PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
Download as PPTX, PDF1 like644 views
The document provides an overview of mobile security concepts and technologies, emphasizing the importance of securing mobile devices in light of rising theft and loss concerns. Key security measures include implementing screen locks, full device encryption, remote wiping, and application controls to manage access and protect sensitive data. It underscores the necessity of mobile device management and various controls, such as credentials management and encryption, to enhance overall mobile application security.
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
- 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications PC Hardware Network Administration IT Project Management Network Design User Training IT Troubleshooting Qualifications Summary Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
- 3. Page 3 – Mobile device security. – Mobile application security. PACE-IT.
- 4. Page 4 Mobile security concepts and technologies I.
- 5. Page 5 Since the introduction of the mobile device, loss and theft have been a concern. Just about everyone has either lost a mobile device or had one stolen. In the early years, the major concern was that a cell phone was going to be used to call some foreign country or toll number and the owner would get stuck with a large bill. Now—with the rise in popularity of smartphones and tablets and the greater portability of data—much more may be at stake. This is especially true with the advent of bring your own device (BYOD) policies in the workplace. Mobile security concepts and technologies I.
- 6. Page 6 – Screen locks. » All mobile devices (e.g., phones, tablets, and laptops) should have the screen lock set. The timer should be set for a relatively short period of time. – Lockout settings. » In the case of loss or theft, configuring lockouts will help to prevent unauthorized access to the device. After a specified number of attempts to log in, the device will not allow any further attempts until administrative action is taken. – GPS. » Many mobile devices have GPS capabilities, allowing the device to be located if it is lost or stolen. • Asset tracking utilizes GPS capabilities to pinpoint a device’s location. – Remote wiping. » Some mobile devices allow for the device to be wiped (all data and applications are removed) remotely. This can be used if a device is unrecoverable. Mobile security concepts and technologies I.
- 7. Page 7 – Full device encryption. » Whenever possible, full device encryption should be used to prevent a malicious entity from reading the contents of the device. This is especially vital for laptops. – Disabling unused features. » Unused features may represent a security risk and should be disabled to prevent their exploitation. – Removable storage. » In some situations, it may be necessary to disable a mobile device’s ability to use removable storage capabilities. – Application controls. » Many mobile applications attempt to access unnecessary user information (e.g., the location of the device). Controls should be used to limit the data that applications can access and to restrict the actions that applications may undertake. Mobile security concepts and technologies I.
- 8. Page 8 – Storage segmentation. » Some mobile devices allow for the segmentation of storage, which allows for controls to be put in place to limit how data can be accessed on the device. – Inventory control. » All mobile devices should be inventoried and tracked. – Mobile device management. » Software that is used to manage features that are available on mobile devices. • It usually also has a feature that will remotely wipe a device. – Device access control. » Implement any device access controls that can be used to restrict who can access the mobile device and/or any features on the mobile device. Mobile security concepts and technologies I.
- 9. Page 9 Mobile security concepts and technologies I.
- 10. Page 10 – Encryption. » Ensure that mobile applications are encrypting sensitive data that is stored on the device. • Encryption keys must also be created and stored securely. – Credentials management. » Security credentials used by applications must be implemented in a secure manner, including storing the credentials in an encrypted format. – Authentication. » A best practice is for the mobile application to authenticate the user and to base access to data on the user’s authentication level. Mobile security concepts and technologies I.
- 11. Page 11 – Geotagging. » Some mobile applications store geographical information when they are used. A determination must be made as to whether or not to allow it. • Geotagging may present a privacy concern. – Application whitelisting. » Some mobile applications allow for whitelisting—a list of allowed applications that can access features in the original application. • Any whitelisting capabilities should be managed. – Transitive trust/authentication. » An application will trust an unknown security environment if it is trusted by a security environment that the application trusts. • For example, application Z trusts environment T. Environment T trusts environment U. Application Z, therefore, trusts environment U. • This may or may not represent a security issue. Mobile security concepts and technologies I.
- 12. Page 12 Mobile security concepts and technologies I. As the popularity of mobile devices has increased, so has the security concerns for those devices. Some steps that can be taken to secure mobile devices include: screen locks, lockout settings, GPS, remote wiping, full device encryption, disabling unused features, disabling removable storage, application controls, storage segmentation, inventory control, mobile device management, and device access controls. Topic Mobile device security. Summary Security controls should be put in place on applications that either reside on mobile devices or are accessed by mobile devices. Some of these controls include: encryption, credentials management, authentication, geotagging, application whitelisting, and transitive trust/authentication controls. Mobile application security.
- 14. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.