400    Chapter 6 • Infrastructure Security: Devices and Media

                 The data stored locally on mobile devices can contain confidential corporate
             information or other information that is best kept out of the hands of attackers.
             With this in mind, it is always a good idea to encrypt data stored locally on these
             mobile devices. Some newer devices have this ability built into their OSes, but for
             those that do not, there may be third-party software available that adds this func-
             tionality.
                 Any time a hacker is able to access a device locally, there is the chance that with
             time the hacker can break through any security measure.Therefore, it is a good idea
             to keep hackers away from the device.With the small size and convenience of hand-
             held mobile devices, this is especially difficult.The sheer number of cell phones and
             PDAs left at tables in restaurants, in airports, or in public restrooms is staggering. If a
             company supplies mobile devices to its users, it is critical that they be instructed on
             proper care for the devices, which includes not leaving them behind.The only real
             defenses to this are the passwords protecting the device and encrypting the local
             data, both of which can be bypassed with time and perseverance.

             Media-based Security


             Any system is the sum of all of its parts, and the art and practice of security admin-
             istration is no exception.While network devices may be secure and a network may
             be blocked off from the outside world, it is still important to be concerned with
             the security of the media that interacts with the network or systems.
                 This section covers a plethora of different media types ranging from cable types
             to removable media.The Security+ exam puts an emphasis on media and its vul-
             nerabilities.While trying to access a network and its resources remotely is certainly
             convenient to the attacker, sometimes a more reliable method is accessing the data
             directly through the media used on or with the network.
                 First we discuss the physical media used for transmitting data to and from net-
             work devices.To form a network, the devices have to be able to move data bits to
             each other. Network cabling is the media used for this purpose.We then go over
             several different types of networking media and their respective advantages and dis-
             advantages. Next, we cover the physical media used for transporting data.This is
             called removable media and comprises everything from floppy disks to Smart Cards.
             Finally, we go over most of the popular removable media and discuss their security
             differences.
                 Keep in mind that the media being discussed here is all physical media used for
             transmitting data.There are many other types of media in use within the computer
             industry, such as streaming media or media players, which deal with content rather



          www.syngress.com