Hayibo.com: Breaking news into lots of little pieces:
Headlines:
Anger, confusion, as study suggests sex not poverty causes Aids
Rival ANC party to have better deejays, will be "off the hook"
Guide to Bluetooth Security (PDF; 3.9 MB)
Source: National Institute for Standards and Technology
To improve the security of Bluetooth implementations, organizations should implement the following recommendations:
Organizations should use the strongest Bluetooth security mode available for their Bluetooth devices.
The Bluetooth specifications define four security modes, and each version of Bluetooth supports some, but not all, of these modes. The modes vary primarily by how well they protect Bluetooth communications from potential attack. Security Mode 3 is considered the strongest mode because it requires authentication and encryption to be established before the Bluetooth physical link is completely established. Security Modes 2 and 4 also use authentication and encryption, but only after the Bluetooth physical link has already been fully established and logical channels partially established. Security Mode 1 provides no security functionality. The available modes vary based on the Bluetooth specification versions of both devices, so organizations should choose the most secure mode available for each case.
Organizations using Bluetooth technology should address Bluetooth technology in their security policies and change default settings of Bluetooth devices to reflect the policies.
A security policy that defines requirements for Bluetooth security is the foundation for all other Bluetooth-related countermeasures. The policy should include a list of approved uses for Bluetooth, a list of the types of information that may be transferred over Bluetooth networks, and requirements for selecting and using Bluetooth personal identification numbers (PIN). After establishing Bluetooth security policy, organizations should ensure that Bluetooth devices’ default settings are reviewed and changed as needed so that they comply with the security policy requirements. For example, a typical requirement is that unneeded Bluetooth profiles and services be disabled to reduce the number of vulnerabilities that attackers could attempt to exploit. When available, a centralized security policy management approach should be used to ensure device configurations are compliant.
Organizations should ensure that their Bluetooth users are made aware of their security-related responsibilities regarding Bluetooth use.
A security awareness program helps users to follow security practices that help prevent security incidents. For example, users should be provided with a list of precautionary measures they should take to better protect handheld Bluetooth devices from theft. Users should also be made aware of other actions to take involving Bluetooth device security, such as ensuring that Bluetooth devices are turned off when they are not needed to minimize exposure to malicious activities, and performing Bluetooth device pairing as infrequently as possible and ideally in a physically secure area where attackers cannot observe key entry and eavesdrop on Bluetooth pairing-related communications.
Permalink Docuticker