Does your security policy address Bluetooth technology?

Bluetooth-enabled devices are becoming more prevalent in the corporate culture. While they may not be large repositories of important corporate data, they still pose some security risks. Mike Mullins discusses how your organization can protect itself from these potential threats.

Worried about security
issues? Who isn’t? Automatically
sign up for our free Security Solutions newsletter, delivered each Friday,
and get hands-on advice for locking down your systems.

In a recent article, I discussed additional
security measures that organizations can implement to secure mobile devices,
such as PDAs. However, it’s important that companies realize that mobile
computing isn’t restricted to PDAs and wireless laptops. In fact, another form
of wireless device could be inside your network right now, and you’re probably
unaware of it. I’m talking about Bluetooth-enabled devices.

Bluetooth devices operate on the unlicensed 2.4-GHz ISM band
of frequencies. By design, Bluetooth can operate in this noisy environment by
frequency-hopping to avoid interference from other signals after transmitting
or receiving a packet of information.

While Bluetooth has
been around for a few years, the technology is beginning to come into its own.
More and more vendors are embedding Bluetooth technology into a
multitude of different mobile devices. Wireless phones and headsets are the
most popular devices, but you can also find Bluetooth technology in printers,
PDAs, and laptops.

Understand the security threats

Most security administrators couldn’t tell you if any
Bluetooth-enabled devices exist on their networks or if any users access their
networks using Bluetooth-enabled devices. And as cell phone viruses
become more prevalent, this could pose problems to organizations’ overall
security.

In fact, Bluetooth technology is vulnerable to a number of
different attack methods:

Bluesnarfing—stealing data stored
on a Bluetooth-enabled device
Bluejacking—sending anonymous
messages to a Bluetooth-enabled device
Bluebugging—forcing a Bluetooth-enabled
cell phone to place a call

As Bluetooth technology becomes increasingly prevalent, the
possibility of it interacting with your organization’s network also grows. And that
means there’s no better time to devise a method to control how this technology
affects your network.

Create a policy

Bluetooth technology has almost no practical business
application, and it’s not a technology officially supported by most IT
departments. However, organizations can’t ignore the fact that it exists.

Companies must accept that Bluetooth technology is out there
and has the potential to interact with their networks. It’s important to be
proactive; don’t wait for a Bluetooth-related security event to occur.

Instead, develop a company policy that discusses the use of
Bluetooth-enabled devices and defines how these devices can interact with the network.
Until the company decides to support Bluetooth-enabled devices, this policy
should define your corporate strategy regarding the technology.

To begin, the policy should address three main areas:

Support: Bluetooth-enabled devices
are not a supported technology, and no one should connect them to the
corporate network.

Data: No one is allowed to store
any company data on any Bluetooth-enabled device—specifically, passwords
and usernames.

Repercussions: Discuss in detail the
penalties for violating this policy.

Scan for devices

After you’ve created and distributed the policy, I recommend
performing a wireless sweep to determine whether Bluetooth is active around
your physical security boundaries. Red-M
sells an excellent
product called Red-Alert PRO, an intelligent wireless probe that scans for
the presence of all 41 channels of 802.11a, 802.11b, and 802.11g, as well as Bluetooth
activity.

By scanning for Bluetooth-enabled devices, you can
continually update the risk profile for your network. In addition, you can
better determine when to expend additional resources to address the security
vulnerabilities of this fast-growing technology.

Final thoughts

Bluetooth devices are becoming more prevalent in the
corporate culture. While they may not be large repositories of important
corporate data, they still pose some security risks. Either incorporate these
devices into your organization’s security architecture, or ban their presence
altogether. If you can’t secure it, it doesn’t need to touch or interact with
your network.

For more information about Bluetooth security and
vulnerabilities, I recommend The Bunker Web site,
which maintains an excellent repository of Bluetooth security issues and
vulnerable devices.

Mike Mullins has
served as a database administrator and assistant network administrator for the
U.S. Secret Service. He is a network security administrator for the Defense
Information Systems Agency.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE Finding a back-end developer with programming and technical expertise as well as superior collaboration and communication skills will require a comprehensive recruitment strategy. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: TYPICAL ...

PURPOSE Application engineers need to have technical expertise in programming, design, business and the software and hardware required to run the application. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE ...

Does your security policy address Bluetooth technology?