2.8 Given a scenario, implement methods for securing mobile devices.
The following sections detail the built-in user security utilities that are common in today’s mobile devices.
Screen Locks
Screen locks are a “first line of defense” for all mobile devices.
It’s turned off by default, but its highly encouraged to turn it on.
There are 4 types of Screen Locks
Fingerprint Lock
A biometric-type lock that uses your fingerprint to unlock the device.
It is the most secure biometric method for a device. The technology works by placing your finger on a touchpad sensor on the device.
Face Lock
Another biometric lock type that uses your face to unlock your device.
It’s not as secure as a fingerprint lock because someone who has a similar face shape as you can unlock the phone, resulting in a false-positive.
Swipe Lock
works by displaying nine dots in a 3x3 square, you then swipe with your finger with registered pattern to unlock the phone.
This is the least secure due to the high chance of someone just following the grease trail you leave behind from your fingers
Passcode Lock
This screen lock type is identical to using a password so it runs into the same issues
It’s vulnerable to shoulder surfing and people just learning your passcode over time.
Remote Wipes
Should your work or personal mobile device go missing or fall into the wrong hands, it’s always nice to have a backup plan to ensure that no company secrets or personal identifiers get misused by anyone who would use the information with bad intention.
Using remote wipe should be used a last and final resort to ensure the contents of your mobile device are never read by the wrong party
Once confirmed, your mobile device will be completely erased.
Locator Applications
Locator apps are a great way to find your misplaced or stolen mobile device.
Apple usedFind My iPhoneto track your missing device, but they have to be powered on and connected to the internet
Find My iPhoneallows you to remote control the device, lock it, play a siren, display a message, turn it off, and wipe it clean.
Google’s Find My Device does a lot of the same things as Find my iPhone.
Remote Backup applications
Both Apple & Google automatically backup your mobile devices.
iCloud
Apple iOS devices automatically back themselves up either to a computer running iTunes or an iCloud account associated with the device.
When a mobile device is connected to a computer using iTunes, the phone and mac are synchronized.
Synchronized is another word for Backup.
Google Drive
This Android mobile OS will automatically synchronize the device to the Google Drive
Google Drive is Google’s cloud-based storage.
It will backup Wifi passwords, phone logs, app settings, contacts, messages, pictures, and other related files
Failed Login Attempts Restrictions
After you’ve set a screen lock, an optional step is to wipe or factory reset the mobile device after a certain number of login attempts.
This will wipe the local data if the wrong passcode is entered 10 times in a row.
Useful for someone who has sensitive data or frequently place their devices in risky places
This is not recommended for the average, everyday user. It doesn’t make sense to completely wipe the entire device just because a child or careless friend put in the wrong passcode 10 times in a row.
If you do have this option enabled, make sure you have a recent backup will be readily available.
Antivirus/Anti-Malware
Mobile Devices can contract viruses and malware through the installation of a malicious app.
Antivirus and Anti-malware software should be installed on your mobile device to stop malicious attempts to infiltrate your mobile devices
This software tend to come in the form of 3rd-party apps
Apple tends to be more secure for a few reasons
It’s closed-source, meaning not everyone has access to the software that’s used to create the applications
The app store is tightly regulated by apple
Each and every app that is placed on the app store has been audited and vetted for quality + malicious software
Because of these two reasons, malware has a difficult time finding a way into the device
Androids are less secure for a few reasons
application software is open-source, meaning anybody can build off of the software foundation
apps can be installed from anywhere and the google play store isn’t that tightly regulated
Because of these reasons, it’s easier for malware to find a way into android devices
Trusted Sources vs Untrusted Sources
You can limit your exposure to malicious apps by only installing apps from trusted sources, such as the Apple’s App Store or the Google Play Store.
Most of the time, mobile configurations OS’s must be specifically configured to accept installations from untrusted sources.
Example of some untrusted sources include
manual installs of android .apk (android package kit) or untrusted Apple.ipa (iOS App Store Package) files.
These files are considered untrusted because you can install these files outside of the ecosystems
Example of some trusted sources include
The Apple App Store
Google Play Store
Apple iOS
Jailbreaking
Often seen on iOS, is the process of exploiting security flaws of a locked-down electronic device with the purpose of installing unofficial and bootleg software.
Android
Rooting
the process of escalating user privilege on a android device from standard user to super user (root user).
It’s often done with the goal of overcoming limitations that carriers and hardware manufacturers put in some androids
Performs other operations that a normal user cannot
Sideloading
installation of an application on an android without using the google play store.
“Black Market” or “ Bootleg”
Patching/OS updates
It’s easy to forget that mobile devices need OS updates just like full-size computers do
It’s important to stay-on-top of your updates so your mobile device can perform at its peak and seal any newly found vulnerabilities.
Bug fixes, security patches, and new features are the main outcomes of OS updates
Biometric authentication
Full Device Encryption
Mobile phones contain PII (personal identifiable information), which if placed into the wrong hands, can be catastrophic
Full device encryption can be achieved on mobile devices through screen locks
Androids do not automatically encrypt the entire device upon setting a screen lock like iOS mobile devices does, you’ll have to manually enable it
Full device encryption should be done on mobile devices and laptops, when full device encryption is turned on, both the device and the external storage are encrypted.
MFA
This form of authentication involves using more than one item (factor) to authenticate.
Ex. Configuring BitLocker to Go on a flash drive, and then requiring a password/smart card to be entered before the contents of the flash drive are decrypted.
Ex. Logging into an app using email address/password + using an authenticator app to generate a OTP (one time password)
Authenticator applications
An authenticator app works with mobile devices to generate security codes that can keep accounts secure by requiring the user to use 2FA (2-Factor Authentication)
Once this is setup, your account associated with the application will receive a randomly generated code from the authenticator app. You’ll then use this OTP + your username/password to gain access to an application on your cell phone.
Firewalls
When a mobile device starts up, it is configured with an IP address via the network. Therefore, a firewall is def needed.
A mobile device firewall app will be able to allow you to monitor both the inbound + outbound communications on your device.
Most activity is outbound
Mostly used for Androids
Policies and Procedures
Due to the explosive growth of mobile devices in the workplace, new policies + procedures and have been introduced to minimize data loss.
AUP, BYOD, and information assurance are some to name a few.
Onboarding procedure - often coordinated with HR, is the initial process of introducing a new employee to the company’s IT environment.
Passwords are created, emails are logged into the first time,etc.
Offboarding Procedure - again coordinated with HR, is the process of ensuring that information access is terminated when the employment of the user ends.
Could be automated, could be done manually
Employee’s work email, voicemail, remote access, and file access is all terminated.
BYOD
Bring Your Own Devicedefines a set of minimum requirements for the devices, such as size and type, OS, connectivity, antivirus, patches, and many more.
The employee’s device must meet the IT departments standards
The traditional workforce is becoming a mobile workspace, with employees working from home, on the go, and in the office.
Used to reduce spending due to the face that employees can bring in their own device
MDM
Mobile Device Managementis the software that allows IT administrators to control, secure and enforce policies on smartphones, tablets and other endpoints.
Also helps organizations protect their data on devices that are personally owned by the employees (BYOD).
MDM can remote wipe a company’s mobile device, set password policy requirements on the mobile phones, can be tracked via GPS.
Profile Security Requirements
Profile Security requirements will be created whenever you use a MDM
Allows MDM to centrally and uniformly control the security requirements for mobile devices who want to access the company’s network.
Want to print your doc? This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
