5 Mobile Security Flashcards
What does STRIDE mean
STRIDE is used for security threats
Spoofing Tampering Repudiating Information Disclosure Denial of Service Elevation of Privilage
What does DREAD mean?
DREAD is used to assess threats
Damage Reproducibility Exploitability Affected Users Discoverability
STRIDE. What does SPOOFING mean and how is it mitigated?
Spoofing is when a person/ program masquerades as another.
Gains access with false credentials
Hacks voicemails
You can mitigate with strong authentication
STRIDE. What does TAMPERING mean and how is it mitigated?
Tampering means modifying data or binary code to gain root access ie through a fraudulent jailbreaking site.
Can be used to modify web service request to change delivery of purchase.
Mitigated by ensuring data integrity.
STRIDE. What does REPUDIATION mean and how is it mitigated?
Repudiation is where an attacker modifies the records to hide the attack.
eg sending a payment then wiping the record.
Mitigated with secure logging and digital signatures.
STRIDE. What does INFORMATION DISCLOSURE mean and how is it mitigated?
Information Disclosure is where an attacker gains knowledge they shouldn’t have.
Insecure transport - unencrypted file / databases where credentials accessed via an app
Mitigated with hidden passwords / not showing full CC no.
STRIDE. What does Denial of Service mean and how is it mitigated?
Denial of Service (DoS) is where attackers prevent access to a site. A DDoS is where the malware is distributed through apps so that potentially millions of attacks can happen at once via bots.
Mitigated by access control, filtering and maintaining availability.
STRIDE. What does Elevation of Privilege mean and how is it mitigated?
EoP is where someone gains root access and then elevates their rights to run unauthorised code.
Jailbroken phones vunerable.
Mitigated by requiring kernal mode code to be digitally signed to prevent vertical and horizontal EoP
What are the 4 steps in Threat Modelling?
- Diagram of System
- Identify vunerabilities (via diagram and trust boundaries)
- Mitigate threats (DREAD - work on highest scoring)
- Validate mitigation - has it worked
What does DREAD stand for?
Damage Reproducibility Exploitability Affected Users Discoverability
DREAD. How is Damage scored?
If threat occurs, how much damage?
0 = None 5 = Individual 10 = Company systems/ data destruction
DREAD. How is Reproducibility scored?
How easy to reproduce threat?
0 = very hard/ impossible 5 = few simple steps 10 = Just a web browser
DREAD. How is Exploitability scored?
What is needed to exploit the threat?
0 = Advanced programming knowledge 5 = malware/ tools exist 10 = Just a web browser
DREAD. How is Affected Users scored?
How many affected?
0 = None 5 = Some users 10 = All users
DREAD. How is Discoverability scored?
How easy for attackers to discover threat?
0 = Very hard/ impossible (requires source code or admin access) 5 = Identified by guess work or network monitoring 9 = Details of fault available online 10 = The info is available in the web browser address bar or form
Define a security strategy
A document capturing agreement between organisation and members defining who as access to what/ under what conditions
Objectives of a security policy?
Reduce risk
Define rules of users (and monitoring)
Define organisations policy on security
Authorise security personnel to monitor/ probe/ investigate
Define and authorise the consequences of violation.
Help track compliance
Additional themes of a mobile security policy…
Device types - All/ One brand/ authorised list
Physical security - passcodes, tracking, no leaving around
Backup/ restore - require or via software
Monitoring - State MDM (only use corporate if enrolled)
Permitted applications - Which installed, organisation app store. For BYOD only reputable stores/ apps
Network access - Recommend no open wifi. Use of VPN should be mandated.
Challenges of BYOD
Reduced cost/ improved moral
Under users control - permissions
More device types
Implement MDM solution that supports all permitted device types
Endpoint Security is…
Is security to protect against threats from remote devices on a corporate network. For example, a company may have a BYOD policy and each is a potential entry point for a threat.
Endpoint security solutions offer:
Remote wipe Anti-virus/ malware Anti-spam Back up/ restore Anti spyware MDM clients Firewall
Sandboxing is…
Keeps data from one app separate from another (unless jailbroken).
3rd party: provide area of device mem. separate from users
Accessed via API
Not accessible to root user
Can be wiped remotely
Mobile Device Management (MDM) offers:
Centralised management sever
Device security config
Provisioning (Enrol devices/ auto apply settings)
Security (checking configs applied)
Monitoring (report on connected device)
Decommisioning (Remote wiping/ removal from list)
MDM solutions:
3rd Party: Zenprise, AirWatch
Apple profile manager (iOS only)
Google Apps device management (Android, iOS, Blackberry, Windows etc)
What are requirements for Google Apps Device Management?
Apps Business Account required
Admin - logs on, defines devices
Android - install Google Device Policy
Non android users: Google provides mangual config
What are features of Google Apps Device Management?
Password (enforced, complexity)
Settings (encryption, camera, auto sync when roaming)
App auditing, remote wipe, device activation
Non android users manually config via Exchange Active Sync - different features for different devices
Features of iOS MDM config
Notified via push notifications
Devices connect to MDM server to authenticate themselves and download/ apple modified confg
Devices must enrl via wireless/usb
MDM config: iOS updates Lock screen Device name Installed apps/ documents Profiles (passcode policy, restrictions, wifi, vpn)
OS-X server edition incorps MDM solution - Appl profile manager - allows config of iOS devices