3.5

Question 1

Cellular

Answer 1

One of the strengths of cellular is that robust nationwide networks have been deployed, making strong signals available virtually anywhere with reasonable population density. The corresponding weakness is that gaps in cellular service still exist in remote areas.

Question 2

Wi-Fi

Answer 2

These systems exist on 2.4- and 5-GHz frequency spectrums, and networks are constructed by both the enterprise you are associated with and third parties. This communication methodology is ubiquitous with computing platforms and is relatively easy to implement and secure.

Question 3

Bluetooth

Answer 3

Bluetooth is a short-to-medium range, low-power wireless protocol that transmits in the 2.4-GHz band, which is the same band used for 802.11.

The Bluetooth’s protocol advertisement of services and pairing properties is where some of the security issues start. Bluetooth should always have discoverable mode turned off unless you’re deliberately pairing a device.

Question 4

NFC

Answer 4

Near field communication (NFC) is a set of wireless technologies that enables smartphones and other devices to establish radio communication when they are within close proximity to each other—typically a distance of 10 cm (3.9 in) or less.

Currently, NFC relies to a great degree on its very short range for security, although apps that use it have their own security mechanisms as well.

Question 5

Infrared

Answer 5

Infrared (IR) is a band of electromagnetic energy just beyond the red end of the visible color spectrum.
IR cannot penetrate walls but instead bounces off them. Nor can it penetrate other solid objects; therefore, if you stack a few items in front of the transceiver, the signal is lost. Because IR can be seen by all in range, any desired security must be on top of the base transmission mechanism.

Question 6

USB

Answer 6

Universal Serial Bus (USB) has become the ubiquitous standard for connecting devices with cables.

USB drive keys, which are basically flash memory with a USB interface in a device typically about the size of your thumb, provide a way to move files easily from computer to computer. When plugged into a USB port, these devices automount and behave like any other drive attached to the computer. Their small size and relatively large capacity, coupled with instant read-write capability, present security problems. They can easily be used by an individual with malicious intent to conceal the removal of files or data from the building or to bring malicious files into the building and onto the company network.

Question 7

Point-to-Point

Answer 7

Point-to-point communications are defined as communications with one endpoint on each end—a single transmitter talking to a single receiver. This terminology transferred to networking, where a communications channel between two entities in isolation is referred to as point-to-point.

Question 8

Point-to-Multipoint

Answer 8

Point-to-multipoint communications have multiple receivers for a transmitted signal. When a message is sent in broadcast mode, it has multiple receivers and is called a point-to-multipoint communication.

Remember that a point-to-point connection is between two devices (one to one) while point-to-multipoint connections are one (device) to many (devices)

Question 9

RFID

Answer 9

RFID tags are used as a means of identification and have the advantage over bar codes that they do not have to be visible, just within radio wave range—typically centimeters to 200 meters, depending on tag type. RFID tags are used in a range of security situations, including contactless identification systems such as smart cards.

Several different attack types can be performed against RFID systems. The first is against the RFID devices themselves—the chips and readers. A second form of attack goes against the communication channel between the device and the reader. The third category of attack is against the reader and back-end system. This last type is more of a standard IT/IS attack, depending on the interfaces used (web, database, and so on) and therefore is not covered any further.

Question 10

Mobile Device Management (MDM)

Answer 10

Mobile Device Management (MDM) sets policies for the installation and protection of mobile devices.

Question 11

Application Management

Answer 11

Application management uses whitelists to control which applications are allowed to be installed onto the mobile device.

Question 12

Content Management

Answer 12

Content management stores business data in a secure area of the device in an encrypted format to protect it against attacks. It prevents confidential or business data from being shared with external users.

Question 13

Remote Wipe

Answer 13

When a mobile device has been lost or stolen, it can be remotely wiped. The device will revert to its factory settings and the data will no longer be available.

Question 14

Geofencing

Answer 14

Geofencing uses the Global Positioning System (GPS) or RFID to define geographical boundaries. Once the device is taken past the defined boundaries, the security team will be alerted.

Question 15

Geolocation

Answer 15

Geolocation uses GPS to give the actual location of a mobile device. This is used when you lose your iPad and then you use your iPhone to determine its location.

Question 16

Context-aware authentication

Answer 16

Context-aware security is location-based. It checks the country from where the authentication request is being made. This is extremely important if you are using a zero-trust model.

Mary, a financial director based in London, is using context-aware authentication. For the authentication to be successful, the user must be Mary, the time has to be between 9 a.m. and 5 p.m., Monday to Friday, and she needs to be in London. If not all of these criteria are met, then authentication fails.

Question 17

Containerization

Answer 17

This gives organizations the ability to deploy and manage corporate content securely in a BYOD device such as a phone or tablet. A storage card is installed where the business data can be stored. When the device is remote wiped, the data on the storage card remains intact, therefore protecting the business data. Another name for this is storage segmentation.

Question 18

Storage Segmentation

Answer 18

When the device is remote wiped, the data on the storage card remains intact, therefore protecting the business data. Another name for this is storage segmentation.

Question 19

Full Device Encryption

Answer 19

To protect the data that is stored on a device, we should implement Full Device Encryption (FDE). The device requires a Trusted Platform Module (TPM) chip to store the encryption keys.

Question 20

MicroSD hardware security module(HSM)

Question 21

MDM/Unified Endpoint Management(UEM)

Answer 21

This provides management of the hardware, for example, desktops, printers, tablets, smartphones, and IoT devices ensuring that they are patches similar to Network Access Control (NAC). It can control the security and applications running on the devices and can determine which devices have been subject to jailbreaking and rooting and will block them.

Question 22

Mobile application management(MAM)

Answer 22

This allows a security team to tie down an application’s security before it is allocated to any personnel. It controls access to company applications and data and can restrict the exfiltration of data from the company applications.

Question 23

SEAndroid

Answer 23

Android devices have a Knox container that allows you to segment business data separate from personal data. SE Android will prevent applications outside of the Knox container from accessing resources inside the Knox container.

Question 24

Third-Party Application stores

Answer 24

There is a danger of downloading apps from third-party app stores as there is no guarantee of the quality of the app being installed. This could pose a security risk. Later, you could find that it had embedded monitoringsoftware.

Question 25

Rooting/jailbreaking

Answer 25

Jailbreaking is similar to rooting, only this time the operating system is Apple’s iOS – this allows you to run unauthorized software on Apple devices and remove device security restrictions placed on the device.

Rooting is similar to jailbreaking, except it is for an Android device.

Question 26

Sideloading

Answer 26

Sideloading is having an application package in .apk format and then installing it on a mobile device. This is useful for developers who want to trial third-party apps, but also allows unauthorized software to be run on a mobile device.

Question 27

Custom Firmware

Answer 27

Custom firmware downloads are used so that you can root your mobile device. This means that you are going to give yourself a higher level of permissions on that device and remove the vendor’s security.

Question 28

Carrier Unlocking

Answer 28

Carrier unlocking is where a mobile device is no longer tied to the original carrier. This will allow you to use your device with any provider, and also install third-party apps.

Question 29

Firmware-over-the-air(OTA) updates

Answer 29

Firmware is software that is installed on a small, read-only memory chip on a hardware device and is used to control the hardware running on the device. Firmware OTA updates are pushed out periodically by the vendor, ensuring that the mobile device is secure. An example is when the mobile device vendor sends a notification that there is a software update; this will include a firmware update.

Question 30

Camera use

Answer 30

This poses a security risk to companies, as trade secrets could be stolen very easily. Research and development departments ban the use of personal smartphones in the workplace. MDM policies may disable the cameras on company-owned smartphones.

Question 31

SMS/Multimedia Message Service(MMS)/Rich Communication Services(RCS)

Answer 31

Short Message Service (SMS): This is known as text messaging and has become a common method of communication. These messages can be sent between two people in a room without other people in the room knowing about their communication. These text messages could be used to launch an attack.

Multimedia Messaging Service (MMS): This is a way to send pictures as attachments, similar to sending SMS messages.

Rich Communication Service (RCS): This is an enhancement to SMS and is used in Facebook and WhatsApp to send messages so that you can see the read receipts. You can also send pictures and videos.

Question 32

External media

Answer 32

External media refers to any item or device that can store data. From flash drives to hard drives, music players, smartphones, and even smart watches, if it can store data, it is a pathway for data exfiltration.

Question 33

USB on-the-go(USB OTG)

Answer 33

USB OTG allows USB devices plugged into tablets and smartphones to act as a host for other USB devices. Apple does not allow USB OTG. Attaching USB devices can pose security problems as it makes it easy to stealinformation.

Question 34

Recording microphone

Answer 34

Smartphones and tablets can record conversations with their built-in microphones. They could be used to take notes, but they could also be used to tape conversations or record the proceedings of a confidential meeting.

Question 35

GPS tagging

Answer 35

When you take a photograph, GPS tagging inputs the location where the photograph was taken. Most modern smartphones do this by default.

Question 36

Wifi direct/ad hoc

Answer 36

The Wi-Fi direct wireless network allows two Wi-Fi devices to connect to each other without requiring a WAP. It is single-path and therefore cannot be used for internet sharing. An ad hoc wireless network is where two wireless devices can connect with a WAP, but it is multipath and can share an internet connection with someone else.

Question 37

Tethering

Answer 37

Tethering is where a GPS-enabled smartphone can be attached to a mobile device to provide internet access. Microsoft’s Windows 10 is capable of tethering. The danger of this is if someone uses a laptop to connect to the company’s network and then tethers to the internet, it could result in split tunneling. This is where a user has a secure session via VPN to the corporate LAN and then opens up a web browser with an insecure session that could be hacked and gives the attacker a gateway to a secure session to your LAN. MDM must ensure that this does not happen. When tethering, to ensure security, we must only create one session at onetime.

Question 38

Bring your own device

Answer 38

Bring Your Own Device (BYOD) is where an employee is encouraged to bring in their own device so that they can use it for work. Although this may save the employer money, it also has its pitfalls. BYOD needs two policies to be effective, Acceptable Use Policy and On/Offboarding, but I will break the onboarding/offboarding into separate parts:

Question 39

Corporate-owned personally enabled(COPE)

Answer 39

Corporate-Owned Personally-Enabled (COPE) is where the company purchases the device, such as a tablet, phone, or laptop, and allows the employee to use it for personal use.

However, the IT team can limit what applications run on the devices as they are corporate-owned. Some countries’ laws prohibit the wiping of personal devices. With COPE, however, since the company owns the device, they have every right to wipe it remotely if it is lost or stolen.

Question 40

Choose your own device(CYOD)

Answer 40

Choose Your Own Device (CYOD) avoids problems of ownership because the company has a limited number of tablets, phones, and laptops, this makes supporting them easier than supporting BYOD. When a new employee comes along, they merely choose one of these devices from a list. When they leave the company and offboard, the devices are taken from them as they belong to the company. The acceptable use policy would state that the devices can only store company data as they are corporate-owned devices.

Question 41

Virtual desktop infrastructure(VDI)

Answer 41

The enterprise can set up virtual desktop machines that are fully security compliant and contain all the necessary applications needed by the employee and then let the employee access the virtual machine via either a virtual connection or a remote desktop connection. This can solve most if not all of the security and application functionality issues associated with mobile devices. It does require an IT staff that is capable of setting up, maintaining, and managing the VDI in the organization, which is not necessarily a small task, depending on the number of instances needed.