropriate at one time, today it is a misnomer because the microcomputer has become such an integral part of information processing for the business community. By personalizing the notebook to the configuration of their choice, users may cause incompatibility with their organizations' requirements. As part of the processing infrastructure, it is important that the information technologist control the protocol layers to ensure proper connectivity, memory management, and execution of the company's processes. This is not to say that mobile users are not allowed to install some software of their choice. An example of coexistence on the microcomputer would be to control the autoexec.bat by not allowing anyone except the systems administrator to modify the file. However, the last line of the autoexec.bat is a call to an autouser.bat that gives the user the ability to add activity to the booting process. Today, a number of client-based products exist that are designed to establish administrative control over the configuration and accessibility of directories and files on the hard drive of notebooks. These products support multiple-user confidentiality and several levels of administrators. The content of certain directories on the hard drive should also be under the control of the systems administrator. Again, policies and guidelines should allow a section of the hard drive to be used at the discretion of the mobile user. Procedures and guidelines should clearly state the areas that may not be altered and the latitude the mobile user has to customize the microcomputer. These same robust access control products provide complete control over the Disk Operating System computing environment. Access to printers, ports, disk drives, modems, files, and directories may be constructed so that several users of the same microcomputer may not have the same authorized use of these facilities. In addition, passive Data Encryption Standard (or proprietary) encryption and decryption of files or directories may be established. The major vendors provide the ability to configure directories on the hard drive to be encrypted or decrypted on the fly. When a file is written to the designated directory, it is automatically encrypted. Conversely, when a file is read into memory by the authorized owner of the directory, it is automatically decrypted. This prevents unauthorized access to information even though several users may share the same microcomputer. Nonrepudiation. In this section, nonrepudiation is defined as the process of ensuring that a user either the originator or the recipient can be identified as having engaged in a particular transaction. This facility may also be used during the normal course of business activity to identify the originator of information. Nonrepudiation involves the following procedures: á Electronic identification of the sender is accomplished by digital signaturing. Depending on the nature of an organization's business, a choice of standards can be followed. á Message hashing ensures that the content of the message is not altered. This is accomplished by cycle redundancy check, which sum up a total value of the message's bits and stores that hash with the digital signature in an encrypted envelope for the message. Two major hashing algorithm standards exist: MD5, which is supported by Rivest_Shamir-Adleman and the Internet (ANSI X930 part 2 & Regional Financial Center 1321), and secure hash standard, which is supported by National Institute for Previous screen Standards and Technology (FIPS 180 and 180-1). á A copy of the message (the hash) with the digital signature of the originator is sent to the message archive. Each message must have an established retention date that will vary according to the message content. The records retention policy should serve as the guide for establishing the date. The message should be automatically removed from the archive data base when this date is reached. á Proof that the message was delivered requires an electronic acknowledgment containing the date stamp of the activity to be sent to the archive and matched to the message. á Proof that the message was opened requires an electronic acknowledgment containing the date stamp of the activity to be sent to the archive and matched to the message. á When the importance of a transaction dictates that nonrepudiation is required, a utility should monitor the message activity to ensure that the message was received and opened. Electronic message status should be returned to the sender for appropriate follow-up as required (e.g., to determine why the message was not received or opened). á The trustworthy information processing infrastructure must provide assurances that the message and audit details cannot be altered. Many business uses exist for nonrepudiation in the mobile world(e.g., purchase orders, expense statements, strategic management directives, conflict of interest forms, and other important documents)that can provide technology an opportunity to reduce today's manual administrative efforts. However, nonrepudiation does not address confidentiality of the message; this is accomplished through encryption. Remote Access Authentication. After the decision is made to allow modem, Internet, Cellular Digital Packet Data, or Integrated Services Digital Network access to the infrastructure, the risk of unauthorized access to the infrastructure increases. Call forwarding and other advances in technology have eliminated the security effectiveness of dial-back modems. The Gartner Group considers dial-back modems to have limited effectiveness. The most effective way known to authenticate a remote user is through two-phase authentication: with something that the remote user knows and something that the remote user possesses. Another means of authentication is through the use of biometrics, which includes voiceprint, fingerprint, or retinal scan. Currently, the cost and technical problems associated with remote biometrics scans render them impractical for common use. When selecting one of the myriad products that support two-phase authentication, the following items should be added to the functional requirements list: á It must provide the capability for centralized administration of access system controls (e.g., personal identification numbers, passwords, alarms, use analysis), while the actual authentication platforms may be decentrally deployed. á It must function independently from the network infrastructure. The product should be independent of modem type, baud rate, or any other characteristics related to transmission of data. When changes are made to the network infrastructure, the product should not require modification. á It must function independently from the hardware infrastructure. The product must Previous screen function with all hardware platforms and operating systems. When changes are made to the hardware infrastructure, the product should not require modification. á The product must function independently from all application software. Changes to the application should not dictate changes to the product. A one-time modification to the application software may be required to request the user's identification to the product. á It must provide a random-number challenge (algorithm) to the product making the call that is in the possession of the caller. The challenge response (one-time password) must be unique for each authentication session. This ensures that the caller has the product in his or her possession each time a call is placed. á The product must allow encrypted data to be processed. It is not a requirement for this product to perform the encryption. á The product must accommodate caller mobility. The caller may need to call different processors or locations that are not part of the infrastructure. In addition, the caller may want to place calls from different devices (e.g., a different microcomputer in a different location); therefore, the authentication process must be capable of being relocated. á The product must provide magnetic and printed reports of audit trail activity. The following data should be included in the audit log: date and time for all access attempts, the line on which the call entered, entry time, disconnect time, reason for disconnect, caller associated with the call, and system violations or other unusual occurrences. á If the product in the caller's possession fails, a backup capability should exist that will grant the requester access to the infrastructure. The backup process must be available at all times. The most economical way would be to place a call to the network help desk; the help desk will then grant one-time access on verbal authentication of the requester. This requires a process that will mitigate social engineering. á The process device must provide controlled one-time access for some individuals (e.g., vendors or customers) that is granted by a remote authority. An example of this feature would be a one-time password generator that would relay the challenge and response over the phone. The central unit issues a random challenge number, the hand-held password generator calculates a response through an algorithm using the personal identification number of the requestor, and this unique response is compared to the central unit's response for that user. If the two responses agree, then access is granted. á It must support the establishment of alternate dial authentication hot sites when the primary site goes offline for any reason.

Confidentiality Confidentiality in this section refers to the facilities by which information is protected against unauthorized reading. To facilitate establishing adequate levels of protection for information, data trustees (owners) must provide a classification to all information. This classification is based on the level of damage to the enterprise that may result from allowing individuals to gain access to information that they do not need. Mobile Employee Information Security Recommendations Previous screen Ensuring compliance with appropriate security procedures and practices depends not on the security tools that are provided but on the effectiveness of the security awareness program. Awareness contributes to the success of the effective information protection program. Exhibit 2 provides a baseline of awareness requirements for the mobile user. Posters in the organization's facilities are very effective and are an important part of the overall awareness program. However, use of E-mail and articles in the organization's internal communication media are more effective than posters with mobile users.

Safe Practices for Mobile Users

1. Be aware of the surroundings. 2. Make portable divices inconspicuous. 3. Shred confidential documents before discarding them. 4. Lock portable devices out of sight when leaving them unattended. 5. Hide physical security tokens; do not carry them in the same case with the notebook. 6. Establish a regular schedule for performing appropriated backup practices. 7. Select nontrivial passwords. 8. Change passwords frequently. 9. Follow the common-sense rule to question whether you are in an appropriate place and time to be working with the company's information assets. 10. Most important of all: treat sensitive company information as if it were the combination to your personal safe.

Software Considerations

Version Management. If the application software or data base on the notebook is not the current version, the mobile user may create and transmit incorrect data into the organization's record of reference data bases. If this happens, the integrity of the data bases may be damaged and inaccurate information may be given to a business partner. Each time the mobile user connects into the organization's network servers, a process should be performed to ensure that all of the software (both application and operating system) on the mobile client is current. The same is true for all data base subsets that are mirrored on the notebook. The organizations change control process should notify the synchronization process when production environment changes are made and should have the updates available when a remote connection is made. If the notebook does not have all the current software and data base data, the infrastructure servers must not accept information uploads until the software and data base are synchronized. The mobile user must recreate the information before attempting to upload using the current versions of the processing environment. When the mobile user connects into the infrastructure and determines that a download of updates is required, the user should have an option to delay the download. The user is not allowed to upload information to the server, but queries may be made. This is important if the user is with a customer and wants to obtain status information; if a potentially lengthy download takes place, the user would waste the customer's time. Encryption and Decryption. Previous screen To date, encryption is the most effective security measure to ensure information confidentiality. One type of technology uses a two-part key in which the private key is kept by the owner and the public key is published. The recipient's public key is used to encrypt the data, which can only be decrypted by the recipient's private key. To reduce the computational overhead, encryption is often used to create a digital envelope that holds a Data Encryption Standard encryption(symmetric) key and DES-encrypted data. Message nonrepudiation uses document hashing and digital signature as a means of verifying the message sender. This is accomplished by encrypting a message with the sender's private key and letting others decrypt the message with the sender's public key. The major security concern is maintaining integrity and confidentiality of the keys. Each organization must devise a process to distribute the public keys to everyone who is involved in the encrypted messaging process, including customers and other business partners. The recommendation is to establish a comprehensive public-key data base on a central server that may be accessed by everyone (this means that it is located outside the security firewall)and to have each mobile user keep a subset of public keys on his or her notebook for major business partners. Another concern is protecting corporate equity. Consideration must be given to the necessity for the corporation to decrypt messages when the owner of the private key is not available. One method may be to include the symmetric DES key (discussed in the previous encryption section) in an extractable format in the message archiving facility(discussed in the nonrepudiation segment). A tightly controlled process to extract the DES key would allow the message to be decrypted without compromising the private key of the originator. Right-to-privacy concerns are outweighed by corporate equity considerations, because company resources were used to create the messages.

New Technology Considerations It is important to have an appreciation for new connectivity technologies so that users may determine their potential threats and vulnerabilities. By looking at what is coming, users should be able to develop the mitigating security measures before deploying the technology. Many security concerns exist, but very few proven answers are associated with emerging technologies. However, the technologist(and to some degree the mobile user) often wants to implement the technology quickly, before the technology itself has reached commercial strength. PC Card The unified standard that combines Personal Computer Memory Card International Association (PCMCIA) standard and the Japan Electronic Industry Development Association (JEIDA) standard is called PC Card. The credit-card-sized devices take the form of memory cards, modems, and disk drives that can be plugged into slots in computers. The card's security measures should be the same as those for the hard drive. Experience indicates that many users do not take the card out of the drive when it is not in use; therefore, passive encryption is recommended. For this reason, cards may be ineffective if used as a removable security lock. The card is effectively used in several applications, most notably as a removable modem. Smart Cards Although they are the size of an ordinary credit card, smart cards use an embedded processor that gives both the system designer and the system user a powerful authentication tool. Smart cards are a subset of the rapidly growing integrated circuit card industry. Two types of smart cards exist: contact cards and contactless cards. The contact-type interface uses an eight-position contact located at one corner of the card. A contact card reader also uses a matching set of contact points to transfer information between the card Previous screen and the reader. The contactless card does not come in direct contact with the card reader, but uses an inductive power coil and transmit and receive capacitor plates to transfer information to the contactless reader. AT contactless card product is essentially an 8-bit computer with a proprietary operating system and either 3K bytes or 8K bytes of user- accessible, nonvolatile memory inside the smart card. Many applications take advantage of the strong authentication capabilities of smart cards. The most common application is electronic money. Another example of smart card flexibility is in a building security system protected by card access that otherwise requires a large network of cables connecting the door reader, door controllers, and host computer. By converting systems to a smart card system and using the onboard data base and encryption capabilities, the miles of network cabling and host computer may be eliminated. However, the need for a special card reader coupled with the mobile user's desire to travel light all but eliminates the smart card as a practical security mechanism in today's mobile arena. Cellular Digital Packet Data Cellular digital packet data (CDPD) technology is rapidly building its infrastructure right alongside the traditional analog cellular infrastructure. In fact, much of the existing analog base stations are being used. Similar to most public communications efforts, a coalition of common carrier have cooperated to ensure interoperability. Cellular Digital Packet Data was developed by a group of major cellular communications companies. This prestigious group makes it clear that by leveraging existing technologies and infrastructures, they will have a nationwide network available within a very short time. As the caller moves from one analog cell to the next, the ability to transmit data digitally means faster transmission speeds and a solution to the current problem of lost or repeated transmission. The user will be able to send and receive data while in a moving car. Technologists believe that because existing common protocols are used, today's applications can use CDPD without modification. The one drawback that may impede CDPD deployment is the development of effective modems that support CDPD. Three types of CDPD services are provided. CDPD Network allows subscribers to transfer data through their applications as an extension of their internal network. In CDPD Networked Applications Services, the cellular provider provides specific application services like E-mail, directory services, and virtual terminal services to subscribers. CDPD Network Support Services provides network management, use accounting, and network security. The security practitioner should not assume that cellular carrier's security interpretation or objectives are the same as those of the organization. The carrier's direction is intended to protect its investment in the CDPD Network and principally to ensure that only authorized paying subscribers use the network. A secondary concern is providing data privacy. It is not practical for the carrier to comply with each subscriber's security policies. The user should already be aware of the security risk associated with cellular transmissions. Cellular (analog or digital) transmission is a miniature radio station broadcasting to everyone who has the receiving equipment. digital transmission will be able to scramble the transmission by channel hopping, which makes interception more difficult but not impossible for the motivated eavesdropper. Therefore, the best solution to maintain data integrity and confidentiality is through digital signaturing and encryption. Because of the administrative overhead associated with key management of symmetric keys (the same passphrase is used to encrypt and decrypt the message), public and private key encryption is recommended. Wireless Communication Although cellular communication is a desirable tool for mobile users, wireless communication may be a valuable capability for those roving from place to place within the confines of their own building. Wireless networking employs a number of different methods. One of the most popular of these methods is spread-spectrum radio. Wireless Previous screen adapters connect into a computer either internally or through the parallel port, and they then communicate to a base-station or what could be called a wireless hub. The communication receiving area of the base station is usually several hundred feet, and the microcomputer and adapter may be placed anywhere within that radius. Other methods use a line-of-sight transmission technology. Because the transmission takes place within the confines of the company's buildings, the security requirements may be fewer. However, depending on the organization's type of business and the need for confidentiality, consideration might be required to neutralize the motivated eavesdroppers who may be within the company or stationed outside the facility. Other technologies use radio frequencies to forward messages to a central station, which in turn (when requested) sends the message to the recipient. This method is known as store and forward, and it is not normally used for interactive messaging. The best answer to ensure confidentiality in all wireless applications is encryption. The World Wide Web The World Wide Web (known as the Web or WWW) provides an infrastructure for accessing information. The Web provides a simple means of attaining almost any type of information that is available on a Web server that is attached to the Internet. All information on the Web is stored in pages, using a standardized hypertext language. Many companies use the Web to provide timely information to their customers. They typically provide information about products, upgrades and patches, and feedback areas. The Web is considered a companion to E-mail because it provides information by using an interface. However, the Web is designed to accommodate limited two-way communication. Security considerations must be the same as with all other Internet connections. The Web server should be placed outside of the firewall. If confidential information is placed on the Web, then encryption should be used. In general, the Web architecture does not provide for the integrity and confidentiality of information. Access to the infrastructure should not be allowed through the Web server.

Conclusions Security procedures, guidelines, and practices accepted by end users must enable them to do their jobs. If end users interpret security to be a roadblock, they will often find ways to circumvent security requirements. To ensure that this does not happen, the security practitioner should spend time learning the problems and security concerns of users. The practitioner should consider scheduling one day per month to stay at home and telecommute in addition to dialing in while on business trips. This practice enhances understanding of the remote access conditions, and assists the security practitioner in developing more effective security practices.Exhibit 3, published by the Yankee Group, provides a projection of the professions that will make up the mobile community by 1997.

1997 Projection of Mobile Work Force

26% Sales 23% Field Services 18% Administrative 15% Field Engineering 10% Senior Management 8% Other

1997 Projections by: The Yankee Group Information today is stored not only in the data center but also on desktops, notebooks, Previous screen and home computers; it is stored wherever mobile users have taken the data. By understanding the implications of this fact of business life, practices can be better established to secure assets while supporting employees'requirements to perform optimally and competitively through having access to the most current information and computing power. Author Biographies Ralph R. Stahl, Jr. Ralph R. Stahl, Jr., CDP, is chief global information security officer in architecture design and engineering for the worldwide information systems of AT in Dayton OH.