Topic 10B Flashcards
Mobile device deployment models
Bring your own device (BYOD)—means the mobile device is owned by the employee. The device must comply with established requirements developed by the organization (such as OS version and device capabilities), and the employee must agree to having corporate apps installed and acknowledge the organization’s right to perform audit and compliance checks within the limits of legal and regulatory rules.
Corporate owned, business only (COBO)— means the device is the property of the organization and may only be used for company business.
Corporate owned, personally enabled (COPE)—means the device is chosen and supplied by the organization and remains its property. The employee may use it to access personal email and social media accounts and for personal web browsing
Choose your own device (CYOD)—is similar to COPE except the employee is given a choice of devices to select from a preestablished list.
Mobile device management (MDM)
is a critical strategy IT departments use to manage, secure, and enforce policies on smartphones, tablets, and other endpoints
MDM allows IT departments to maintain an inventory of all mobile devices accessing corporate resources and helps ensure that only authorized devices maintain access.
Additionally, MDM can enforce security policies, such as enforcing device encryption or mandating screen locks.
MDM can enable remote lock or wipe capabilities to protect sensitive data if a device is lost or stolen.
manage device updates and patches
Common tasks by MDM
updating enterprise applications, managing corporate email accounts, managing device geo-tracking and geofencing, managing application allow or block listing, controlling Internet access or use, and many other features
Android enterprise is used for MDM
Apples is built into the OS
Platform-agnostic solutions include platforms such as Microsoft Intune, VMware AirWatch, and IBM MaaS360
In iOS, there are various levels of encryption.
All user data on the device is always encrypted, but the key is stored on the device. This is primarily used as a means of wiping the device.
Email data and any apps using the “Data Protection” option are subject to a second round of encryption using a key derived from and protected by the user’s credential. Not all apps are “Data Protection”
In iOS, Data Protection encryption is enabled automatically when you configure a password lock on the device.
Indoor Positioning System (IPS)
works out a device’s location by triangulating its proximity to other radio sources, such as cell towers, Wi-Fi access points, and Bluetooth/RFID beacons.
Global Positioning System (GPS)
is a means of determining the device’s latitude and longitude based on information received from satellites via a GPS sensor.
sensor triangulates the device position using signals from orbital GPS satellites. As this triangulation process can be slow, most smartphones use Assisted GPS (A-GPS)
A-GPS uses cellular data. GPS satellites are operated by the US Government. Some GPS sensors can use signals from other satellites operated by the EU
Geolocation drawbacks
Privacy concerns
If an attacker can gain access to this data, then stalking, social engineering, and even identity theft become real possibilities.
Geofencing
the practice of creating a virtual boundary based on real-world geography.
GPS tagging
the process of adding geographical identification metadata, such as the latitude and longitude where the device was located at the time, to media such as photographs, SMS messages, video, and so on
GPS tagging is highly sensitive personal information and potentially confidential organizational data. GPS tagged pictures uploaded to social media could be used to track a person’s movements and location
For example, a Russian soldier revealed troop positions by uploading GPS tagged selfies to Instagram
Technologies that protect cellular data connections include
user awareness and training, virtual private networks (VPN), mobile device management (MDM), mobile threat defense, and data loss prevention (DLP).
How can geofencing be worked around?
GPS signals can be jammed or even spoofed using specialist radio equipment. This might be used to defeat geofencing
The risks from Wi-Fi come from
connecting to open access points or possibly a rogue access point imitating a corporate network. These allow the access point owner to launch any number of attacks, even potentially compromising sessions with secure servers (using a DNS spoofing attack, for instance).
WPA3 security gives a fairly low risk of eavesdropping
Personal area networks (PANs)
enable connectivity between a mobile device and peripherals. Ad hoc (or peer-to-peer) networks between mobile devices or between mobile devices and other computing devices can also be established.
Peer to peer should be disabled or an attacker can exploit a bridged connection.
ad hoc network
meaning that the network is not made permanently available. There is no established standards-based support for ad hoc networking however.
MITRE has a project to enable Android smartphones to configure themselves in an ad hoc network
Wireless stations can establish peer-to-peer connections with one another rather than using an access point.
Wi-Fi Direct
allows one-to-one connections between stations, though in this case, one of the devices actually functions as a soft access point.
Wi-Fi Direct depends on Wi-Fi Protected Setup (WPS), which has many vulnerabilities.
Android supports operating as a Wi-Fi Direct AP, but iOS uses a proprietary multipeer connectivity framework.
You can connect an iOS device to another device running a Wi-Fi Direct SoftAP, however.
