1 / 21

Tips on Securing Mobile Devices October 5, 2012

Tips on Securing Mobile Devices October 5, 2012. Preston Wiley, Network Security Manager, CISSP Mike Hill, Project Manager / Systems Analyst, CISSP. What is a Mobile Device?. Highly Portable Constantly connected to the Internet Able to run a variety of applications

graham
Download Presentation

Tips on Securing Mobile Devices October 5, 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tips on Securing Mobile Devices October 5, 2012 Preston Wiley, Network Security Manager, CISSP Mike Hill, Project Manager / Systems Analyst, CISSP

  2. What is a Mobile Device? • Highly Portable • Constantly connected to the Internet • Able to run a variety of applications • Easily stolen or misplaced • Smartphones, Tablets • Personally managed

  3. Mobile Device Operating Systems • iOS • iPad • iPhone • iPod Touch • Android • Nexus 7 • Samsung Galaxy • HTC One, Desire, Evo, etc. • Motorola RAZR • MANY MANY MANY Others • Blackberry, Symbian, Windows

  4. Remain Productive Coolness Factor Why do we have Mobile Devices? • Highly Portable • Convenient • Always Stay Connected

  5. Why should we secure them? • As mobile devices become ingrained into our life, we store more and more data in them, such as: • E-mail • Contacts • Photos • and we use various apps to make our lives easier: • Social: Facebook, Twitter, LinkedIn • Financial: Paypal, eBay, Amazon • Cloud Storage: Dropbox, Google Drive • Maps: Mapquest, Google Maps • Games: Angry Birds, Bad Piggies

  6. Tip #1: Lock Device • Passcodes • Pins • Pattern (Android) • Facial Recognition (Android 4) • Passwords • Auto-Lock (Screen Timeout) • 1 minute to 5 minutes • Shorter time is more secure • Be aware of apps that can be accessed when locked

  7. Tip #2: Update Apps • Keep apps up-to-date using official sites • Apple App Store (iOS) • Google Play (Android) • Be wary of 3rd party apps from unofficial sites (Android) • When you allow unknown apps on Android, you allow them from ALL sources • Only turn this option on if you need it and turn it off when you don't need it. • There are legitimate stores other than Google Play that require this to be turned on: • Amazon App Store

  8. Tip #3: Disable Network Services • Benefits to disabling services • These services can pose security risks • Can also extend battery life • WiFi • Constantly scans for WiFi networks • Beware of open networks (unencrypted) • Bluetooth • Turn off or set to non-discoverable if not needed • Used for hands free devices and wireless keyboards • Can be used to view your contacts and make calls with your phone.

  9. Tip #4: Beware of QR codes Which QR code is the malicious one?

  10. Tips 5-10

  11. Tip #5: Update Operating System • Update OS to latest version available to you • iOS 6 • Android 4.1 (Jelly Bean) • BlackBerry 7.1 OS • Windows Phone 7.5 *Data as of October 1, 2012 *Data as of September 30, 2012

  12. Tip #6: ConfigureLocationServices • Popular features of location services • Photos - geotagging • Maps - turn by turn navigation • Beware of disclosing location publicly • Please Rob Me (2010) • U.S. Army warns about geotagging (2007) • Recommended Configuration • Disable if not needed • Only enable for specific apps when needed

  13. Tip #7: Backup Device

  14. Tip #7: Backup Device • Backup your device • Device should not be sole source of this data • Data can be encrypted during backup to iTunes (iOS) • Backups based on Google Account (Android) • Be aware of any sensitive data on device • Financial documents • Tax records • Health records • Passwords

  15. Tip #8: Wipe Device • Erase data on device before • Return • Repair • Resale • Auto-Wipe • Erases data after 10 failed attempts (iOS) • Autowipe app (Android 2.2+) • Remote Wipe • Gives you the ability to remotely wipe device

  16. Tip #9: Find Device • Find My iPhone (iOS) • Requires iOS 5+ • Locate your device on a map • Display custom message • Remotely lock or wipe device • Lost Mode (iOS 6) • LocateMyDroid (Android) • Available on Android OS 2.2+ • Visually see your phone on a map • Remotely lock/wipe phone (admin) • Create ICE for lock screen

  17. Tip #10: Secure Browser Settings • Recommended Settings • Block Pop-ups • Enable Private Browsing • Enable Fraud Warning (iOS) • Disable AutoFill • Disable Location Services • Clear history and cookies

  18. Wrap-Up • 10 Tips for Increased Security • Lock Device • Update Apps • Disable Network Services • Beware of QR Codes • Update Operating System • Configure Location Services • Backup Device • Wipe Device • Find Device • Secure Browser Settings

  19. Serious about Security Podcast • New episodes recorded every two weeks • http://www.cerias.purdue.edu/site/sas_podcast • Twitter: @SASPodcast

  20. Q&A Mike Hill E-mail: mikehill@purdue.edu Twitter: @Purdue_Mike • Preston Wiley E-mail: pswiley@purdue.edu Twitter: @PrestonSecure

  21. References • Android Distribution Chart • https://developer.android.com/about/dashboards/index.html • iOS Distribution Chart • http://insights.chitika.com/2012/ios-by-device/ • Permission to use Dilbert comics provided by Universal Uclick • Please Rob Me • http://pleaserobme.com • U.S. Army warns about the risks of geotagging • http://nakedsecurity.sophos.com/2012/03/14/us-army-warns-about-the-risks-of-geotagging/

More Related