Enterprise Mobility Security Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
8 hours 20 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Enterprise mobility security part 1.
00:00
The learning objectives for this lesson are to
00:00
explain Mobile Device Management software,
00:00
to explore mobile device
00:00
connectivity options and their risks,
00:00
and to learn about WPA3 and Wi-Fi 6.
00:00
Let's get started.
00:00
Enterprise Mobility Management are policies and
00:00
technology tools that allow us to
00:00
centrally manage the mobile devices on our network.
00:00
It allows us to control the way users
00:00
themselves are allowed to use the devices.
00:00
For example, what apps are allowed to be used,
00:00
and overall device security.
00:00
Now a subset of EMM is Mobile Device Management or MDM.
00:00
This focuses on making sure the devices are
00:00
compliant with our organizational security policies.
00:00
For example, we can institute application controls
00:00
which have an allow list and a block list.
00:00
We can require strong password controls to ensure
00:00
that users are choosing good passwords for the devices.
00:00
In a similar way, we can use
00:00
multi-factor authentication requirements to
00:00
make sure that MFA
00:00
is used before gaining access to
00:00
any network resources from one of these managed devices.
00:00
Also, we can use token-based access.
00:00
This utilizes network access control,
00:00
and it requires that a device provide a valid
00:00
token before it's allowed to
00:00
gain access to network resources.
00:00
An MDM also allows for a patch repository.
00:00
This is a centralized management way of
00:00
pushing out updates and patches to devices.
00:00
In this way, we can control how
00:00
those updates are being pushed out and
00:00
schedule them to ensure that
00:00
all devices are being kept up-to-date and current.
00:00
Device certificates.
00:00
The first column we have our trust certificates.
00:00
These are used to globally identify
00:00
a trusted device within a given organization.
00:00
The key is, if that certificate is ever copied,
00:00
any device can use it and
00:00
the certificate must be immediately revoked.
00:00
We also have user specific certificates that
00:00
utilize a more granular control for allowing access,
00:00
and also they're easier to identify and revoke.
00:00
Firmware over-the-air.
00:00
Now, baseband has updates that modify
00:00
the firmware of the radio for modems,
00:00
such as our cellular modem, Wi-Fi, Bluetooth,
00:00
NFC, near-field communication, and GPS operations.
00:00
This firmware is separate from
00:00
the device's own operating system.
00:00
There have been vulnerabilities and these in the past
00:00
and it's very critical that we keep them up-to-date.
00:00
Over the air, OTA updates are delivered via
00:00
the cellular network or Wi-Fi connections
00:00
to the device for these updates.
00:00
Remote wipe. If a device is ever lost or stolen,
00:00
there is a way that it can be restored to
00:00
factory default and have
00:00
all of the sensitive data removed.
00:00
This can be triggered, for example,
00:00
by putting the wrong password in too many times or also
00:00
we could send the command to
00:00
the device over-the-air to do so.
00:00
However, there is a way of preventing
00:00
this by using a faraday bag.
00:00
If you were to put your mobile device in this bag,
00:00
it would not be able to receive
00:00
the command via the cellular
00:00
or Wi-Fi network to execute that remote wipe.
00:00
Wi-Fi protected Access 3 or WPA3.
00:00
Now, neither web or WPA is considered safe at all.
00:00
No one should be using either of these.
00:00
WPA2 uses AES encryption with 128 bit key.
00:00
While it's stronger, it's still vulnerable.
00:00
The key to remember about WPA2 is
00:00
the vulnerability is not in the encryption itself,
00:00
but rather how that encryption was implemented.
00:00
WPA3 was designed to
00:00
address some of the weaknesses in WPA2.
00:00
For example, now we have
00:00
simultaneous authentication of equals,
00:00
this replaces WPA 4 way handshake
00:00
with a Diffie Hellman agreement.
00:00
We also have enhanced open,
00:00
which is an encrypted in open authentication method.
00:00
We also upgraded the crypto protocols in
00:00
WPA3 by replacing the AES,
00:00
CCMP with AES, GCMP.
00:00
This allows for 192 bit key.
00:00
Enterprise users are required to use this 192 bit key.
00:00
Near field communications or NFC.
00:00
This is based on a specific type
00:00
of radio frequency ID or RFID,
00:00
and it's included with most modern smartphones.
00:00
It can be used to read passive RFID tags at close range,
00:00
but it can also be used to exchange information
00:00
such as business cards from device to device.
00:00
NFC is not encrypted,
00:00
and that's really important to remember.
00:00
But the most common use of NFC
00:00
today is for contactless payment.
00:00
Examples would be Apple Pay,
00:00
Google Pay, and Samsung Pay.
00:00
It's vulnerable to many other types of
00:00
attacks such as men in the middle and skimming.
00:00
Bluetooth. Bluetooth is
00:00
a short range wireless communication protocol.
00:00
It can be used to create your
00:00
own wireless personal networks.
00:00
It's often used to connect other devices,
00:00
such as keyboards, mice, and headsets.
00:00
There are several types of attacks that are
00:00
targeted towards Bluetooth,
00:00
but by far the most dangerous is the blue borne attack.
00:00
Blue born allows for
00:00
complete device control by an attacker and it
00:00
doesn't even require that the attacker be paired
00:00
or connected to the victims device.
00:00
Mobile device connectivity, peripherals.
00:00
Peripherals are any additional tech that we want to
00:00
connect to our mobile devices such as speakers,
00:00
keyboards, headphones, chargers or mice.
00:00
They can also be manipulated and
00:00
become malicious to that mobile device.
00:00
Tethering is using the smart device to
00:00
share its data connection with other devices.
00:00
You can connect other device to your phone via Bluetooth,
00:00
Wi-Fi, or the USB cable,
00:00
and then use the phones or
00:00
the tablets Internet connection via
00:00
cellular and share it out to those other devices.
00:00
Instructor side note. Now,
00:00
peripherals can be very dangerous.
00:00
The device and this picture is an OMG cable.
00:00
In this case, it is Apple lightning cable.
00:00
But the company also makes USBC and USB micro cables.
00:00
It's not just an Apple thing.
00:00
Inside of this cable is
00:00
a mini-computer that also has Wi-Fi.
00:00
You plug this into your phone and a computer,
00:00
it can actually steal data or introduce
00:00
malicious content to your phone
00:00
or the computer is plugged into,
00:00
and because the cable has Wi-Fi,
00:00
the attacker can connect to the cable via
00:00
Wi-Fi to get access to either
00:00
the computer is plugged into or
00:00
the device that's plugged into.
00:00
On top of all of that,
00:00
it also has a key logger in it. Device encryption.
00:00
Now, mobile devices often contain
00:00
sensitive data and because
00:00
of that, we've got to protect them.
00:00
Encryption allows for the data
00:00
on the device to be secured.
00:00
Starting with Android 9,
00:00
Android has hardware support to encrypt metadata.
00:00
This covers anything that's not
00:00
encrypted by the file-based encryption.
00:00
Apple iOS devices use
00:00
a unique 256-bit ID for each device.
00:00
This is stored in the hardware device.
00:00
This two 56-bit ID,
00:00
combined with a user's password,
00:00
encrypts all the data on the device.
00:00
VPNs. We can also use VPNs on our mobile devices.
00:00
We start at the OS level,
00:00
which is where everything is connected through the VPN.
00:00
It's considered always on.
00:00
All data leaving and coming to
00:00
the device is encrypted over the VPN.
00:00
But we also have app level VPN,
00:00
which protects the data of a specific app.
00:00
Finally, there's web-based VPN,
00:00
which is usually done with inside of a browser.
00:00
The common uses for this is to
00:00
bypass geo-restrictions or firewalls.
00:00
Location services.
00:00
This is used provide geographical position of the device.
00:00
We can use several methods to do so.
00:00
But by far, GPS is the most common.
00:00
But we can also use cellular tower triangulation,
00:00
Wi-Fi signals, and Bluetooth.
00:00
Geofencing is when we allow different levels
00:00
of access based on the device's location.
00:00
Within sight of our corporation,
00:00
we might give it full access,
00:00
but once it leaves the building,
00:00
then it's no longer allowed to access network resources.
00:00
Geotagging is adding addition or
00:00
locational metadata to files or devices,
00:00
and we use this for asset management.
00:00
DNS protection. Now, by default,
00:00
DNS is unencrypted, and this allows for interception.
00:00
But we can also use custom DNS services,
00:00
for example, Quad 9 or Cloudflare or Cisco's umbrella.
00:00
Using these services allow us
00:00
to filter malicious DNS requests.
00:00
We also have DNS over HTTPS,
00:00
and this will encrypt the DNS traffic because
00:00
it's tunneled over HTTPS using TLS.
00:00
This will encrypt the DNS request.
00:00
But it can cause this use to organizations as they
00:00
can no longer see the requests leaving their network.
00:00
It's often used by malware to help hide itself.
00:00
Let's summarize. We went
00:00
over Enterprise Mobility Management,
00:00
we discussed WPA3 and
00:00
Wi-Fi 6 and we went over remote wiping.
00:00
Mobile device connectivity options and their risks.
00:00
We also discussed Device Configuration Profiles.
00:00
Let's do some example questions.
00:00
Question 1, this mobile device configuration setting
00:00
allows for the granting or removing of
00:00
access rise based on the devices physical location.
00:00
Geofencing. Question 2,
00:00
this feature of mobile devices allows the device to
00:00
share its internet connection with other nearby devices.
00:00
Tethering. Question 3,
00:00
this mobile device security measure
00:00
allows for all data on
00:00
a device to be wiped under certain defined circumstances.
00:00
Remote wiping. Finally, Question 4.
00:00
This is a suite of policies and tools designed to
00:00
centralize remote management of mobile devices.
00:00
Enterprise Mobility Management.
00:00
I hope this lesson was helpful for you,
00:00
and I'll see you in the next one.
Up Next