12 minutes

Video Transcription

next we're gonna talk about mobile devices are portable devices in the workplace. We'll talk about what some of those devices might look like. Why they're even in the workplace altogether. And then what are their inherent vulnerabilities? And most devices bring in some vulnerabilities with them.
And to be aware of those vulnerabilities puts us one step further,
are closer to protecting them.
Hey. Ah, we'll talk about some common threats. And then, of course, we'll talk about our best practices. All right. Mobile devices in the network take on a lot of different shapes. Smartphones. You know, a lot of these devices air really just ubiquitous. They are everywhere. Most everybody has a smartphone.
Um, you know, So we've got networking capabilities, get capability transferring files
of accessing information. You know, basically these phones today, or just little many computers. So the same standards for security should be applied to these smart phones as well. Laptop computers are little, many computers as our tablets. So again, we've got to think about the same vulnerabilities that exist on our desk copy sees with viruses.
You know, the biggest concern
for me is these devices that air portable come from a lot of different vendors.
We take them home. So what we do at home may not be as protected is what we do in the workforce. So all of these devices have kind of that idea in common.
Bluetooth. If you've got a device that allows Bluetooth pairing turn it off,
that is the only way to secure Bluetooth devices to turn it off. Not to keep out of discovery, not password protected, not to do anything but turn it off when you need to use it, turn it on and then you know what you do after you're done using it.
Turn it off again.
Bluetooth is inherently unsecure, and their many attacks that prey on Bluetooth. There's something called blue jacking stealing information from, ah, particular system Blue. Actually, that's Ah, blue jackings, actually spanning a system blue snarfing, and I don't make up these names blue snarfing. It's stealing information
from a Bluetooth device,
so basically, maybe I want your contacts or I want to see your calendar, whatever that might be. Um,
there's also an older threat called blue bugging that could actually allow an attacker to take over your phone. Turn on the microphone the microphone. The camera send texts from your system, and a lot of the Bluetooth devices now have some
means of preventing, or at least mitigating those attacks.
But Bluetooth is inherently unsecure. Onley use it for its desired purpose and then turn it off again. Very, very unsafe tablets, iPads and some of the other surface pro and some of the other products that are out there and what's very, very popular.
I won't say it's very popular, but it's something I see gaining in popularity. Is this idea of B. Y o D. Bring your own device. So what do you have at home? What are you most comfortable with? Go ahead and bring that into the workforce on. And that's really why we're so concerned about these mobile devices today.
Now, when we're looking at protecting these mobile devices,
there are a couple of Actually, they're about five attacks that I would categorize as being major concerns for these devices.
Physical theft of a device. So I store work related information on my cell phone. I leave my desk and I come back and it's gone. Not a lot of physical security mechanisms. There are no cable locks for your cell phone. Keep it on your person at all times. Um,
I'll tell you.
It's very easy for me as a network administrator to push out any virus software to keep it updated for my desktop systems. But if you look at all the mobile devices, all the vendors, all the products, how frequently those updates happened, I would want to test my updates as well.
It is a tall, tall order to do so.
So what does that mean? I have to count on my users to keep their devices safe, to keep their devices clean, to update their devices as necessary. Um, so that's our responsibility.
Data interception. So these devices, just like other systems, usually don't transmit information securely by default
text messaging, for instance, not secure by any stretch of the imagination. But think about all the things people put out there in texts. They access social media, they browse inappropriate sites.
Consider also that most of these devices have GPS functions and able, so in any given time, your location, these pictures you upload the Facebook often have GPS coordinates and other metadata embedded in them, so there are a lot of things hidden
that provides security compromises and vulnerabilities there.
Eavesdropping? Absolutely, you know, again transmitting plain text and then insider threats. So, you know, I can intentionally bring in something malicious, and that's a concern for me Is an organization bringing this information in,
Um, you know things to consider when I take my device to charge it and I plug it into my company, my systems, USB.
You know, I don't know if you've ever done this before, but usually one of the things that pops up is, Would you like to import pictures or files or whatever you are accessing a data port on your system with your personal phone. Any garbage on that phone can immediately be spread to that system
as well as it might be possible for data to be
unintentionally sent to a system transmitted on securely. We've got to be very, very careful using our personal devices
in the workplace again. Users at home tend to be, um,
I won't say very carefree, but I think there was this myth for a long time because people had had Windows systems forever, and they had a lot of virus issues, and the system would lock up and they had this problem or that problem.
And then all of a sudden Apple came out It not that Apple came out after Windows, but what I'm saying,
You know, in 4005 most people were on Windows systems and then Apple started to regain popularity. And then they had this huge influx of business with the iPad and some of their other products. And there was a myth that you couldn't get viruses on the iPad on the iPhone
on the portable devices. That's absolutely a myth.
The only reason we haven't seen Maurine the past is they weren't on the number of machines that windows watch.
You know, one point time Windows had 95% of the U. S. Desktop market. Why am I writing a virus for at four for Lennox or some other thing? I want to take down as many systems as possible, so it's absolutely a myth that there are no viruses. There are no malware. There is no back door for some of these devices,
so we have to look at them as what they are.
And they are literally today. Many computers
follow recommended security settings. Update your devices, if appropriate. You know, depending on what the device is, install any virus stuff where updated regularly. Other things. And you know we have a list of best practices. One of the things that I'll mention is the term jailbreak.
And for those of you that have ipads, you may be familiar with that term.
If it's not another word for that is root rooting the system and that that's a UNIX term. That's what that comes from. Um,
let's say that I have an iPad,
but I want to use the mouths with it. Well, ipads not designed to use amounts. It's a touchscreen device, but I can use amounts with it, but I have to jail. Break it. So when we use this term jailbreak, what were essentially doing is we're breaking it free from some of the proprietary elements
that Apple has imposed, if you will,
you know, I do a lot with videos, and at one point time I had a difficult time displaying I've got a little projector and Apple were first so that his air stream it wouldn't let me Airstream Amazon content. Well, Apple wants you to buy from iTunes. I don't want you to buy from Amazon,
so if I wanted to do that, I might jailbreak the system.
Maybe you want Windows Explorer to be your default browser on your iPad.
I don't know why you would, but there you go. It could happen.
Jailbreak. So
if you go to search for something, how do I do this on the Web on this tablet on this device, sometimes you'll hear people say route the system or jailbreaks. Don't do that. Don't do that a couple of reasons. First of all, you open it up to a wealth of security vulnerabilities because you're essentially taking everything
that's enforced on that system, and you're essentially setting that computer free. That's why it's called a jailbreak.
But you're opening it up and you're exposing your also avoiding the warranty.
And, uh, you risk the system not functioning as it was designed to do. So that's a bad idea. It's something that technical people do is kind of a hack to prove that they can, and to get a little extra functionality, it does not. It's not a good idea. With these mobile devices,
I would consider the second bullet point here, enabling the remote wipe function.
Most of these devices have that if your cell phone gets left on the subway and you're unable to retrieve it, usually there's a means that you can use Ah through the Internet to wipe the device automatically. If you've got a sensitive content that really is a very important feature
you might think about. You know a lot of the devices have the find my phone function.
You could consider turning that on. But remember, when you turn that on, it requires GPS and your phone those everywhere you go and Google, for instance, if you there's ah, I wish I could remember the website. But essentially, if you've got GPS and you're using Google maps,
you can go back two years and see every place you've been with Google Maps enabled on your phone.
That information's going somewhere. Your digital footprint
lives a lot longer than any of us do. We have to be very cautious about opening ourselves up to information sharing. It is a useful feature, but again, you know, many people feel like that's a little bit of a privacy infringement.
It's a constant battle. Ease of use versus security,
privacy or security or ease of use. You know, you can't really have them all
anything suspicious. What are we gonna do with it? We know we're calling the security team. And let me just tell you this idea bring your own device is extremely desirable from a user standpoint, users like it. I've got my iPad. It's, uh, something that I I like to do content viewing on II.
Uh, use it for some basic access and basic things. I want my iPad. Well, that's great.
But we have to keep in mind that because all these devices come from so many vendors and have so many vulnerabilities that air, proprietary toe android or proprietary to, uh, you know, the safari or proprietary to Google or proprietary to Amazon or whatever.
Ultimately I'm saying
that's a tall order to put on our technical team. We have to carry some of the responsibility with making sure that we're securing. Our systems were kicking, keeping them up to date. We're not downloading garbage on. These devices were downloading secure applications rather than just any application that's out there. We should be able to verify the authenticity of that application.
So we have to be smart. We have to realize
that our phones today are Cavil. It's really are many computers and the same vulnerabilities that exist with your desktop systems exist with these devices. Follow good best practices with your computers with your smartphones with your laptops and tablets.

Up Next

End User: Mobile Device Security

Many organizations have begun allowing employees to use their personal devices for work purposes. Although convenient for users, the concept of Bring your Own Device (BYOD) has opened companies up to many security issues.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor