1 / 17

The Truth About Smartphone Security: Separating  Fact  from  Fiction 

The Truth About Smartphone Security: Separating  Fact  from  Fiction . 1. Eric Green - M@D Partners. Advisory board member at Mobile Application Development (MAD) Partners who have an industry leading smartphone security product - Mobile Active Defense.

xuan
Download Presentation

The Truth About Smartphone Security: Separating  Fact  from  Fiction 

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Truth AboutSmartphone Security:Separating Fact from Fiction 1

  2. Eric Green - M@D Partners Advisory board member at Mobile Application Development (MAD) Partners who have an industry leading smartphone security product - Mobile Active Defense. In that role I’ve been consulting as a subject matter expert with primarily the FORTUNE 1000 and Federal Agencies on the subject of mobile security and management. Outside of that role, I have been involved in the security industry for over a decade. Past experience also includes running a technology book division publishing 12 books with a wide variety of industry luminaries, primarily in security. I am also program director for SC Magazines SC World Congress events and for the last 6 years have also produced, hosted and syndicated the SecureIT Live podcast show, available online at www.secureitlive.com.

  3. Smartphone security should be treated differently then tablet security on enterprise networks Fact or Fiction?

  4. Fiction The biggest threats to these devices are apps and the threat associated with personal email and browser vulnerabilities Apps are the greatest malware delivery mechanism created by mankind Personal email loaded with spam and phishing as well as malware exploit browser vulnerabilities on devices iOS is iOS and in general Android is Android. So smartphone or tablet - the risk is the same If just protecting corporate data and not controlling personal email, apps and the browser - not addressing the true risk to either of these devices

  5. iPhone and iPad hardware encryption has been broken Fact or Fiction?

  6. Fiction Many confuse jailbreak with breaking encryption – rooting the phone simply is removing access control, hardware encryption is still in place iPhone and iPad encryption is currently in for FIPS 140-2 Validation (http://csrc.nist.gov/groups/STM/cmvp/inprocess.html) There is word of a hack to the profile file wherein the perpetrator can get to the encryption key – however no one has cracked the AES 256 bit encryption

  7. It is possible for administrators to remove blacklisted apps from smartphones Fact or Fiction?

  8.  Fact andFiction Enterprise administrators ability to remove blacklisted apps varies by operating system Android, Windows Mobile and Symbian operating systems can allow for administrator removal of blacklisted – or any apps iOS does not permit administrators to remove app store installed apps iOS however does now, using Apple’s MDM permit administrators to do selective remote wipe, removing an enterprises own apps and corporate data

  9. Apple’s Mobile Device Management (MDM) offers a good way to secure your iPhones and iPads Fact or Fiction?

  10. Fiction To begin with people should be careful not to confuse the industry term of MDM with Apple’s MDM Apple’s MDM does provide certain useful functionality like app cataloging and white listing and blacklisting of apps………..BUT……… Apple’s MDM can be removed by the user at any time – thus if you stage profile files using MDM, theyget removed as well Does this remove corporate data? Perhaps.However as a security pro, if a device fallsoff your network, are you willing to simplyassume it was due to MDM being removed?

  11. Apple MDM Removal Demo

  12. iOS, Android, Windows Mobile and Symbian operating systems all have encryption for both data at rest (hardware) and in motion (VPN) Fact or Fiction?

  13. Fiction Hardware encryption: Yes for iOS, Windows Mobile and Symbian No for Android Data in motion (VPN): Yes for iOS, Android, Symbian and Windows Mobile up to 6.5 No for Windows Mobile 7

  14. You cannot prevent a user from jailbreaking an iPhone or iPad Fact or Fiction?

  15. Fact  Each iOS has been shortly followed by a jailbreak or rooting of that iOS To date there is no way to prevent iOS jailbreaking If you chose to jailbreak all of your enterprise devices, you could then both prevent jailbreaking and lock them down far more rigorously - this obviously has its cons

  16. Summary and Recommendations A smartphone security solution should Treat smartphones and tablets the same Provide blacklisting and remediation for bad apps Have the ability to either clean personal email or prevent it Ensure user cannot remove or disrupt Offer jail break and rogue behavior detection & remediation support multiple plaftorms via single console Encrypt and force all traffic to VPN Offer both cloud and appliance based solution Offer same level of security as that of laptops or Blackberrys including content filtering for any and all browsers, stateful inspection firewall, email scanning, etc.

  17. Questions? Eric Green egreen@mobileactivedefense.com 914.244.0160 www.MobileActiveDefense.Com M@D Partners LLC 2010-2011 Confidential

More Related