Slashdot Mirror

← Back to Stories (view on slashdot.org)

Securing Android For the Enterprise

Posted by Soulskill on from the lcars-cream-sandwich dept.

Orome1 writes "While many companies use IPsec for secure remote access to their networks, no integrated IPsec VPN client is available on Android. Apple has already fixed this shortcoming in iOS, in part, because it wanted make the iPhone attractive for businesses. The Android operating system doesn't just lack an integrated IPsec VPN client, it also makes installing and configuring third-party VPN software quite complicated. IPsec VPN clients have to be integrated into the kernel of each device, and the client software has to be installed specifically for a memory area. This means that the firmware of each Android smartphone or tablet has to be modified accordingly. Until a 'real' IPsec VPN client is available, Android users can use their devices' integrated VPN clients based on PPTP or L2TP, which is deployed over IPsec. A 'real' IPsec VPN connection, however, is more secure because it encrypts data prior to authentication."

5 of 136 comments (clear)

  1. It's not just about the VPN aspect by geekylinuxkid · · Score: 5, Insightful

    Android needs some sort of remote wipe software to make it even remotely feasible for most businesses. For example, the government requires remote wipe, and some sort of encryption. Until Android has a solution for these two, the VPN-less capability is moot.

  2. Complete lack of security by Anonymous Coward · · Score: 1, Insightful

    We reviewed Android and iOS for a very large, very well known global company. After a lot of research Android was pretty much laughed out of the room. Any corporation that uses it for their issued device and has information to protect is not paying attention.

    1. Android has next to nothing in the way of large scale management and configuration tools.
    2. The OS itself is highly insecure allowing all sorts of application and OS interactions regardless of resource usage or malware possibilities.
    3. Google rolled over for the carriers allowing them to modify Android phones with bloatware and in other ways that make them insecure, unreliable, and resource pigs.
    4. Malware fest.
    5. Corporations don't want the carriers or Google tracking their devices but Android allows this to an unprecedented degree. We don't allow company data to be stored in Google Apps and we don't allow our vendors to use it either for this very reason.

    Android is just a mess of cobbled together code. It cannot be taken seriously in enterprise environments. Not surprising really since that is not Googles aim. Android users and their activities are the product no the devices themselves. Even the few Android fanboys on the team couldn't put up an argument for why it should be used when it so clearly violates many of our security standards for devices, OS, and apps.

    iOS sailed right through and will be a new standard devices since nobody wants Blackberries any more.

  3. Re:Stupid article is stupid by Skapare · · Score: 3, Insightful

    Restricting access to particular services is best done by those services themselves doing the authentication. They would know what users are authorized for what functions. The remote Android user is in no position to sniff the server networks, so the fact that the traffic within the LANs is not encrypted does not matter as long as you trust your network admins ... if you don't, you better be using an SSL layer to the server and trust your server admins.

    If the remote user has ANY means to access the internet on the phone, either directly through the telco data bandwidth provider, or even proxied or routed through the VPN, then the phone MUST be considered unsafe, and it would be entirely inappropriate for it to be accessing any home base servers that don't authenticate (but that's just totally stupid to run that way under any circumstance).

    --
    now we need to go OSS in diesel cars
  4. Re:Stupid article is stupid by Xugumad · · Score: 3, Insightful

    > *current* version of Android actually has full native IPSec support

    Do you mean Ice Cream Sandwich? In which case, to be fair it's not what you'd call in widespread use yet... (I have never seen anyone with an ICS device IRL, or heard of anyone having one)

  5. Re:Oh by dotancohen · · Score: 3, Insightful

    I got the joke so go employ that dumb WHOOSH meme elsewhere, or better not at all.

    I mearly commented that the use of the phrase 'for the Enterprise' is stupid for reasons other than star trek references.

    You mean that you replies to the top-most thread with an off-topic post instead of starting a new thread so that your post would show up at the top of the page?

    --
    It is dangerous to be right when the government is wrong.