1 / 31

Deploying and Managing Mobility Securely

Deploying and Managing Mobility Securely. Jason Langridge UK Mobility Business Manager. Agenda. Observations and Questions for you! What are we protecting? Threats and how to mitigate them Managing and enforcing policy Summary. Statements and observations .

coby-riley
Download Presentation

Deploying and Managing Mobility Securely

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deploying and Managing Mobility Securely Jason Langridge UK Mobility Business Manager

  2. Agenda • Observations and Questions for you! • What are we protecting? • Threats and how to mitigate them • Managing and enforcing policy • Summary

  3. Statements and observations • Security is an excuse – not a reason not to deploy a mobile solution • A Smartphone/Pocket PC is not the same as a PC – it’s just a phone/PDA that got really really smart • The use of mobile devices is very different to a laptop • Security and Device Management are not independent they are intrinsically linked

  4. Questions for you! • Do you have a mobile device security policy? • It’s not the same as a laptop policy. • Do you let security influence your choice of device or platform? • Who is handling your data as it goes from its corporate home to your users’ mobile devices? • Is security designed into any custom mobile apps — or an afterthought?

  5. What Are We Protecting? • The physical device? • Corporate Knowledge? • Misuse of Resources(and increased costs)? • Corporate legal exposure: • Sarbanes-Oxley, GLBA (US), • Privacy Directive, Data Protection Directive (EU),and “Safe Harbor” Principles (US) • OECD Fair Information Practices • CFAA (Computer Fraud and Abuse Act)

  6. Fundamental Tradeoff Secure You get to pick any two! Usable Cost

  7. Threats and how to mitigate them • Major threat categories • Unauthorized Access to device • Unauthorized Access to data • Interception of data • Viruses and trojan applications • Perform Risk Assessment • Establish Policy for: • Device Password • Anti-Virus • Application Installation and Execution • Transmission of Data • Data Protection

  8. 1. Device Password • 4-digit PIN (Pocket PC) • Strong password (Pocket PC & SmartPhone) • >4 digit PIN (Smartphone) • Exponential delay with incorrect password • Password protected ActiveSync partnership • Now enforceable and manageable through MSFP and SMS

  9. 2. Anti-Virus Software • Built-in APIs for Anti-virus solutions • Computer Associates • F-Secure • McAfee • SOFTWIN • Airscanner • Trend • Personal Firewall • Bluefire Security Technologies • Check Point VPN-1 SecureClient

  10. 3. Application Level Security

  11. 3. Application-level Security“1 tier” and “2 tier”? • Smartphone supports “2 tier”: If an application is not blocked, it could be signed for one of 2 different trust levels • Trusted: Access to all registries, APIs, hardware interfaces • Normal: Exists only on two-tier devices • Some APIs restricted, parts of Registry are read-only • >95% of device accessible, adequate for almost all apps • Intended as a way to improve reliability of apps, not a primary defense against damage from malicious code

  12. 3. Application-level Security“1 tier” and “2 tier”? • New to Windows Mobile 5.0: Pocket PC supports “1 tier” • The configuration or application is either blocked completely or trusted completely

  13. 4. Securing transmission of data • Network Authentication • NTLM versions 1 and 2 • SSL Basic and TLS Client Authentication • WiFi 802.1x user auth using • Protected EAP (PEAP) • EAP/TLS (cert-based) • WPA

  14. 4. Windows Mobile VPN

  15. 5. Data Protection • Limit the data to just what is needed…. • Cryptographic services for applications are built-in (Crypto API v2) • SQL-CE provides 128-bit encryption (PPC only) • 3rd Party options:

  16. Summary of Windows Mobile Security Features • Perimeter protection • Device lock: PIN, Strong, exponential delay • Authentication protocols: PAP, CHAP, MS-CHAP, NTLM, TLS • Data protection • 128-bit Cryptographic services: CAPIv2 • Code signing (SmartPhone only) • Anti-virus API • Network protection • OTA device management security • Secure Browsing: HTTP (SSL), WAP (WTLS) • Virtual Private Networking (PPTP, L2TP IPSec) • Wireless network protection (WEP, 802.1x, WPA)

  17. Mobile Device Management and Security Challenges • Devices infrequently connected to an organisation’s network • Low bandwidth, higher cost connections • Unreliable connections • Device loss that leads to work stoppage

  18. Customer requests for mobile device management • Security – Data protection • Ensuring corporate data on the device is secure • Configuration – Applying settings • Applying networking, application and security settings • Inventory – Asset and version tracking • Storing device serial numbers, OS and application versions • Application deployment and update • Deploying applications, and updating or patching based on version • OS Deployment and update MSFP will provide

  19. SMS 2003 Device Management Feature Pack (DMFP) • Add-on to SMS 2003 SP1 to manage Pocket PC, Pocket PC Phone and Windows CE based devices • Components install on SMS 2003 site systems • Client agent installs on Windows Mobile devices via SD Card or Activesync • Device clients can connect direct to the SMS server independent of a PC • Aimed at the major feature requests

  20. Feature Set • Hardware/Software inventory • File collection • Software distribution • Script execution • Settings management • Password policy management • Automated client distribution via SMS 2003 Advanced Client desktop

  21. Customers already deployed or licensed for SMS Support for both personal and line of business devices Flexible configuration required SMS 2003 Device Management Feature Pack (DMFP) Customers who don’t currently have a management solution in place Managing critical business processes Robust configuration management b2m solutions - mProdigy Mobile Device Management – Working environments

  22. Mobile Enterprise Management Tom Fell Mobile Systems Architect, b2m solutions

  23. mProdigyFive Software Modules Application Monitoring Supplier Management Focus for today’s presentation Communications Management Asset Management Device Management

  24. mProdigy Features • “Hands off” commissioning of devices • Deployment Profiles • detailed device configuration management • provides tight control whilst maintaining flexibility • support multiple device types in the same operational role • Patches for “ad-hoc” updates • Remote diagnostics • Remote warm / cold reboot • Cold boot resilience • Distributed deployment

  25. mProdigy Features • Asset register includes details of devices and associated peripherals • Repair loop management • Event tracking (used by Supplier Management & Application Monitoring) • Alerts • Manage devices by group / location / function • GPRS / 802.11 /Ethernet Support • Efficient and robust communications infrastructure (optimised protocol for “pay per byte” networks)

  26. mProdigyFive Software Modules Application Monitoring Supplier Management Change Management Communications Management Asset Management Device Management Technology Management

  27. Mobile Device Management Demonstration Tom Fell Mobile Systems Architect, b2m solutions

  28. Summary and Recommendations • Security is no longer an excuse • Define a security policy for mobile devices • Find out how many devices are in use in your organisation! • If you need: • Security Policy and Password Policy control – MSFP • Software deployment, settings management and asset control – Management Solution

  29. http://www.microsoft.com/uk/technet

  30. References • Windows Mobile Security White paper • http://www.microsoft.com/windowsmobile/resources/whitepapers/security.mspx • Security Product Solutions • http://www.microsoft.com/windowsmobile/information/businesssolutions/security/secsearch.aspx

  31. Signature authentication Certicom Corporation Communication Intelligence Corporation TSI/Crypto-Sign VASCO Enhanced password protection Hewlett-Packard Pictograph authentication Pointsec Mobile Technologies Fingerprint authentication Biocentric Solutions Inc. HP iPAQ 5400 Card-based authentication RSA Security Schlumberger Sema Certificate Authentication on a Storage Card JGUI Software Storage Encryption F-Secure Pointsec Mobile Technologies Trust Digital LLC Encrypt Application Data Certicom Corporation Glück & Kanja Group Ntrū Cryptosystems, Inc. Virtual Private Networking Certicom Corporation Check Point Software Technologies Ltd. Columbitech Entrust, Inc. Epiphan Consulting Inc. Disable Applications Trust Digital LLC Device Wipe Asynchrony.com Public Key Infrastructure (PKI) Certicom Corporation Diversinet Corp. Dreamsecurity Co., Ltd. Glück & Kanja Group Thin Client Technology Citrix FinTech Solutions Ltd. Microsoft 3rd Party Solution Providers

More Related