SlideShare uma empresa Scribd logo

Mobile Device Security

Salvatore D'Agostino
Salvatore D'Agostino

IDmachines CTST 2009 slides on device security

1 de 9
Baixar para ler offline
Mobile Device Security Protecting the Edge of the Network CTST 2009 Salvatore D’Agostino IDmachines LLC
It’s getting attention
What is a mobile device? • Cell phone – NFC – Bluetooth – 802.11.x – 3G, 4G • Laptop • Rugged Devices • Media Players • Automobile, Aircraft • Thumb Drives • Smart Card
Attack Vector(s) • Email – Attachments • MMS • SMS • Could be anything on thumb drive… • NIST SP-800-124
Device Identity, Another Take on Convergence • Devices matters as much as individuals • Need to be treated in a very similar manner – Enrollment – Registration – Issuance – Activation – Lifecycle Management
Can FIPS 201 address devices? • Device certificates widely used • Provides single method of authentication: – Doors – Desktops – Devices • Network gear • Desktops and Servers • Mobile devices • Programmable Logic Controllers – Smart Grid
Device Dilemma • Need to manage device security • Need to manage behavior of people that use it – Nearly half of people consider laptop their property • Often don’t have the expertise in the operating system (embedded) • Roaming issue • Now they can connect directly to the network – Not just the email server • Many vendors
Mobile Device Applications and Solutions Expanding Rapidly • Out of band authentication – One Time Passwords Delivered to the Phone • Many vendors entering space – Verisign iPhone app – Battle.net mobile authenticator – Valimo – Payline – CORISECIO – Air France NFC boarding passes – A hundred more…..
Simple Things to Do • Enable PINs and Passwords – Better if tied to x.509 digital certificate • Enable hard reset and data wipe for lost devices – PIN lockout with CAC • Lojack for phones – Ability to track lost devices • Encrypt data • http://csrc.nist.gov/publications/nistbul/Jan2009 _Cell-Phones-and-PDAs.pdf

Recomendados

mobile application security
mobile application securitymobile application security
mobile application security
-jyothish kumar sirigidi
 
Mobile Device Management & Data Protection
Mobile Device Management & Data ProtectionMobile Device Management & Data Protection
Mobile Device Management & Data Protection
GeekTek IT Services
 
2018 hotel technology communication trends
2018 hotel technology communication trends2018 hotel technology communication trends
2018 hotel technology communication trends
Nexus Net
 
CellSIM OS Overview 1.0
CellSIM OS Overview 1.0CellSIM OS Overview 1.0
CellSIM OS Overview 1.0
Vladimir Nagin
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
Ben Rothke
 
SIM Card Overview
SIM Card OverviewSIM Card Overview
SIM Card Overview
Carlos Enrique Ortiz
 
TS31103 ISIM introduction
TS31103 ISIM introductionTS31103 ISIM introduction
TS31103 ISIM introduction
Kimmy Yang
 
Webinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDMWebinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDM
Bitglass
 

Recomendados

mobile application security
mobile application securitymobile application security
mobile application security
-jyothish kumar sirigidi
 
Mobile Device Management & Data Protection
Mobile Device Management & Data ProtectionMobile Device Management & Data Protection
Mobile Device Management & Data Protection
GeekTek IT Services
 
2018 hotel technology communication trends
2018 hotel technology communication trends2018 hotel technology communication trends
2018 hotel technology communication trends
Nexus Net
 
CellSIM OS Overview 1.0
CellSIM OS Overview 1.0CellSIM OS Overview 1.0
CellSIM OS Overview 1.0
Vladimir Nagin
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
Ben Rothke
 
SIM Card Overview
SIM Card OverviewSIM Card Overview
SIM Card Overview
Carlos Enrique Ortiz
 
TS31103 ISIM introduction
TS31103 ISIM introductionTS31103 ISIM introduction
TS31103 ISIM introduction
Kimmy Yang
 
Webinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDMWebinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDM
Bitglass
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
Ugo Chirico
 
SmartTrust WIB 1.3
SmartTrust WIB 1.3SmartTrust WIB 1.3
SmartTrust WIB 1.3
Julien SIMON
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 
Bank security
Bank securityBank security
Bank security
PLN9 Security Services Pvt. Ltd.
 
Mobile computing
Mobile computingMobile computing
Mobile computing
amellia27
 
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control PanelsmartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smart-i Electronics Systems Pvt Ltd.
 
Making Mobile Manageable
Making Mobile Manageable Making Mobile Manageable
Making Mobile Manageable
Spiceworks Ziff Davis
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
noorashams
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
Nitesh Malviya
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authentication
hon1nbo
 
Internet of Things changing our lives
Internet of Things changing our livesInternet of Things changing our lives
Internet of Things changing our lives
ABHILASHGUPTAKONIJET
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10
Nitesh Malviya
 
Sierraware virtual phone
Sierraware virtual phoneSierraware virtual phone
Sierraware virtual phone
Sierraware
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)
Andrea Colombetti
 
Smart Business using IoT
Smart Business using IoTSmart Business using IoT
Smart Business using IoT
Mithileysh Sathiyanarayanan
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
Mike Brannon
 
SOVA security management
SOVA security managementSOVA security management
SOVA security management
SOVA Systems
 
Securing Wireless Cellular Systems
Securing Wireless Cellular SystemsSecuring Wireless Cellular Systems
Securing Wireless Cellular Systems
ACMBangalore
 
World's Most Secure Privacy Phones
World's Most Secure Privacy PhonesWorld's Most Secure Privacy Phones
World's Most Secure Privacy Phones
John Adam
 
Cellnetrix brochure 2013
Cellnetrix brochure 2013Cellnetrix brochure 2013
Cellnetrix brochure 2013
Vladimir Nagin
 
EQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance ForumEQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance Forum
guest1279be
 
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and TestingNIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
Salvatore D'Agostino
 

Mais conteúdo relacionado

Mais procurados

Mobile computing
Mobile computingMobile computing
Mobile computing
amellia27
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)
Andrea Colombetti
 

Mais procurados (20)

Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
 
SmartTrust WIB 1.3
SmartTrust WIB 1.3SmartTrust WIB 1.3
SmartTrust WIB 1.3
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Bank security
Bank securityBank security
Bank security
 
Mobile computing
Mobile computingMobile computing
Mobile computing
 
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control PanelsmartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
 
Making Mobile Manageable
Making Mobile Manageable Making Mobile Manageable
Making Mobile Manageable
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authentication
 
Internet of Things changing our lives
Internet of Things changing our livesInternet of Things changing our lives
Internet of Things changing our lives
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10
 
Sierraware virtual phone
Sierraware virtual phoneSierraware virtual phone
Sierraware virtual phone
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)
 
Smart Business using IoT
Smart Business using IoTSmart Business using IoT
Smart Business using IoT
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
 
SOVA security management
SOVA security managementSOVA security management
SOVA security management
 
Securing Wireless Cellular Systems
Securing Wireless Cellular SystemsSecuring Wireless Cellular Systems
Securing Wireless Cellular Systems
 
World's Most Secure Privacy Phones
World's Most Secure Privacy PhonesWorld's Most Secure Privacy Phones
World's Most Secure Privacy Phones
 
Cellnetrix brochure 2013
Cellnetrix brochure 2013Cellnetrix brochure 2013
Cellnetrix brochure 2013
 

Destaque

EQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance ForumEQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance Forum
guest1279be
 
Exchange 2003ten Exchange 2010a GeçIş
Exchange 2003ten Exchange 2010a GeçIşExchange 2003ten Exchange 2010a GeçIş
Exchange 2003ten Exchange 2010a GeçIş
officeblogu
 
Utilising learning styles
Utilising learning stylesUtilising learning styles
Utilising learning styles
arteimi
 
Double transform contoor extraction
Double transform contoor extractionDouble transform contoor extraction
Double transform contoor extraction
arteimi
 
De Ontdekkingen Van Schliemann
De Ontdekkingen Van SchliemannDe Ontdekkingen Van Schliemann
De Ontdekkingen Van Schliemann
xave88
 
Ai in education2
Ai in education2Ai in education2
Ai in education2
arteimi
 

Destaque (18)

EQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance ForumEQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance Forum
 
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and TestingNIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
 
Representative Case Studies
Representative Case StudiesRepresentative Case Studies
Representative Case Studies
 
Identity Assertions Draftv5
Identity Assertions Draftv5Identity Assertions Draftv5
Identity Assertions Draftv5
 
Exchange 2003ten Exchange 2010a GeçIş
Exchange 2003ten Exchange 2010a GeçIşExchange 2003ten Exchange 2010a GeçIş
Exchange 2003ten Exchange 2010a GeçIş
 
Industry best prototyping practices iab 24 april 2013
Industry best prototyping practices iab 24 april 2013Industry best prototyping practices iab 24 april 2013
Industry best prototyping practices iab 24 april 2013
 
Utilising learning styles
Utilising learning stylesUtilising learning styles
Utilising learning styles
 
Double transform contoor extraction
Double transform contoor extractionDouble transform contoor extraction
Double transform contoor extraction
 
Electronic publishing
Electronic publishingElectronic publishing
Electronic publishing
 
FICAM Impact On Enterprise Architecture And Applications
FICAM Impact On Enterprise Architecture And ApplicationsFICAM Impact On Enterprise Architecture And Applications
FICAM Impact On Enterprise Architecture And Applications
 
Askep cidera kepala
Askep cidera kepalaAskep cidera kepala
Askep cidera kepala
 
Alphabet
AlphabetAlphabet
Alphabet
 
UTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIES
UTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIESUTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIES
UTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIES
 
De Ontdekkingen Van Schliemann
De Ontdekkingen Van SchliemannDe Ontdekkingen Van Schliemann
De Ontdekkingen Van Schliemann
 
Micro2440 Um 20090817
Micro2440 Um 20090817Micro2440 Um 20090817
Micro2440 Um 20090817
 
rule refinement in inductive knowledge based systems
rule refinement in inductive knowledge based systemsrule refinement in inductive knowledge based systems
rule refinement in inductive knowledge based systems
 
الجودة في التعليم التقني
الجودة في التعليم التقنيالجودة في التعليم التقني
الجودة في التعليم التقني
 
Ai in education2
Ai in education2Ai in education2
Ai in education2
 

Semelhante a Mobile Device Security

Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013
Shane Turner
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
Pragati Rai
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
Hai Nguyen
 
Securing hand held computing devices
Securing hand held computing devicesSecuring hand held computing devices
Securing hand held computing devices
jraja01
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 

Semelhante a Mobile Device Security (20)

Internet of Things Architecture / Topology
Internet of Things Architecture / TopologyInternet of Things Architecture / Topology
Internet of Things Architecture / Topology
 
M2M_IoT_Presentation
M2M_IoT_PresentationM2M_IoT_Presentation
M2M_IoT_Presentation
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 
551_MH_overview_handout.ppt
551_MH_overview_handout.ppt551_MH_overview_handout.ppt
551_MH_overview_handout.ppt
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile Security
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 
Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...
 
Internet of Things Stack
Internet of Things StackInternet of Things Stack
Internet of Things Stack
 
Smart phone and mobile phone risks
Smart phone and mobile phone risksSmart phone and mobile phone risks
Smart phone and mobile phone risks
 
Securing hand held computing devices
Securing hand held computing devicesSecuring hand held computing devices
Securing hand held computing devices
 
Industrial internet of things by sujata tilak
Industrial internet of things by sujata tilakIndustrial internet of things by sujata tilak
Industrial internet of things by sujata tilak
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Mobile computing
Mobile computingMobile computing
Mobile computing
 

Mobile Device Security

  • 1. Mobile Device Security Protecting the Edge of the Network CTST 2009 Salvatore D’Agostino IDmachines LLC
  • 3. What is a mobile device? • Cell phone – NFC – Bluetooth – 802.11.x – 3G, 4G • Laptop • Rugged Devices • Media Players • Automobile, Aircraft • Thumb Drives • Smart Card
  • 4. Attack Vector(s) • Email – Attachments • MMS • SMS • Could be anything on thumb drive… • NIST SP-800-124
  • 5. Device Identity, Another Take on Convergence • Devices matters as much as individuals • Need to be treated in a very similar manner – Enrollment – Registration – Issuance – Activation – Lifecycle Management
  • 6. Can FIPS 201 address devices? • Device certificates widely used • Provides single method of authentication: – Doors – Desktops – Devices • Network gear • Desktops and Servers • Mobile devices • Programmable Logic Controllers – Smart Grid
  • 7. Device Dilemma • Need to manage device security • Need to manage behavior of people that use it – Nearly half of people consider laptop their property • Often don’t have the expertise in the operating system (embedded) • Roaming issue • Now they can connect directly to the network – Not just the email server • Many vendors
  • 8. Mobile Device Applications and Solutions Expanding Rapidly • Out of band authentication – One Time Passwords Delivered to the Phone • Many vendors entering space – Verisign iPhone app – Battle.net mobile authenticator – Valimo – Payline – CORISECIO – Air France NFC boarding passes – A hundred more…..
  • 9. Simple Things to Do • Enable PINs and Passwords – Better if tied to x.509 digital certificate • Enable hard reset and data wipe for lost devices – PIN lockout with CAC • Lojack for phones – Ability to track lost devices • Encrypt data • http://csrc.nist.gov/publications/nistbul/Jan2009 _Cell-Phones-and-PDAs.pdf