2 hours 23 minutes
Welcome back to I t. Security policy here on side Berry.
This is still part of Module three, The Bluetooth policy with myself. Troy Lemaire here on Cyber Eri
Learning objective of this module will be version pins and pairing
the vice security settings, security audits, unauthorized use and user responsibilities in regards to Bluetooth.
So if we look at this policy, it's another Sands baseline template
There's the Bluetooth enabled device or exploding on the Internet and astonishing rate
and secure Bluetooth connections can interest number of potential serious, serious security issues.
The purpose of policy provided minimum baseline standard for connecting Bluetooth enabled devices
to the company's network, our company's own devices
and the intent of the minimum standards to ensure sufficient protection of P I. I. And if you would also have pH I or anything else that you would have within your organization?
No. But the policy. It applies to any Bluetooth enabled device that is connected to the company network. Our own devices.
If we take a look at the policy itself
version is the first part. No Bluetooth shall be deployed that does not meet a minimum of Bluetooth version 2.1 now this policy is owed. You would want to go with whatever the latest standard that you would want to use within your organization, and this would be need to look at on an annual basis. Probably. Just make sure
that there's nothing else out there that has been updated in the specifications.
We moved two pins impairing. Whenever you pair a device, you want to make sure that you're not in a public area where the pin could be compromised.
And if it asked you to enter your pin after you have initially paired, you must refuse The parent quest reported to info Sect through your help desk.
Vice Security settings. All blue two devices shall employ security mode three, which in Kurt's traffic in both directions between your Bluetooth device and it's paired equipment.
Using a minute, use a minimum pin length of eight longer. Pit pin provides more security,
which the Bluetooth device to hidden mode
only activated Bluetooth whenever it is needed and ensure device firm where is up to date.
These are all things that you would want to look at in this device. Security settings to be able to change or modify as the environment changes
security audits that info SEC team may perform random, modest in short compliancy
unauthorized, unauthorized use. The following is a list of unauthorized uses of own Bluetooth devices. You can't use it for eavesdropping or spoofing.
Can't use own Bluetooth equipment on non on Bluetooth enabled vices
and unauthorized modification. Bluetooth devices for any purpose.
We look at youse responsibilities. Bluetooth user responsibility to comply with this policy. Blue to move must be turned off when not in use.
Confidential sensitive data must be transmitted or stored on Bluetooth or must not be transmitted. Are stored on Bluetooth enabled devices
due to the users. May Onley access information using approved Bluetooth device hardware, software and solutions.
The Hardware software solution connection that did not meet the standards shall not be authorized for deployment,
and Bluetooth user must act appropriately. Protect information.
Bluetooth use are required to report any misuse,
loss or theft
to the Info SEC team.
So in summary, today's brief lecture We discussed the Bluetooth policy.
URGENT pins and pairings. The by security settings.
You're the audience,
unauthorized use and user responsibilities.
First, a recap question When pairing your Bluetooth unit to your Bluetooth enabled equipment ensure that you are not in a blank area where your pin can be compromised
and that would be in a public area.
Next recap. Question Bluetooth mode must be blank blank when not in use
that would be turned off when not in used.
So in the next lecture, we're gonna actually move on to another module with server policies. I look forward to you coming back enjoying us for that section and those modules.
As always, you need have any questions or need clarification. Message Marie at Troy Lemaire on the cyber Eri
message for him
Thank you for attending this training here on Cyber Eri.
Penetration Testing and Ethical Hacking
The Penetration Testing and Ethical Hacking course prepares students for certifications, like CEH. This course ...
7 CEU/CPE Hours Available
Certificate of Completion Offered
CompTIA A+ 220-1001
This CompTIA A+ training covers the 220-1001 exam components needed to earn the CompTIA A+ ...
12 CEU/CPE Hours Available
Certificate of Completion Offered