According Chris Witeck, senior director of product marketing at remote access provider iPass, there are many steps that can be taken to help secure this fast-growing trend, among them not allowing unauthorized access. This solution allows a company to secure endpoints while providing a centralized computing experience.
Out of some of the more popular articles regarding this subject, the most common and effective solution is end-user education. Educating users will instill and awareness of proper security practices. There can be consequences for breaking these security practices as well, which might also serve as a good deterrent for improper behavior.
In the end, there are a lot of good things about BYON. It provides greater employee satisfaction and lower corporate costs to name a couple. There are also significant security threats. Using proper security policies and end-user education, the threat of a data breach is greatly reduced.
Don’t be a Bad Neighbor
This last Tuesday has come and gone and we are left with another high ranking vulnerability being patched by Microsoft during their monthly upkeep. CVE-2020-16898, aka “Bad Neighbor,” discloses an IPv6 vulnerability “which allows an attacker to send maliciously crafted packets to potentially execute arbitrary code on a remote system” according to Steve Povolny and Mark Bereza in a post at McAfee Labs.
Apparently the Windows TCP/IP stack has trouble when handling ICMPv6 Router Advertisement packets that make use of the Recursive DNS Server (RDNSS) Option. The Length field of this option needs to be not equal to a factor of 2. In other words it should be of value 3 or greater and be odd. If this is not the case, unpatched systems could result in a buffer overflow as the value mismatch is not compliant with RFC 8106. This is just a way of saying that data or instruction sets could be written into memory for execution. Continuar leyendo: “This can be done by creating policy using a mobile device management (MDM) software like Citrix Endpoint Manager” →
Publicado el 24/3/2022 Categoría sign in.
Comentarios: 0