Chapter 12 - 06 - Discuss and Implement General Security Guidelines on Mobile - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Mobile Device Security Exam 212-82 Module st N i i - © immiv. Policies Discuss Security Risks and 0’; e — Concepts Management sage Flow erprises @ Enterprises Mobile Usage Policies Discuss and Implement -A o Enterprise-level Mobile Security M anagement Solutions [ =] Discuss and Implement General Practices on Mobile Platforms O Discuss and Implement General Practices on Mobile Platforms Security Guidelines and Best Enterprise-level mobile security management solutions can only deliver their promised benefits if they are backed by strong mobile device security practices. The objective of this section is to explain the general mobile platforms. Module 12 Page 1536 security guidelines and best practices to be implemented for securing Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Mobile Device Security Exam 212-82 Mobile Application Security Best Practices Avoid the use of query string while handling sensitive data Use code obfuscation and encryption to secure the application source code - Implement two-factor authentication Use SSL/TLS to send data over secure channels Avoid caching app data = = Perform validation checks on input data Implement secure session management B Q0000000 Ensure that the apps do not save passwords Copyright © by EC L. All Rights Reserved. ReproductionIs Strictly Prohibited. Mobile Application Security Best Practices Security best practices that protect mobile applications: Ensure that the apps do not save passwords Avoid using query string while handling sensitive data Use code obfuscation and encryption to secure the application source code Implement two-factor authentication Use SSL/TLS to send data over a secure channel Avoid caching app data Perform validation checks on input data Implement secure session management Protect application setting Use server-side authentication Use cryptographic algorithms and key management Build threat models to defend data Ensure that employees download trusted apps from enterprise app stores Use containerization for critical corporate data Perform regular mobile security audits Regular software updates Implement jailbreak protection Module 12 Page 1537 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security Mobile Data Security Best Practices Encrypt the data stored on the device. Enable over-the-air encryption using SSL, TLS, VPN, WPA2 etc. o {0} S,. Backup the mobile data periodically Do not store extremely sensitive information on mobile devices Do not store passwords or PINs as contacts on your phone Use private data centers to store data and implement device authentication Mobile Data Security Best Practices Security best practices that protect mobile data: Secure mobile infrastructure and strengthen the endpoints Encrypt the data stored on devices Enable over-the-air encryption using SSL, TLS, VPN, and WPA2 Backup mobile data periodically Do not store extremely sensitive information on mobile devices Do not store passwords or PINs as contacts on your phone Use private data centers to store data and implement device authentication Maintain access control for devices and data Avoid public Wi-Fi networks Set automatic device locks when devices are not in use Ensure that users can access the corporate data from a secure central location Complete software updates and patches in a timely manner Educate employees to recognize suspicious emails Keep the antivirus and anti-malware software updated Train employees to encrypt hard drives and USBs before storing any work-related data on them Module 12 Page 1538 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Mobile Device Security 4. ' | Exam 212-82 ’ Mobile Network Security Guidelines Disable interfaces such as Bluetooth, infrared, and Wi-Fi when not in use Set Bluetooth-enabled devices to non-discoverable mode Avoid connecting to unknown Wi-Fi networks and using public Wi-Fi hotspots Connect your device to encrypted Wi-Fi networks only Configure web accounts to use secure connections Copyright © by £ Al Rights Reserved. Reproduction Is Strictly Prohibited Mobile Network Security Guidelines Security best practices that protect mobile networks: * Disable interfaces such as Bluetooth, infrared, and Wi-Fi when not in use * Set Bluetooth-enabled devices to non-discoverable mode * Avoid connecting to unknown Wi-Fi networks and using public Wi-Fi hotspots * Connect the mobile devices to encrypted Wi-Fi networks only * Configure web accounts to use secure connections * Isolate a group of users using different SSIDs and segment the traffic for these groups to different VLANS * Apply different firewall rules and filters to different combinations of user groups or devices * Configure web accounts to use secure connections Module 12 Page 1539 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security General Guidelines for Mobile Platform Security Do not install too many applications and avoid auto-uploading photosto social networks () 1 Perform security assessment on the application architecture 0 2 Maintain configuration control and 0 3 05 l 0 6 ' | Securely wipe or delete the data when disposing of a device Do not share any information within GPS-enabled apps unless required o management ® m ° oz Disable wireless access such as Wi-Fi and Bluetooth if not in use.. Install applications from trusted 0 4 () L4 application stores /© @ 0 8 ° Never connect two separate networks such as Wi-Fi and 8Iu:booth. simultaneously General Guidelines for Mobile Platform Security Given below are various guidelines that can help users to protect their mobile devices. Do not install too many applications and avoid auto-uploading photos to social networks Perform security assessment for the application architecture Maintain configuration control and management Install applications from trusted app stores Securely wipe or delete the data while disposing of devices Do not share any information within GPS-enabled apps unless required Never connect two separate networks such as Wi-Fi and Bluetooth simultaneously Disable wireless access such as Wi-Fi and Bluetooth if not in use Never connect two separate networks such as Wi-Fi and Bluetooth simultaneously Configure a strong passcode with the maximum possible length Update the OS and apps to keep them secure Enable Remote Management Do Not Allow Rooting or Jailbreaking Use remote wipe services such as Find My Device (Android) and Find My iPhone or Find My (Apple iOS) to locate your device if it is lost or stolen Encrypt the device and its backups Module 12 Page 1540 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security = Perform Periodic Backup and Synchronization = Filter emails by configuring the server-side settings of the corporate email system = Strengthen Browser Permission Rules = Design and Implement Mobile Device Policies = Control devices and applications = Prohibit USB keys = Manage the operating and application environments = Press the power button to lock the device when not in use Module 12 Page 1541 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.