beautypg.com

Internet and intranet, Incoming data calls, Attacks from the internet – Nokia 9290 User Manual

Page 6: Dial-up security, 3 dial-up, Security, Tcp/ip over ppp connection

background image

6

(9)

Nokia 9290 Communicator

Nokia Mobile Phones

Security White Paper


Copyright

Nokia Corporation 2001-2002. All rights reserved.

During the installation, be sure to read all dialog boxes that appear on the display. They may contain further
security information.

Nokia has a Nokia OK Logo program for third party software developers. Using software that has a ‘Nokia OK’ logo
offers further assurance of the quality of the software.

5. Internet and intranet

Data communication over the Internet or other IP networks is not secure by default. To enable secure connections, the
Nokia 9290 Communicator supports various security protocols.

5.1 Incoming Data Calls

By relying only on the factory configuration, it is not possible to access the Nokia 9290 Communicator’s files from an
incoming data call. However, as with any normal computer, malicious third-party software can potentially degrade
the security of the device. Therefore, only install and use software that comes from a trusted source and is digitally
signed by a trusted party (see section 4).

5.2 Attacks From The Internet

When connected to the Internet, it is possible to send data packets from the Internet to the communicator. As the
wireless link is of low bandwidth, it is potentially possible to cause congestion by sending large amounts of useless
packets to the device. Therefore, it is recommended that the dial-up link uses a firewall to filter suspicious packets.
Many Internet service providers offer this service. The use of dynamic IP addresses is another recommended safety
measure. Most, if not all, Internet service providers supply dial-in clients with dynamic IP addresses by default.

Also, installing defective or malicious third-party software (especially from Internet servers) in the Nokia 9290
Communicator may degrade security. Only install and use software that comes from a trusted source and is digitally
signed by a trusted party.

5.3 Dial-up Security

The communicator requires a PPP (Point-to-Point Protocol) connection to allow connection to the Internet or to an
intranet.

Internet/

intranet

Dial-in system

GSM900

GSM1800

ISDN

PSTN

TCP/IP over PPP connection

Figure 1: The communicator connection principle

The communicator supports the PPP authentication protocols PAP (Password Authentication Protocol) [RFC 1334],
CHAP (Challenge Handshake Authentication Protocol)

[

RFC 1994

]

and MS-CHAP (Microsoft CHAP). Of these three,

CHAP and MS-CHAP are more secure as they do not transmit the password over the network.

See also other documents in the category Nokia Mobile Phones: