tips on securing mobile devices october 5, 2012 preston wiley, network security manager, cissp mike...
Post on 30-Mar-2015
215 Views
Preview:
TRANSCRIPT
Tips on Securing Mobile Devices
October 5, 2012
Preston Wiley, Network Security Manager, CISSPMike Hill, Project Manager / Systems Analyst, CISSP
WHAT IS A MOBILE DEVICE?
• Highly Portable
• Constantly connected to the Internet
• Able to run a variety of applications
• Easily stolen or misplaced
• Smartphones, Tablets
• Personally managed
MOBILE DEVICE OPERATING SYSTEMS
• iOS• iPad• iPhone• iPod Touch
• Android• Nexus 7• Samsung Galaxy• HTC One, Desire, Evo, etc.• Motorola RAZR• MANY MANY MANY Others
• Blackberry, Symbian, Windows
WHY DO WE HAVE MOBILE DEVICES?
• Highly Portable• Convenient• Always Stay Connected
• Remain Productive• Coolness Factor
WHY SHOULD WE SECURE THEM?
• As mobile devices become ingrained into our life, we store more and more data in them, such as:o E-mail o Contacts o Photos
• and we use various apps to make our lives easier:o Social: Facebook, Twitter, LinkedIno Financial: Paypal, eBay, Amazono Cloud Storage: Dropbox, Google Driveo Maps: Mapquest, Google Maps o Games: Angry Birds, Bad Piggies
TIP #1: LOCK DEVICE
• Passcodeso Pins o Pattern (Android)o Facial Recognition (Android 4)o Passwords
• Auto-Lock (Screen Timeout)o 1 minute to 5 minuteso Shorter time is more secureo Be aware of apps that can be accessed when locked
TIP #2: UPDATE APPS
• Keep apps up-to-date using official siteso Apple App Store (iOS)o Google Play (Android)
• Be wary of 3rd party apps from unofficial sites (Android)o When you allow unknown apps on Android, you
allow them from ALL sourceso Only turn this option on if you need it and turn it off
when you don't need it.o There are legitimate stores other than Google Play
that require this to be turned on: Amazon App Store
TIP #3: DISABLE NETWORK SERVICES• Benefits to disabling services
o These services can pose security riskso Can also extend battery life
• WiFio Constantly scans for WiFi networkso Beware of open networks (unencrypted)
• Bluetootho Turn off or set to non-discoverable if not neededo Used for hands free devices and wireless keyboardso Can be used to view your contacts and make calls
with your phone.
TIP #4: BEWARE OF QR CODES
Which QR code is the malicious one?
Tips 5-10
TIP #5: UPDATE OPERATING SYSTEM• Update OS to latest version available to you
o iOS 6o Android 4.1 (Jelly Bean)o BlackBerry 7.1 OSo Windows Phone 7.5
*Data as of October 1, 2012 *Data as of September 30, 2012
TIP #6: CONFIGURE LOCATION SERVICES• Popular features of location services
o Photos - geotaggingo Maps - turn by turn navigation
• Beware of disclosing location publiclyo Please Rob Me (2010)o U.S. Army warns about geotagging (2007)
• Recommended Configurationo Disable if not neededo Only enable for specific apps when needed
TIP #7: BACKUP DEVICE
TIP #7: BACKUP DEVICE
• Backup your device o Device should not be sole source of this datao Data can be encrypted during backup to iTunes (iOS)o Backups based on Google Account (Android)
• Be aware of any sensitive data on deviceo Financial documents o Tax recordso Health recordso Passwords
TIP #8: WIPE DEVICE
• Erase data on device beforeo Returno Repairo Resale
• Auto-Wipeo Erases data after 10 failed attempts (iOS)o Autowipe app (Android 2.2+)
• Remote Wipeo Gives you the ability to remotely wipe device
TIP #9: FIND DEVICE
• Find My iPhone (iOS)o Requires iOS 5+o Locate your device on a mapo Display custom message o Remotely lock or wipe deviceo Lost Mode (iOS 6)
• LocateMyDroid (Android)o Available on Android OS 2.2+o Visually see your phone on a mapo Remotely lock/wipe phone (admin)
• Create ICE for lock screen
TIP #10: SECURE BROWSER SETTINGS• Recommended Settings
o Block Pop-upso Enable Private Browsing o Enable Fraud Warning (iOS)o Disable AutoFillo Disable Location Serviceso Clear history and cookies
WRAP-UP
• 10 Tips for Increased Security1. Lock Device2. Update Apps3. Disable Network Services4. Beware of QR Codes5. Update Operating System6. Configure Location Services7. Backup Device8. Wipe Device9. Find Device 10. Secure Browser Settings
SERIOUS ABOUT SECURITY PODCAST• New episodes recorded every two weeks
http://www.cerias.purdue.edu/site/sas_podcast• Twitter: @SASPodcast
Q&A
• Preston WileyE-mail: pswiley@purdue.eduTwitter: @PrestonSecure
• Mike HillE-mail: mikehill@purdue.eduTwitter: @Purdue_Mike
REFERENCES
• Android Distribution Chart• https://developer.android.com/about/dashboards/index.html
• iOS Distribution Chart• http://insights.chitika.com/2012/ios-by-device/
• Permission to use Dilbert comics provided by Universal Uclick
• Please Rob Me• http://pleaserobme.com
• U.S. Army warns about the risks of geotagging• http://nakedsecurity.sophos.com/2012/03/14/us-army-warns-about-
the-risks-of-geotagging/
top related