Chapter 12 - 02 - Discuss Mobile Device Management Concepts_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Mobile Device Security

Module Flow

Discuss Security Risks and
Understand Various Mobile lc)is::;slr:::;: :?cfi:t:vm:
Guidelines Associated with
Device Connection Methods (.
Enterprises Mobile Usage Policies

Discuss and Implement
e Discuss Mobile Device
Enterprise-level Mobile Security
Management
L Concepts
e Management
Management Solutions
Solutions

o Discuss and Implement General
Discuss Common Mobile
Security Guidelines and Best
Usage Policies in Enterprises
Practices on Mobile Platforms

Copyright © by EC-
EC-Council L AlAll Rights Reserved. Reproduction
Reproductionsis Strictly Prohibited

Discuss Mobile Device Management Concepts
This section discusses various mobile device management concepts.

Module 12 Page 1488 EC-Council
Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Mobile Device Security

Mobile Device Management (IVIDIV)

MDM provides platforms for over-the-air or wired distribution of
applications, data and configuration settings for all types of mobile

Mobile Application Management Mobile Content Management Context-aware Authentication
O A software that is mostly used by IT O A software that offers solutions to O 1tIt uses the contextual information of a
admins to control and secure safeguard the content or data on the user such as geolocation, identity, and
organizational data. It offers features mobile devices. It provides features behavior for enhancing data security
such as the remote activation or to store and deliver data, offer the decisions
deactivation of devices, remote wiping in required services, and permit
case of theft or loss, etc. employees to access the
organizational data remotely
Copyright © by

Mobile Device Management (MDM) (Cont’d)

Mobile Email Management Mobile Security Management

It offers secure access to organizational - It involves actions and precautionary
email infrastructure and data on an { \' steps for securing the organizational
employee’s mobile devices data and mobile devices used by
employees

Enterprise Mobility Management Remote Wipe
’,"' 0 _———————
_

It consists of tools and technologies. \. It is a technique used for securing and
used in an organization to secure the \_/ protecting data from miscreants if a
data in employees’ personal (BYOD) mobile device used by an employee
and organizational devices was lost. This feature allows the
administrator to send a command
that can erase all the device data

Module 12 Page 1489 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Mobile Device Security

Mobile Device Management (MDM) (Cont’d)

Sczeen Lock e e et s
It protects private data of the employee and
Passwords and
confidential information of the organization stored on
PINs r—m
a mobile device

It is an advanced and unique security technology that utilizes
Biometrics @ an individual’s physical attributes such as fingerprint, iris,
face, voice, and behavior for verifying their identity

It is a messaging feature that originates from a server and
Push Notification [ =~ enables the delivery of data or messages from an application
U
| Services ~ to a mobile device without any explicit request from the
user
Copyright © by L All Rights Reserved. Reproduction is Strictly Prohibited.

Full Device OTA
Geolocation
Encryption Updates
Itis a technology It is a security It is a new method
that can identify feature that can of delivering
the be used to updates for
Geofencing Containerization ’

of users or , and
devices when A geofence is a virtual stored on any Itis a technique in ’

connected to the storage medium
which all personal as well as any
fence positioned at a
Internet specific location that within a mobile and organizational other essential
interacts with mobile device data, to a mobile
data are segregated
users whenever they on an employee’s device
cross the fence mobile device. It
It helps marketers helps in improving
gather sensitive data the security of
and information about organizational data
users’ offline
activities from the
location data
mwumd.mmummm

Mobile Device Management (IMDM)
MDM provides platforms for over-the-air or wired distribution of applications, data, and
configuration settings for all types of mobile devices, including mobile phones, smartphones,
tablet computers, and so on. It helps in implementing enterprise-wide policies to reduce
support costs, business discontinuity, and security risks. It helps system administrators to
deploy and manage software applications across all enterprise mobile devices to secure,

Module 12 Page 1490 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Mobile Device Security

monitor, manage, and support these devices. It can be used to manage both company-owned
and employee-owned (BYOD) devices across the enterprise.

Discussed below are various concepts related to mobile device management:

Mobile application management

Mobile application management (MAM) is software that is mostly used by IT admins to
control and secure organizational data. MAM offers features such as the remote
activation or deactivation of devices, device registration in the organization, and remote
wiping in case of theft or loss. These features are suitable for mobile devices that are
used only for organizational purposes by the employees. For mobile devices that are
used for both work and personal use, IT admins can implement and apply privacy
policies on mobile applications by limiting organizational data sharing. They can also
enable the partitioning of the applications used in the organization and personal data on
the same mobile devices. MAM features also include software or application
distribution to employees, license management, data encryption, configuration, and
inventory management.

Mobile content management

Mobile content management (MCM) is software that forms a part of mobile device
management (MDM). MCM offers solutions to safeguard the content or data on the
mobile devices used in an organization. It provides features to store and deliver data,
offer the required services, and permit employees to access the organizational data
remotely and at any time necessary. MCM ensures that unauthorized data access is
restricted or blocked, thereby protecting the confidential data of the organization. It
oversees critical data management, access to work documents, email management, and
digital asset management. It can also encrypt confidential data and use any strong
password technique for data transmission and data storage.
Context-aware authentication

Context-aware authentication is a type of enhanced security technique that uses the
contextual information of a user such as geolocation, identity, and behavior for
enhancing data security decisions. It also uses the data about the user, requests made,
connection, and location. All this data help in preventing malicious users from accessing
the organizational data. This technique also allows employees to access the
organizational network within the office perimeter and denies access when a device is
connected to a public Wi-Fi network.

Module 12 Page 1491 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Mobile Device Security

o

&
Geo-location o@?'oe,(\d Attacker
cesssrassesenanend e L.

i.., G,
Behavior., Cop
— B RTINS S " ™ Q,G
Adaptive SSO J
User mobile A

Figure 12.1: Context-aware authentication

Mobile email management
Mobile email management (MEM) offers secure access to organizational email
infrastructure and data on an employee’s mobile devices. It helps in the remote pre-
configuration and pre-set up of organizational email accounts for employees. MEM can
enforce compliance and thwart unauthorized access by allowing only approved and
authorized devices and applications to access the email.

Enterprise mobility management

Enterprise mobility management (EMM) consists of tools and technologies used in an
organization to secure the data in employees’ personal (BYOD) and organizational
devices. EMM acts as a comprehensive solution responsible for MDM, MAM, MTM,
MCM, and MEM. It safeguards the enterprise data accessed and used by employee
mobile devices. EMM can increase employee productivity as the IT admin can configure
applications remotely and provide data access to employees.

Mobile security management

Mobile security management involves actions and precautionary steps for securing the
organizational data and mobile devices used by employees. It can protect the
organization’s network access, helps in device and application security, and enables
secure access to the organization’s emails.

The following are some of the features of mobile security management:
o Generates separate logical containers on mobile devices to prevent private apps
from accessing the organization’s data
o Employs strong passcode techniques to restrict third-party access
o Automates updates of the devices and OS with the latest security patches
o Blacklists malicious applications

o Executes commands on lost mobile devices remotely
o Configures a VPN specifically for the organization’s data, resources, and applications

Module 12 Page 1492 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Mobile Device Security

= Remote wipe

Remote wipe is a technique used for securing and protecting data from miscreants if a
mobile device used by an employee was stolen or lost. This feature allows the device
owner or the organization’s administrator to send a command that can delete or erase
all the device data. This helps prevent perpetrators from compromising sensitive
personal data or confidential organizational assets.

= Screen lock

Screen lock is a feature in mobile devices that is used to secure data and prevent illegal
access by perpetrators. Enabling screen lock in a mobile device can prevent access to
private data in the mobile device even if it was lost or stolen. Screen lock can be set in a
mobile device by using protection techniques such as a password, face lock, fingerprint
lock, pattern, or PIN. Unlocking the screen involves a set of actions that needs to be
performed correctly, failing which the device can lock out after a certain number of
unsuccessful attempts.
= Passwords and PINs

Passwords and PINs are basic security features used in all mobile devices. Using a secure
PIN and complex password can protect private data of the employee and confidential
information of the organization stored on a mobile device. A password or PIN acts as a
simple but effective defense to safeguard the data from being accessed by any malicious
user. A PIN consists of a sequence of numbers, without any letters or special characters.
In contrast, a password comprises uppercase and lowercase letters, numerals, and
special characters and are usually lengthier than a PIN.

= Biometrics

Biometrics is an advanced and unique security technology that utilizes an individual’s
physical attributes such as fingerprint, iris, face, voice, and behavior for verifying their
identity. These data are stored in a database, and whenever the mobile device needs to
be accessed, the user-provided data are compared with the stored data; access is
allowed only if there is a match. Biometrics can be used to authenticate a user very
easily, quickly, and securely. It also prevents the need for remembering complex
passwords.
= Push notification services

A push-notification service is a messaging feature that originates from a server and
enables the delivery of data or messages from an application to a mobile device without
any explicit request from the user. It is a great marketing tool for maintaining contact
with users. This service does not require any application to be opened for receiving the
notification, and the text message in the notification will be displayed on the mobile
device, even if the application is closed or the screen is locked. The mobile user has the
option of enabling or disabling push notifications. It is important for the developers of
mobile applications to apply appropriate security controls for apps or services that

Module 12 Page 1493 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Mobile Device Security

receive push notifications. Otherwise, attackers may be able to send fraudulent push
notifications to hack mobile devices.

= Geolocation

Geolocation is a technology that can identify the real-world geographical location of
users or devices when connected to the Internet. It works on mobile devices through
the GPS system and is accurate to the level of approximately one foot. Deploying
geolocation in applications helps marketers in implementing their business and
marketing techniques easily. Geolocation is also famous for offering a rich user
experience for navigation through maps and for tracking people, devices, or vehicles
having the GPS feature. Geolocation is also used in weather forecasting.
= Geofencing
Geofencing is a technique through which mobile-application marketers utilize the
location of the user to gather information. This technique can determine how close the
user’s mobile device is to an exact location by using the GPS feature. A geofence is a
virtual fence that is positioned at a static location and interacts with mobile users that
cross the fence. Geofencing helps marketers gather sensitive data and information
about users’ offline activities from the location data. Geofencing uses cellular
triangulation for locating a user’s device with an accuracy level of 50-50,000 m.
The following are the main advantages of geofencing for marketing:
o Sends promotions directly to clients
o Improves sales locally
o Reduces cost on paid advertising
o Obtains data on user experience for further improvement
Organizations can employ geofencing to control the usage of unnecessary features such
as camera and video within their premises. Geofencing allows organizations to create a
virtual boundary around their office premises and implement security controls when a
mobile device either enters or leaves the virtual boundary.
= Full Device Encryption
Full disk encryption is a security feature that can encrypt all the information stored on
any storage medium within a mobile device. This technique encodes the user’s
information stored on the mobile device by using an encryption key. It is useful for
automatically encrypting data, which can be decrypted using the key. It employs
encryption algorithms such as the 128-bit Advanced Encryption Standard (AES) with
cipher-block chaining (CBC).
Mobile devices also support data encryption at different levels. One encryption
technique is to encrypt all user-related data with a key that is stored on the device. This
technique is useful at the time of data wiping. The mobile device deletes the key
permanently and makes the data inaccessible to a third person. Furthermore, mobile

Module 12 Page 1494 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Mobile Device Security

devices support multiple levels of encryption for email messages using the data
protection option.

= Containerization

Containerization is a technique in which all personal and organizational data are
segregated on an employee’s mobile device. With the increasing adoption of BYOD
policies, using this technique substantially helps in improving the security of
organizational data. It also improves productivity and enables the easy use of company
resources and applications. These applications do not have any control of or
communication with the private applications or data of the employees as they exist
outside the container.

The following are the benefits of containerization:

o By default, containers are encrypted to secure corporate data.
o Data cannot enter or exit the container.

o Data are shared only between the apps within the container.

o Containerization provides complete control over the container’s workspace.

o Containerization provides privacy to the user’s data on the mobile device.

= Over-the-air (OTA) Updates
Over-the-air (OTA) updating is a new method of delivering updates for applications,
firmware, and time-zone rules, as well as any other essential data, to a mobile device.
This method is used in many tasks such as configuring loT devices, updating SIM cards,
and updating software in electric cars. The manufacturers of mobile devices are
introducing OTA technology to update the operating system (OS) and default apps in the
device without interfering with the applications downloaded from Google Play Store or
any other app store. For iOS devices, the OTA feature was introduced in the iOS 5.0.1
update. Previously, all updates to iPhones were performed by connecting to a computer
and updating through iTunes. The main feature of OTA updates is that one updated
device can send updates to all other devices in the network. However, OTA technology
has vulnerabilities that may allow attackers to place an evil base station in a particular
area and perform various attacks such as MITM and exploit device firmware.

Module 12 Page 1495 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.