welcome the CyberRays video, Siri's in the copy of Security Plus 5 +01 Certification and Exam.
I'm your instructor, Rahm Warner. In this video, I'll be covering section 2.5.
Given a scenario, Deploy mobile device securely.
This video is all about mobile technologies. In today's world, mobile devices are all around us. Most everybody has a cell phone, smartphone, tablet, laptop or even a smart watch.
We need to understand how to secure these technologies.
The composition of a mobile device is different than that of regular computer because it is an embedded device, so security's a bit more challenging.
In this video, I'll be talking about different connection methods associated with mobile devices, mobile device management, concepts,
enforcement and monitoring. With these devices and lastly deployment models,
let's dive into the world of mobile devices.
I'll start by defining what is a mobile device. Basically, it's any easily transportable computing system
course. We're familiar with smartphones, tablets, laptops, hybrid systems, you know, one that convert from laptop to a tablet, watches and Internet of things technologies.
I have an exercise for you. Take out your smartphone. I want you to count with me. The number of different ways it has of sending and receiving data. For me, it's an iPhone six s.
Let's go through the different input output channels on a typical smartphone.
First of all, it's got the screen and put out put audio input output FireWire, which could be used to attached by a U. S B.
It's also got four g cellular three g WiFi, Bluetooth near field communications, GPS.
Does your phone have all of these different ways of communicating? We need to make sure we secure each of them.
That's what I'll be covering in this video
and the previous exercise. I named numerous connection methods associated with mobile devices.
You see them on your screen so cellular WiFi, Bluetooth, Muirfield, satcom.
Let's walk through each of these and how they work with mobile devices.
I'll start with maybe the most obvious cellular communications.
Cellular communications are the main mode that mobile device uses to connect to the service provider network. A cellular network consists of the following components.
You have the towers of cellular layouts based on cells.
Base stations connect to the towers, mobile switching offices, which is the centerpiece of the operations, and then the publicly switch telephone network, or P S T n. This is like the old fashioned, sometimes known as pots telephone plain old telephone service.
Today, wireless providers transmit voice calls over the traditional circuits, switched network design and subscribers used newer I P, based for G L T E Network to access the Internet and other data service is
there are different voice technologies that could be associated with cellular service. Sometimes based on the vendor that is used.
It's important you familiarize yourself with the different generations of cellular communications. This chart on the screen has that comparison. Starting with the one G now moving all the way up to five G, you can see the different band with capabilities, the standard associated with each and the technology.
This is good to know not only for Security plus, but if as a cellular customer,
mobile devices communicate and depend on wireless signals.
So it's no surprise they use traditional WiFi, which I talk about in other videos.
For right now, I'm gonna skip over Bluetooth and NFC will cover those in a second
SATCOM satellite communications. This is an old fashioned form of mobile device communications. Word would connect to a satellite. Sometimes this could be used when you're far away from any metropolitan area with no cellular or WiFi service you can attached to the network through a satellite
aunt. Technology developed by garment enables you to view fitness and health monitoring data in real time on your mobile device.
Aunt is a wireless protocol for used over short distances
less than 30 meters by creating a personal area network similar to Bluetooth
infrared. Another wireless type of technology uses light in the infrared spectrum,
and last connection method is FireWire or USB, where you're connecting physically to a device. Each of these mobile device communication methods have their own security challenges. Review each and understand how they'll work for the security plus exam and as a security professional.
Bluetooth is a ubiquitous technology used to establish connections between different types of mobile devices.
It's a personal area network. Short wings, wireless connectivity,
Bluetooth uses spread spectrum frequency hopping, full duplex signal. An antenna equipped chip in each device that wants to communicate, sends and receives signals at a specific frequency range defined for short range communication
for Bluetooth devices to communicate, they pair with each other to form a Pan personal area network
may also be known as a PICO net.
This process is done through discovery, with one device making itself discoverable by other devices.
Bluetooth is a common mobile connectivity method because it has low power consumption requirements and a short range signal.
Bluetooth is an important part of today's mobile devices, so it's important to understand how it is used and how we secure it.
Near field communication is a set of standards for contactless communication between devices
and FC. Chips within mobile devices generate electromagnetic fields. This allows the device to communicate with other devices.
Although NFC is considered contact less in most practical uses devices established communication by being close or even touching.
You see the example on your screen.
It's an example of contactless payment systems by simply holding the phone close to the payment terminal.
They're different modes of operation associated with near field communications, the peer to peer mode with two mobile devices exchanging data Reade right mode. An active device receives data from a passive device
or card emulation. The device is used as a contactless credit card.
NFC technology and communications make tapingo service is such as Apple pay and Google wallet work
all now transition to How do we manage all of the mobile devices?
MDM Mobile device management is the administration of mobile mobile devices within an organization
managing multiple device deployment, access and usage and continuing is a continuing challenge for organizations. MDM include software used for inventory monitoring, managing and securing employees, mobile devices
often deployed across multiple mobile service providers and across multiple mobile operating systems
such as IOS or Android.
MGM also provides device enrollment. So when you're originally attaching to a corporate network,
provisioning and inventory can also use it. For that configuration. Management and you were insured. Mobile devices are kept up to date. MGM provides policy enforcement and also the management of applications. It's a way of centralizing how mobile devices are handled
within a corporate infrastructure.
There are additional capabilities associated with mobile device management. First is mobile application management.
Mobile device management differs from mobile application management.
Ma'am focuses on applications. What applications are allowed on the devices? Are those applications digitally signed and approved? Are they distributed from a centralized and controlled source?
You can also managed applications through white listing or blacklisting.
Content Management focuses on a broader category of all content, not just applications.
Mobile content management or M C M systems are used to control access to the storage, and sharing capabilities within the service is
one of the biggest security risks involved. Applications that shared data across environments like cloud service is this is controlled with content management On the mobile devices, Push Notification Service's are used to send information to a mobile device. For example. Airlines do this to let you know you're you can board
a push. Notification service is a brief message or alert.
When the operating system of the device pushes notifications, it's known as O. S. P. N s. You can see the term on your screen.
Additionally, the push notification service allows auto updating of the operating system and the client application many advantages associated with using all of these capabilities.
We see a continual challenge of combining business and personal information on our mobile devices.
There's a risk of sensitive corporate information on users. End points.
How do you keep them separate?
How do you wipe business information when an employee leaves the company?
There's different ways to solve that. First is through storage segmentation, where business is kept separate from personal, even within the same device.
This is accomplished through container ization, where you separate sensitive corporate information from the user's personal use of the device. You might have your personal photos, and then you have your business files all within the same device using container ization. It also has the ability to isolate applications
control application functions.
Another mobile device management concept is the remote wipe or sanitization.
When that employee leaves the corporation, how do you remove the corporate information from their mobile device, particularly if it's B Y o. D? There's the ability to send a command from a centralized management server to remotely clear the data and on Lee the business data leaving personal information safe
Remote wipe can also be used when a device is lost or stolen, and you don't know where that device maybe be familiar with these different mobile device management concepts as you're studying for security. Plus, because mobile devices often have GPS capabilities were even the ability to locate over WiFi.
Geo location can be used for access control.
Geo location uses the Global Positioning System GPS tracking to find the location of the device You can also use this to locate people through their devices. It's good for emergency Service's and him. For parents want track their kids
could be a challenge for privacy.
There's some applications that also rely on geo location, such as the mapping capabilities or even the application. Foursquare
Geo fencing defines a geographic perimeter for use with the cell phone, for example, not being able to text in the front seat of a car or only allowing access to certain functions based on the location of the cell phone.
They're certain steps you need to take to secure a mobile device. Full device encryption is one example of securing a mobile device. It could be done at the system level or an application layer
with the system Layer based operating system based hard drive, if you will, can be fully encrypted. Using a technology such as TPM, another security feature, you need to be using our screen locks and lock out. Most mobile devices have the ability to lock with a password
or a pin. Were even biometrics.
This should all be based on your corporate policy.
There's also context aware authentication, where additional criteria are used for authentication or device usage, for example, that geo fencing location were time based. Can't use a cellular device mobile device during a certain period of time
or during certain activities like driving. For example,
all of these air methods to secure a mobile device.
Organizations use different deployment models when distributing cellular or mobile devices. First is B Y o D. Bring your own device. This is where you use your own personal device for business use. It has the highest risk because you're
depending on that person that employees with their device. You have to require adherence with the company policies on personal devices,
which could be a challenge. The second deployment model is C. Y O D. Or choose your own device similar to B Y O D. But employees get to choose from a list of approved devices.
Copas company owned provided equipment for the company has complete control over device. They provide the mobile device. They manage it, they determine the applications that are on it, et cetera.
VD I is another mobile deployment model virtual desktop infrastructure where you're given a desktop on the mobile device. You'll see this more on small desktops, thin client desktops or laptops rather than having the operating system and all the applications on that device
through cloud technologies.
What's nice is that nothing is stored locally with VD I Everything is stored toe a centralized server.
Plus the image is always fresh, though the capabilities of having Mauer installed or unauthorized applications are greatly diminished. With VD I environment
as a part of managing and securing mobile devices, you need to consider enforcement and monitoring.
An example is third party APP stores. Do you allow APP stores that are not part of the mainstream, like the Apple Store or the Android store?
You want to restrict this based on your corporations policy?
You can also do this toe white list applications on Lee. Certain applications are allowed on the device. This prevents data leakage or other troublesome issues with the mobile device,
another challenge that requires enforcement and monitoring his rooting on android and jail breaking on apple devices. This is where the user basically re installs the operating system to take full control of the device, getting route permissions if you will,
installing a Lennox colonel on the mobile device
rather than using android or Apple
for corporate devices. This should be forbidden both in practice and in policy.
Side loading is the transfer of data between two devices,
often through near field communications are going through some type of a side channel.
This should also be restricted based on your corporations policy.
USB on ago is a standard that enables mobile device communication using a USB cable.
If someone were to find your mobile device, could they connect to a PC, laptop or desktop? Using a USB cable
may want to make that restricted for corporate own devices.
Additional considerations with enforcement and monitoring include the use of custom firmware.
For example, you install firm where on a mobile device for a forensics investigation.
An invalid use is to bypass security policies within the corporation
carrier. Unlocking is the modifying of the device to use a different cell carrier without having to purchase a new device. This is now legal within the United States. For more, Oh TA updates are updating the device over the air. Oh ta, it's automatically updating it
when attached to the corporate WiFi
Users may have no control of the updates using this firm where oh ta updated. This insurers an automatic updating of the mobile devices.
All of these air considerations is part of security enforcement and monitoring of mobile devices.
In this video, we discussed the following concepts Associate with mobile device security
connection methods, mobile device management concepts enforcement and monitoring and deployment models.
Let's practice on some quiz questions.
Question. This form of wireless communications has three modes of operation.
Peer to peer mode, read right mode and card emulation.
The answer is C near field communications.
This form of mobile device management is used to control access to the file storage and sharing capabilities of service is
the answer is C container ization, basically the definition for container ization.
This concludes the video for section 2.5. Given a scenario, deploy mobile devices securely.
There's a lot of material to learn about mobile device security. Leverage it as you're studying for the security plus exam