3.5 Given a scenario, implement secure mobile solutions Flashcards
Cellular
Primary source of communication for mobile devices.
Cellular communication is on encrypted by connecting to the nearest cell tower.
Communication over WIRES is plaintext.
Basic mobile device connections
Cellular, Wi-fi, Bluetooth, NFC, Infrared, USB, Point-to-point (PTP), Point-to-multipoint (PTM), GPS, RFID
Point-to-Point
Point-to-Multipoint
Communications only received by a single receiver isolated from everything else. Multipoint is the same but connects to multiple receivers.
MDM
Mobile device Management is managing multiple mobile devices throughout a enterprise. (Government work phones)
Allows you to enforce config settings.
MCM
Mobile Content Management
Controls the “Content” on the mobile phone and what company data is accessed on the the mobile device.
Remote Wipe/Remote Sanitation
Mobile management that allows you to delete all data if mobile device is lost REMOTELY.
(mobile device needs to receive a signal)
Full Data Encryption (FDE) needs to be enable to prevent data being restored.
Geofencing
Mobile management that allows you to enable features on a mobile device based on the LOCATION (GPS),
Geolocation
Includes details on the location and any media made by the device.
Push Notifications
Passwords and PINS
Biometrics (Face ID)
Sends information to you device instead of a APP.
Passwords should be strong and storage should be encrypted.
Biometrics uses personal features to authenticate you.
Context-Aware Authentication
Evaluates the origin and context of what the user is attempting to get.
If the device and location seem familiar then its low risk authentication. If unfamiliar then high risk
Storage Segmentation
A MDM technique that allows you to separate a users personal data and a companies data.
By doing this you can remotely wipe the company’s data while retaining users data
FDE
Full Data Encryption on a mobile device means that the storage on the device is encrypted and the physical data port is disable when the phone is locked.
MicroSD HSM
MiroSD Hardware Security Module is a mobile device with a MircoSD card that has small form factor encryption hardware.
MDM/UEM
MDM/Unified Endpoint Management is software single management platform that combines MDM and EEM into one for mobile devices.
MAM
Mobile Application Management is like MDM but focuses on Apps
SEAndroid
Security-Enhanced Android (SEAndroid) is a security improvement for Android.
Third-party application stores
Mobile devices should not download apps from Third Party App stores because they don’t have strict security posture to host the app.
Jail breaking/Rooting
Is breaking the digital rights management (DRM) security on the bootloader on the mobile device so that you can full system privileges.
This allows you to download apps that where originally block because of security reasons.
Sideloading
The act of installing a file from a USB or some storage medium.
Custom Firmware
Firmware that is installed in place of the original firmware. You do this if the mobile device is jailbroken.
Firmware OTA updates
Firmware over the air updates is basically like installing a new IOS. But it can effect MDM because the update may go against the MDM.
USB OTG
USB On-The-Go (OTG) is the connection of a USB device that is connected to a mobile device.
WiFi Direct/ad hoc
Are peer-to-peer connections that allow WPA2 and WPA3 to connect to other devices without there being a middle man (router)
Tethering/Hot Spot
Tethering is the act of sharing a cellular network with a mobile device with other devices.
Hotspot is a form of sharing a cellular network through a mobile device.
BYOD
Bring your own device means you are allowed to bring your own device to work but it a open-ended policy and some mobile devices may not have security.
COPE
Corporate-Owned Personally Enabled (COPE)
COPE allows the organization to select exactly which devices are to be allowed on the organizational network. They are used for corporate and personal uses.
CYOD
Choose your Own Device (CYOD)
Corporate-Owned
Devices that the company owns and should only used for corporate reasons. NO personal activities should be used on this device.
