Enterprise Mobile Device Security Dynamic Firewall Adaptation

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

Keeping your security response flexible is uniquely important to the mobile device environment. That’s partly because most current devices make multitasking available. Your users could be videochatting with one application while simultaneously texting, make a voice call, turn on location-based services to find the nearest gas station, and download corporate e-mail – all at the same time.

Any firewall that claims to protect the device has be able to watch constantly for the specific applications, interfaces, and protocols the user is using at any given moment and provide complete protection against attack for all of these.

The heavy-hammer approach is tempting: You could turn on protection for all interfaces, applications, and protocols at all times but then the firewall falls afoul of the “efficient battery usage” tenet. You don’t want the firewall to suck the life out of the battery while trying to protect everything constantly, regardless of what’s actually in use.

Clearly, an effective firewall has to be more intelligent, adapting constantly to the usage pattern and turning protection on and off as necessary.

In terms of the types of interfaces a firewall needs to protect, it comes down to what types of wireless connectivity your mobile devices provide. Typically, a mobile device has at least a wireless LAN or Wi-Fi interface that allows connection to the wireless network. The device has an interface to connect to the service provider’s network. Most firewalls provide protection against these two primary interfaces, but verify.

In addition, you need to consider other interfaces your mobile device may have, including a Bluetooth interface. A Bluetooth interface is particularly vulnerable because not many firewall vendors protect this interface.