[ISN] Wireless carriers exploit firewall bypass

From: InfoSec News (isnat_private)
Date: Mon Jan 28 2002 - 01:00:10 PST

  • Next message: InfoSec News: "RE: [ISN] Microsoft May Delay Products to Fix Security"

    By Ephraim Schwartz and Brian Fonseca 
    January 25, 2002 11:15 am PT
    A NEW AND some say troubling trend is emerging among wireless carriers
    who are enabling users to lift data remotely from corporate networks
    without IT oversight, according to industry observers.
    Dissatisfied with the slow pace of corporate adoption of wireless,
    carriers are taking a new route, going directly to employees and
    bypassing the IT departments.
    In the second quarter, Cingular Wireless will follow Sprint PCS' lead
    to become the second major wireless carrier to give users access not
    only to e-mail, calendars, and contacts residing on the network but to
    just about any file on any directory, as long as a user's desktop or a
    delegated co-worker's desktop is active, according to Cingular
    "It is sneaking into the firewall, but sometimes you get to the IT
    department by showing them how many different individual users are
    already using [a technology]," said John Kampfe, director of business
    marketing at Atlanta-based Cingular.
    Jason Guesman, director of business marketing at Kansas City,
    Mo.-based Sprint, said that, although Sprint's Business Connection
    Personal Edition may cause consternation with IT departments, the
    company does offer a corporate solution to ease concerns.
    Behind Cingular's as-yet-unnamed service and Sprint's Business
    Connection Personal Edition is Redwood City, Calif.-based Seven, which
    offers its System Seven architecture in two flavors: one for IT
    departments and another for individuals.
    The Seven solution also supports LDAP access, said Bill Nguyen,
    president and co-founder of Seven. "It makes the cell phone a
    wonderful extension to the PC," Nguyen said.
    Seven establishes an outbound connection and gains access by using
    Port 443, the same Web link used to surf the Web and send email. The
    System Seven server registers itself as an available resource,
    allowing queries back to the desktop. Company officials insist that
    System Seven conforms to the highest levels of transport security.
    But unsupervised port access can be harmful, analysts said. Network
    intrusions and lost or stolen devices could lead to information loss
    or theft, said Peter Firstbrook, an analyst at Stamford, Conn.-based
    Meta Group. "At the very least, companies need to acknowledge the
    issue. They need to find out what people are doing and put a policy
    [or device restrictions] in place," Firstbrook said.
    But, as others debate, Seven is close to signing up Verizon and AT&T
    Wireless, industry sources said. Officials at Seven declined
    commenting on the pending deals.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 04:24:31 PST