Chapter 12 - 06 - Discuss and Implement General Security Guidelines and Best Practices on Mobile - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Mobile Device Security Module Flow 'st frerem]...

Certified Cybersecurity Technician Exam 212-82 Mobile Device Security Module Flow 'st frerem] NO oo e Discuss Security Risks and o 0’; ' Enterprises Mobile Usage Policies i i Discuss and Implement e — Concepts Management ——— @ -A Enterprise-level Mobile Security M ”- o anagement Solutions © immiv. [ =] =] O Discuss and Implement General sage Policies erprises Practices on Mobile Platforms Discuss and Implement General Security Guidelines and Best Practices on Mobile Platforms Enterprise-level mobile security management solutions can only deliver their promised benefits if they are backed by strong mobile device security practices. The objective of this section is to explain the general security guidelines and best practices to be implemented for securing mobile platforms. Module 12 Page 1536 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security Mobile Application Security Best Practices S Ensure that the apps do not save passwords Q0000000 Q0000060 S Avoid the use of query string while handling sensitive data N Use code obfuscation and encryption to secure the application source code g ) Implement two-factor authentication g - Use SSL/TLS to send data over secure channels Avoid caching app data Perform validation checks on input data B = = Implement secure Implement secure session session management management Copyright © by EC IL. All Rights Reserved. ReproductionIs Strictly Prohibited. Mobile Application Security Best Practices Security best practices that protect mobile applications: Ensure that the apps do not save passwords Avoid using query string while handling sensitive data Use code obfuscation and encryption to secure the application source code Implement two-factor authentication Use SSL/TLS to send data over a secure channel Avoid caching app data Perform validation checks on input data Implement secure session management Protect application setting Use server-side authentication Use cryptographic algorithms and key management Build threat models to defend data Ensure that employees download trusted apps from enterprise app stores Use containerization for critical corporate data Perform regular mobile security audits Regular software updates Implement jailbreak protection Module 12 Page 1537 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security Mobile Data Security Best Practices. Encrypt the data stored on the device S,. Enable over-the-air encryption using SSL, TLS, VPN, WPA2 etc. Backup the mobile data periodically o {0} Do not store extremely sensitive information on mobile devices Do not store passwords or PINs as contacts on your phone Use private data centers to store data and implement device authentication Mobile Data Security Best Practices Security best practices that protect mobile data: Secure mobile infrastructure and strengthen the endpoints Encrypt the data stored on devices Enable over-the-air encryption using SSL, TLS, VPN, and WPA?2 WPA2 Backup mobile data periodically Do not store extremely sensitive information on mobile devices Do not store passwords or PINs as contacts on your phone Use private data centers to store data and implement device authentication Maintain access control for devices and data Avoid public Wi-Fi networks Set automatic device locks when devices are not in use Ensure that users can access the corporate data from a secure central location Complete software updates and patches in a timely manner Educate employees to recognize suspicious emails Keep the antivirus and anti-malware software updated Train employees to encrypt hard drives and USBs before storing any work-related data on them Module 12 Page 1538 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Certified Cybersecurity Technician Technician Exam Exam 212-82 212-82 Mobile Device Security Mobile V.4. ' _’ Mobile Network Security | Guidelines Guideli nes Disable interfaces such as Bluetooth, infrared, and when not in use Wi-Fi when Set Bluetooth-enabled devices to non-discoverable mode Avoid connecting to unknown Wi-Fi networks and using public Wi-Fi hotspots Connect your device to encrypted Wi-Fi networks only Configure web accounts to use secure connections Copyright ©© by Copyright by E£ L All Al Rights Rights Reserved. Reserved. Reproduction Reproduction Isis Strictly Strictly Prohibited. Prohibited Mobile Network Security Guidelines Guidelines Security best practices that protect mobile networks: * Disable interfaces such as Bluetooth, infrared, and Wi-Fi when not in use * Set Bluetooth-enab Bluetooth-enabled led devices to non-discove non-discoverab rable le mode * Avoid connecting to unknown Wi-Fi networks and using public Wi-Fi hotspots * Connect the mobile devices to encrypted Wi-Fi networks only * Configure web accounts to use secure connections * Isolate a group of users using different SSIDs and segment the traffic for these groups to different VLANS * Apply different firewall rules and filters to different combinatio combinations ns of user groups or devices * Configure web accounts to use secure connections Module 12 Module 12 Page Page 1539 1539 Certified Cybersecurity Certified Cybersecurity Technician Technician Copyright Copyright ©© by by EG-Council EG-Council All Rights All Rights Reserved. Reserved. Reproduction Reproduction isis Strictly Strictly Prohibited. Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security General Guidelines for Mobile Platform Security Do not install too many applications Securely wipe or delete the data when and avoid auto-uploading photosto () 1 05 disposing of a device social networks Perform security assessment on the 0 2 l. 0 6 Do not share any information within application architecture ' | GPS-enabled apps unless required o Maintain configuration control and 0 3 ® oz Disable wireless access such as Wi-Fi management m ° and Bluetooth if not in use.. () Never connect two separate networks Install applications from trusted 0 4 L4 /© 0 8 such as Wi-Fi and 8Iu:booth application stores @. ° simultaneously General Guidelines for Mobile Platform Security Given below are various guidelines that can help users to protect their mobile devices. Do not install too many applications and avoid auto-uploading photos to social networks Perform security assessment for the application architecture Maintain configuration control and management Install applications from trusted app stores Securely wipe or delete the data while disposing of devices Do not share any information within GPS-enabled apps unless required Never connect two separate networks such as Wi-Fi and Bluetooth simultaneously Disable wireless access such as Wi-Fi and Bluetooth if not in use Never connect two separate networks such as Wi-Fi and Bluetooth simultaneously Configure a strong passcode with the maximum possible length Update the OS and apps to keep them secure Enable Remote Management Do Not Allow Rooting or Jailbreaking Use remote wipe services such as Find My Device (Android) and Find My iPhone or Find My (Apple iOS) to locate your device if it is lost or stolen Encrypt the device and its backups Module 12 Page 1540 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security = Perform Periodic Backup and Synchronization = Filter emails by configuring the server-side settings of the corporate email system = Strengthen Browser Permission Rules = Design and Implement Mobile Device Policies = Control devices and applications = Prohibit USB keys = Manage the operating and application environments = Press the power button to lock the device when not in use Module 12 Page 1541 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser