3.5 Implement secure mobile solutions

Question 1

Mobile device mgt: what is MDM ?

Answer 1

Mobile Device Management is used to centralized management of the mobile devices

Question 2

Mobile device mgt: why MDM is important ?

Answer 2

For security (data, network)

Question 3

Mobile device mgt: what is BYOD in MDM ?

Answer 3

Bring Your Own Device

Question 4

Mobile device mgt: how MDM ensure devices are protected ?

Answer 4

By setting up policies on apps, data, camera etc. The admin can control the remote device and manages access control (force scren locks & PIN on a device)

Question 5

Mobile device mgt: what can you manage if you use an MDM ?

Answer 5

• Application mgt
• Content mgt
• Remote wipe
• Geolocation
• Geofencing
• Screen lock
• Push notification services
• Passwords & PIN (reset)
• Biometrics (type, allow/ disallow)
• Context-aware authentication
• Containerization
• FDE

Question 6

Mobile device mgt: why is content mgt is important ?

Answer 6

It aims at secure access to data and protect them from outsiders.
Ex: restrict file sharing and viewing, set up DLP, encrypt data

Question 7

Mobile device mgt: what is remote wipe functionnality ?

Answer 7

Remove all data from a mobile device (in case of lost/stolen for ex)

Question 8

Mobile device mgt: what is geofencing ?

Answer 8

Restrict or allow features when the device is in a particular area (for ex camera, auth

Question 9

Mobile device mgt: what is push notification services and why is included in MDM?

Answer 9

Notification that appears on the mobile device screen.
Notification display can be controlled in the MDM

Question 10

Mobile device mgt: what is context-aware authentication?

Answer 10

Combine multiple contexts (IP location, GPS location etc) to know if it’s really you trying to auth or if it’s a hacker

Question 11

Mobile device mgt: what is containerization in MDM ?

Answer 11

Create separate partitions to keep private information in one partition and company information in another

Question 12

Mobile device mgt: what is FDE in MDM and what is the problem w/ FDE?

Answer 12

Full Device Encryption
It use a lot of CPU cycles + complex integration between hardware and software

Question 13

Mobile device security: what is a HSM?

Answer 13

Hardware Security Module provides cryptographic features for computer and mobile devices (in a microSD HSM)

Question 14

Mobile device security: what does a microSD HSM (& HSM) provide?

Answer 14

Security services & secure storage:
- Encryption
- Key generation
- Digital signatures
- Authentication
- Protect private keys
- Cryptocurrency storage

Question 15

Mobile device security: what is a UEM ?

Answer 15

Unified Endpoint Management is an evolution of MDM allowing the users to use different types of devices
Ex: application can be used across != platforms

Question 16

Mobile device security: what is a MAM ?

Answer 16

Mobile Application Management is used to provision, update, and remove apps

Ex: apps catalog, monitoring of apps use etc

Question 17

Mobile device security: what is a SEAndroid ?

Answer 17

Security Enhancements for Androids supports access control security policies and use the SELinux in Android OS

Ex: protect access to kernel

Question 18

Mobile device enforcement: what is rooting/ jailbreaking?

Answer 18

Jailbreaking or rooting means removing software restrictions that are intentionally put in place by the device manufacturer.
Android = rooting
iOS = jailbreaking

Question 19

Mobile device enforcement: how to rooting/ jailbreaking?

Answer 19

By installing a custom firmware that replaces the existing OS with one that allow you access to the OS itself

Question 20

Mobile device enforcement: why the staff do rooting/ jailbreaking?

Answer 20

• Circumvent security features, sideload apps without using an app store
• To be able install certains apps that are not allowed by the company

Question 21

Mobile device enforcement: can MDM manage camera and microphone recording?

Answer 21

Yes it can disable it

Question 22

Mobile device enforcement: can MDM manage SMS/MMS ?

Answer 22

Yes it can disable it completely or disable it in certain area

Question 23

Mobile device enforcement: what is USB OTG ?

Answer 23

USB On-The-Go connect mobile directly together The mobile device can be both a host and a device and can be use to read from an external device, act as a storage device

Question 24

Mobile deployment models: what are the != deployment models ?

Answer 24

• BYOD
• COPE
• CYOD
• Corporate owned (device cannot be used for personnal use)
• VDI/VMI

Question 25

Mobile deployment models: what is COPE ?

Answer 25

Corporate owned, personally enabled: company buys the device and users used as both a corporate device and personal device

Question 26

Mobile deployment models: what is CYOD ?

Answer 26

Choose Your Own Device: the user choose the device and the corporate buy it for you

Question 27

Mobile deployment models: what is VDI/ VMI ?

Answer 27

Virtual Desktop Infrastructure / Virtual Mobile Infrastructure: the apps & data are separated from the mobile device