Time
35 hours 10 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:00
Hello and welcome to Siberia's Conti, a certified van security practice. This certification preparation course.
00:09
This is a continuation of margin on a five. We just tied a host security controls.
00:14
These are objectives which encompasses particular module. At this point, let's take a look at the topic of mobile device security,
00:22
which is in fact Section six of this particular presentation
00:28
here. A. Reject us for this particular presentation. We could begin by First list and compare the different types of mobile devices. Explain the risk that associate with mobile devices this ways to secure a mobile device.
00:40
Explain how to apply a mobile device, app, security and lastly, describe how to implement. Bring your own device security.
00:49
The first item. Arjun is the pre assessment question, and it's as follows
00:54
which technology is not a characteristic of a mobile device? Is it a physical keyboard? Be a small form factor. See local number, mobile data storage or D data synchronization capabilities.
01:07
If you said that the eight you're absolutely correct
01:11
moved on presentation. The first I'm going to take a look at in this presentation is breathe. Discussed the type of mobile devices. I'd say there's some different characteristics. When you begin to look at these, various mobile devices such as you may have a small form factor. Ah, while its data nick for assessing the Internet on mobile operating systems,
01:30
they also may have some acts that can be acquired through different means, such as dialled loaded from the Web or provided by Wallace. Data Carrier.
01:38
Also have data synchronization capabilities with a separate computer or remote server. And last, they have none. Removable data storage
01:47
as you. Well, well, there are many different types of mobile devices were gonna come briefly highlight some of these devices doing this particular discussion here. Now these are some option of features that may be found on the mobile devices. For example, you may have example a digital camera. We also have a global positioning type system. Microphone removal stores, media.
02:07
You also have support for using device itself
02:08
as a removable storage for another computing device while its cellular connection. While it's personal area network interface like Bluetooth or near fear type communication.
02:20
Now they have many different type of mobile devices, and what we're gonna do here in this section is highlight what they are. Briefly,
02:27
the 1st 1 wouldn't discuss is a portable computer now Ah, portable computer. Have similar hardware and run the same operating system application software found on your typical desktop computers. Some some of the primary defenses are the primary computer are smaller, self contained devices
02:42
that can easily be transported from one location to another while operating on a battery Power.
02:49
Ah, laptop, regarded as the earliest portable computer, have multiple Hartwell ports and may accommodate limited hardware upgrades.
02:58
Then we have tablets, which is a portable computer device generally larger than a smartphone, as smaller than a notebook it Jenny likes a built in keyboard. It relies on a touch screen. The primary display device will eliminate user input. The most popular operations of the tablets are Apple IOS,
03:16
Google Android as well as Microsoft Windows,
03:20
then another. Another type of mobile device we have is a smartphone.
03:24
It has all the tools that are features a phone has but also includes an operating system that I want to run APS and access Internet. A feature phone is a traditional cellphone limited features such as camera. You may have an MP three music player and ability to send and receive short messages. Other words SMS text messages
03:44
considered hand hail personal computer
03:46
because of their ability to run APS.
03:49
Then we have wearable technology device that could be worn by the user instead of carrot examples off somebody's wearable type technology is the optical hit monitor display. Google Glass can be activated in response to a user's voice commands. We also have a smart watch, which conserve as an accessory
04:08
to a smartphone of you various messages.
04:11
Then we have our legacy devices that several mobile devices on alone awhile in use. We have the personal digital assistant, or P eight. They were intended to place the papers. Systems often included an important calendar address, book to do list calculator and no pack. It fell out of favor as smartphones game in popularity.
04:30
Then we have our netbooks, which again is a small, inexpensive
04:33
lightweight computer, features small screen and could not be upgraded, lost, populated with introduction of tablet computers
04:44
now forced mobile device opposite, they have a risk, and when you think about a risk, a risk is in fact a Taliban certainty. For example, let's take a look at some of the security risk and in regards to Mow devices. First Apple Limited Physical Security Connecting Office When you go to connect to a public network that could expose you to compose a risk.
05:01
No case in tracking
05:03
installing when you start honest secure application that compose a risk to that mobile device a sense of untrusted content and also bring your own device. They have risk inherent in themselves
05:17
now for a limited physical security. A motive Eyes is stolen on average, one every 15 seconds. 1/3 of all the laptop stolen us go missing from public schools. Consumer own from laptops that most often in consumer own laptop are most often in August and September and November as well. It's December
05:36
now. Top deaf is prevailing at airports.
05:40
Uses must guard against shoulder surfing. In this case, we tell my experience you want to view your sensitive information so they engage in a process called shoulders surfing.
05:50
Then we have your bring your own device.
05:54
Now bring your own device. You need to have some type of bring your own device type policies in this case we're looking at, For example, if you're gonna allow someone to bring in their mobile device and connect your network opposite that gonna pose a risk to your organization. So in this case, you will always allowed you to use their own personal mobile device for business organizational purposes.
06:13
They're so risk associate with the bring your own devices,
06:15
user may erase The install built in limitations on their smartphone is often share with family members and friends as well. Technical support may may have to support 100 different mobile devices. In this case of employees. Let go. It may be difficult to erase any corporate data from that person.
06:33
Personal mobile device. So we need to really take that it be
06:36
really cautious and regards Thio
06:40
actually allow individually you lies. There are various mobile devices. Don't even connect to our own physical networks
06:47
Now for securing your mobile devices. These are some Stefan discuss how you go about the process of securing your mobile device again. We're looking at it from my initial setup in advice. We look at ongoing management. It's worth dealing with theft or loss of the device. So with that being said, let's take a look at device set up.
07:04
What are things that you definitely want to do when you look at these mobile devices, you wanna disable unused features?
07:10
If it's a feature your meat, you're not using water where you have installed. Where that does. It increases the tax service of wonder thing we're gonna do. It's important. Disable our news features and turn off those that do not support. They've been issues of the of the phone, uses it disabled a blue to wireless data, communication and order. Prevent blue jacket and blue snarling.
07:29
You also might want to enable what we called a lot of the screen.
07:31
Lock the screen what it does. It prevents the device on being used
07:35
unto the user. Inner et correct passcode You weren't set. Screamed a lot after a period off in activity.
07:44
We also want enabled the lock screen again. Continue on this process. After specific number fill attempts in a passcode. Additional security protection will occur. Right won't extend that lockup period. You might want to reset to factory settings. Most advices have different option For the types of passcode.
08:01
A popular option is a draw swipe a specific pattern connecting dots
08:05
the least ineffective opposite is utilizing short pins, which is most at least effective weight in terms of trying to security devices
08:13
now force encryption. Neither Aiso or Andrew or provides native cryptography. So third party app must be and start provide some form of encryption there to encryption option. You could do a four device encryption
08:28
again. You can also do separate the data storage into containers and encrypt on Lee. That sensitive data
08:35
now continue on the device, said we went. One also is sure that we control access. A key opposition Keith fact fundamental approach is to secure a motor device is a control access to device and its data about Lim, who is authorized to use that information
08:52
at a high corporate level decision must be made. Ah, who can access the data before was downloaded onto a mobile device.
08:58
Many organizations are beginning to focus their efforts on data instead of just device by extending the data loss prevention to the various mobile devices and we discussed data we discussed in a previous presentation. We actually discuss this process
09:16
that loss prevention, other words,
09:20
and that they were due to reduce the risk of therefore loss, keep your mobile device out of sight. One. Traveling in high risk areas always maintain awareness of your surroundings. In other words, you engaged what we call a situational awareness. When holding your device of mobile device, let you use both hands. Make it difficult for the thief to snatch it.
09:37
Do not use the device on escalators or near train doors.
09:41
If the device is loss of stolen, it may be necessary for you. Perform what we call a remote wiping, which in essence, erase assisted at a store on your particular device.
09:50
Now continue on what? Where a mobile app. Security
09:54
Absolutely advice should be also been secured as well. Abscam required that the user provided thin in cases such as a Pasco before access is granted. Your mobile device also can support Application White Line on which again, this is essentially ensured that it on Lee Point P. Approved APS can run on. The device
10:15
might also utilize G O Fits in, which again uses the advice GPS Global Positioning Satellite to define the geographical boundaries where app can be used.
10:26
We also have a credential bands which stores theater indication type information
10:31
now for us to bring your own device security. They're opposites of benefits of bring your own device for cos it ensures our provides management flexibility. You requires less oversight. You have incurred some calls. Savings increase employee's performance. Simplify I t. Infra scope to reduce Internet
10:50
internal Other words. Service is
10:52
and again that's very important. We begin to look it out. Bring your own devices in terms of security.
10:58
Now we'll be supporting time when we had need to take this pre assessment question or other words addressed this pre assessment course in And of course, it is as follows. Which of these is not an advantage of bring your own device for an organization? Isn't a flexibility be cost increase?
11:15
See increased employee performance or D would do
11:18
internal service?
11:20
The correct response is be cost increase
11:24
Not doing this particular section here we just list and compare the different types or mobile devices we explain or provided your information regarding the wrist or associate with the various mobile devices. We discuss a ways to go about the prices actually secure in the mobile devices.
11:41
Explained how, how how to apply mobile device app security
11:45
and lastly would sprout how to implement what we call brain your own device. Security in our upcoming topic will continue on by taking a look at a key takeaway integrated whole security. Look forward to seeing the very next video

Up Next

CompTIA CASP+

In this CASP+ certification course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA CASP+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor