13. Mobile and wireless security Flashcards
What are the objectives covered in Chapter 13?
Domain 2.0: Threats, Vulnerabilities, and Mitigations; Domain 3.0: Security Architecture; Domain 4.0: Security Operations
Includes specific objectives like explaining vulnerabilities and comparing security strategies.
What types of vulnerabilities are discussed in this chapter?
Mobile device vulnerabilities: Side loading, Jailbreaking
These vulnerabilities can compromise the security of mobile devices.
What are some general data considerations mentioned?
Geolocation
Geolocation can impact data security and privacy.
What does hardening targets involve?
Hardening targets: Mobile devices, Workstations, Switches, Routers, Cloud infrastructure, Servers, ICS/SCADA, Embedded systems, RTOS, IoT devices
Hardening is essential for protecting various types of computing resources.
What are the key mobile solutions discussed?
Mobile device management (MDM); Deployment models: Bring your own device (BYOD), Corporate-owned, personally enabled (COPE), Choose your own device (CYOD); Connection methods: Cellular, Wi-Fi, Bluetooth
These solutions help manage and secure mobile devices in organizations.
What wireless security settings are mentioned?
Wi-Fi Protected Access 3 (WPA3); AAA/Remote Authentication Dial-in User Service (RADIUS); Cryptographic protocols; Authentication protocols
These settings are critical for securing wireless networks.
True or False: Wireless networks have the same security challenges as wired networks.
False
Wireless networks broadcast signals and can be accessed from outside organizational spaces.
What are some common wireless connectivity options?
Bluetooth; Cellular; Wi-Fi
Understanding these options is essential for wireless network design.
What is the importance of wireless authentication?
Ensures secure access to wireless networks
EAP (Extensible Authentication Protocol) is commonly used for this purpose.
What are the mobile device deployment models?
Bring your own device (BYOD); Choose your own device (CYOD); Corporate-owned, personally enabled (COPE)
These models influence how organizations provide devices to users.
What is the role of mobile device management (MDM)?
To manage and secure mobile devices throughout their life cycles
MDM tools help ensure devices are secure from issuance to retirement.
Fill in the blank: The traffic on most cellular and point-to-point commercial wireless networks may need to be treated as if it is traversing a _______.
potentially hostile network path
This is due to the lack of customer control over these networks.
What are some best practices for wireless network design?
Site surveys; Heat maps
These practices help optimize wireless network performance and security.
What are the three key wireless connectivity options that organizations may deploy?
Wi-Fi, cellular, and Bluetooth
These technologies are essential for connecting devices and systems.
Why is it important to understand common attacks against wireless networks?
It helps security professionals design a secure wireless network
Understanding potential attacks informs better security measures.
What role do site surveys play in network design?
They help understand the environment where the network will be deployed
Site surveys can include heatmaps to visualize signal propagation.
What do heatmaps in the context of network design show?
Signal propagation
Heatmaps assist in determining optimal device placement.
What are some concerns when protecting controllers and access points?
Patching, maintenance, and secure remote access
Protecting these components is crucial for overall network security.
What does WPA3 provide in terms of authentication?
Simultaneous authentication of equals (SAE) and enterprise models
Enterprise models connect to RADIUS servers for organizational credentials.
What are EAP and its variants used for?
Authentication protocols
They allow choices based on hardware support and specific authentication needs.
What are the two main deployment models for mobile devices?
BYOD processes and corporate-owned models
BYOD allows users to bring their own devices, while corporate models deploy locked-down devices.
What is the purpose of mobile device management tools?
To manage and secure mobile devices
MDM tools provide a range of features necessary for security professionals.
What does BYOD stand for?
Bring Your Own Device
What are the advantages of BYOD?
- More user freedom
- Lower cost to the organization