Tt 06-ck

www.cdicconfere n ce. c om

Cyber Defense Initiative Conference 2011
20 th – 21 st March 2012, Grand Hall, BITEC, Bangna, Bangkok

“Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity”

รับมือภัยยุคใหม่ดวย
้
MDM และ Deep Network Traffic Analysis
อ.ไชยกร อภิวฒโนกุล
ั
CISSP, CSSLP, GCFA, (IRCA:ISMS)

Chief Executive Officer, S-Generation Co., Ltd.
Committee, Thailand Information Security Association (TISA)

Name: Chaiyakorn Apiwathanokul
ไชยกร อภิวัฒโนกุล
Title: Chief Executive Officer
Company: S-GENERATION Company Limited
Asia Forensic Hub Company Limited
Certificates: CISSP, CSSLP, IRCA:ISMS (ISO27001), SANS:GCFA

• CSO ASEAN Award 2010 by Ministry of Information and Communications and Ministry of Public Security, Vietnam
• 2010 Asia-Pacific Information Security Leadership Achievements (ISLA) by (ISC)2, Honoree in the Senior
Information Security Professional category
• Security Sub-commission under Thailand Electronic Transaction Commission (ET Act B.E. 2544)
• Contribute to Thailand Cyber Crime Act B.E.2550
• Workgroup for CA service standard development
• Committee of national standard adoption of ISO27001/ISO27002
• Committee of Thailand Information Security Association (TISA)
• Committee of Cybersecurity workforce development, Division of Skill Development, Ministry of Labour

chaiyakorna@hotmail.com
• Advisor to Department of Special Investigation (DSI)
• Advisor to Ministry of Defense, Cyber Operation Center

1997 1999 2000 2004 2006 2011

Press Release

“ปั จจุบันโทรศัพ ท์มอ ถือกลายเป็ นปั จ จั ยพื้นฐานทีสาคัญสาหรั บหลายๆ คน
ื ่
นอกจากจะใชเป็ นโทรศัพท์แล ้ว ยังเป็ นเสมือนเครืองคอมพิวเตอร์เล็ กๆ ทีม ี
้ ่ ่
ิ ่ ่ ้ ื่ ่
ประสทธิภาพสูงเครืองหนึงทีใชในการเชอมต่อเข ้าสูโลกอินเทอร์เน็ ต สามารถ
่
ท ากิจ กรรมหลากหลายทั ง ส ่ว นตั ว เรื่อ งงาน และธุ ร กรรมต่ า งๆ จึง ท าให ้
้
โทรศัพ ท์มอ ถือ กลายเป็ นเป้ าหมายใหม่ทสาคัญสาหรั บด ้านมืด ของโลกไซ
ื ี่
ั
เบอร์ เพราะโทรศพท์มอถือในปั จจุบันแทบไม่ตางอะไรกับเครือง PC เครือง
ื ่ ่ ่
หนึงเลย เพียงแต่ขนาดเล็กลงและสามารถพกพาไปได ้อย่างสะดวกบนฝ่ ามือ
่
่ ั
จึงนาไปสูคาถามว่าแล ้วโทรศพท์มอถือเหล่านี้ได ้รับการปกป้ องคุ ้มครองจาก
ื
่ ่ ่
ภัยต่างๆ เหมือนกับทีเราปกป้ องเครือง PC ของเราหรือไม่ เชน การ patch
OS, โปรแกรมป้ องกันไวรัส และ ไฟร์วอล ทีป้องกันไม่ให ้เครืองเราถูกโจมตี
่ ่
่
หรือสงข ้อมูลจากเครืองของเราออกไปโดยทีเราไม่รู ้ตัว”
่ ่
... ไชยกร อภิวัฒโนกุล

Agenda
 Mobile challenges for enterprises
 What to look for in MDM solution
 Advanced threats over the network
 Advanced tool for advanced analysis

4




5

Simple Questions
 Do you LOCK your mobile device?
 Do you have Anti-malware installed?
 How many Apps in you device?
 Are them all Trustworthy?
 Have you ROOTED/Jail-broken your device?

6

The 'lost' cell phone project
 What would you do if you
found a smartphone?
 Symantec researchers intentionally
drop 50 smartphones in 5 cities
 Some traps and tracking apps were
installed to observe the behavior of
the phone finders
 Contact, banks info, HR files, saved
password
http://digitallife.today.msnbc.msn.com/_news/2012/03/08/10595092-exclusive-the-lost-cell-phone-project-and-the-dark-things-it-says-about-us

This map shows where one finder moved the phone; a chart on
the right shows what apps and files were accessed.

Findings
 43% of finders clicked on an app labeled
"online banking.“
 53% clicked on a filed named "HR salaries."
 57% opened a file named "saved passwords”
 60% checked on social networking tools and
personal e-mail
 72% tried on folder labeled "private photos”

Findings
 89% of finders clicked on something they probably
shouldn't have.
 Only 50% of finders offered to return the gadgets
 30% of finders in NY return the gadgets
 70% of finders in Ottawa return the gadgets
 The person who returned the phone also tamper to
personal information

Studies show

 50% of smartphone users do not have
password-protect their phones
 “Convenience” supersedes “Security”
 100% of those who lost their phones never
thought they would
 After 1 phone lost, behavior changes

The Common Fails!
 Lost  Free WiFi lovers
 Stolen  Lots of apps
 Left unattended (trusted/untrusted)
 No passcode  Location service
protected  Just click
 Full time WiFi on and
with “Auto connect”

Common Mobile Spyware Features
 Call Log  Cell ID Locations
 Each incoming and outgoing number is logged  ID information on all cell towers that the
along with duration and time stamp. device enters into range of is recorded.
SMS (Text Messages) Log E-Mail Log
 Every text message is logged even if the phone's  All inbound & outbound email activity from the
logs are deleted. Includes full text. primary email account is recorded.
GPS Locations Log Calendar Events
 GPS postions are uploaded every thirty minutes  Every calendar event is logged. Date, time,
with a link to a map. and locations are recorded.
Contacts URL (Website) Log
 Every contact on the phone is logged. New  All URL website addresses visited using the
contacts added are also recorded. phone's browser are logged.
Tasks Photo & Video Log
 All personal tasks that are created are logged  All photos & videos taken by the phone are
and viewable. recorded & are viewable.
Memos
 Every memo input into the phone is logged and
viewable.

ดักฟั งการสนทนา

Mobile device + Camera + GPS + social media = ?

่ ้
โปรแกรมถ่ายรูปบนมือถือ ทีใชอยู่ บอก
ข ้อมูลอย่างอืนด ้วยหรือ ??
่ Exif Meta Data

ความเสยงี่
- ถูกติดตามได ้จากใครก็ได ้
แฟนคลับ ??
ี
- มิจฉาชพ ผู ้ไม่หวังดี ??
- ขบวนการค ้ามนุษย์

SSL Strip

 https > http
 https (without awareness) = http
 Man-in-the-Middle Attack

http://surajonunix.wordpress.com/2012/02/24/man-in-the-middle-using-ssl-
strip/

There are ways
to compromise your
mobile device

18

Where is your business data?
76% of smartphone and tablet users access
business information on their mobile devices.
Source: globalthreatcenter.com

Where to draw the line?

Corporate
Data/App
Personal Devices

One phone for personal
and one for work?  unlikely

Take Control and Respect Privacy

Mixture
Environment
Corporate Personal owned
issued devices Corporate Data/App devices

Personal Data/App

21

Facts about Consumerization
600 surveys
US, DE, JP
June 2011

Source: Cesare Garlati @ Trend Micro

Take The Balance
Security Risk  IT Risk  Business Risk

Business
SECURITY Enablement

Solution
 Administrative Control
– Corporate policy
– Standard/Guideline
– Process/Procedure
 Physical Control
–Tools
 Logical Control
–Tools ISACA, BMIS (Business Model for Information Security

ISO27001 Compliance
Requirement
A.7 Asset management
A.7.2 Information classification

A.9 Physical and environmental security
A.9.2 Equipment security
A.9.2.5 Security of equipment off-premises
A.9.2.6 Secure disposal or re-use of equipment

A.11 Access control
A.11.7 Mobile computing and teleworking
A.11.7.1 Mobile computing and communications
A.11.7.2 Teleworking

Tool to use for controlling mobile devices
in enterprise

MDM
Mobile Device Management

26




27

URGENT: End-to-End Mobile Security Framework

Example of Policy
Implementation

10 Questions to ask
1. Does your solution feature end-to-end security across
mobile devices, apps, the network, and data?
2. Beyond setting security policies, does your solution give
me the option to set dynamic, context-aware policies?
3. Beyond application security and access policies, does
your MDM solution let me grant granular access to
mobile apps on an app-by-app basis, and can I
segregate my critical business apps from non-compliant
or potentially malicious apps?

34

10 Questions to ask
4. Can your solution monitor and profile mobile network
traffic and user behavior, and can we integrate it with
our Security Information and Event Management
(SIEM) solution?
5. If we use your MDM solution, can our IT department
support employee devices remotely?
6. Is your solution architected for security, and will my
data reside behind my firewall?

35

10 Questions to ask
7. Can your solution scale to support multiple locations
and all of my employees? Tell me about your largest
deployment (size, hardware required to support), and
how many large production deployments do you have,
and how long have you had them?
8. Is your solution highly available at all tiers: web, app,
data, and, in the case of cloud, at the data center? Do
you back that up with a 100% uptime service level
agreement for cloud?
9. Does your solution feature flexible deployment options?

36

10 Questions to ask
10. Does your solution feature Mobile Data Leakage
Prevention, or prevent leakage of my sensitive business
data via mobile devices?

37




39

Intelligence-driven security

40

Intelligence-driven security

41




42

The Need for Best-of-Breed

44

Key Questions

 Key challenge of network security today?
 Network awareness?
 Building perimeter around data?
 Intelligent-driven security?
 Network intelligence into business intelligence?
 How to analyze encrypted/obfuscated traffic?

46

Conclusion

 The war continues
 The bad guys are still out there
 Technology changes, strategy changes
 If you are out of the speed, you will lose

47

Please visit
h t t p : / / w w w. S - G E N E R AT I O N . c o m
for more information

Thank You

www.cdicconference.com

49

Tt 06-ck

More Related Content

What's hot (20)

Viewers also liked (12)

Similar to Tt 06-ck (20)

More from Narinrit Prem-apiwathanokul (6)

Recently uploaded (20)

Tt 06-ck