Mobile Device Security
Protecting the Edge of the Network
              CTST 2009
         Salvatore D’Agostino
          ...
It’s getting attention
What is a mobile device?
• Cell phone
    –   NFC
    –   Bluetooth
    –   802.11.x
    –   3G, 4G
•   Laptop
•   Rugged ...
Attack Vector(s)
• Email
    – Attachments
•   MMS
•   SMS
•   Could be anything on thumb drive…
•   NIST SP-800-124
Device Identity, Another Take on
             Convergence
• Devices matters as much as individuals
• Need to be treated in...
Can FIPS 201 address devices?
• Device certificates widely used
• Provides single method of authentication:
  – Doors
  – ...
Device Dilemma
• Need to manage device security
• Need to manage behavior of people that use it
  – Nearly half of people ...
Mobile Device Applications and
       Solutions Expanding Rapidly
• Out of band authentication
  – One Time Passwords Deli...
Simple Things to Do
• Enable PINs and Passwords
  – Better if tied to x.509 digital certificate
• Enable hard reset and da...
Upcoming SlideShare
Loading in...5
×

Mobile Device Security

496

Published on

IDmachines CTST 2009 slides on device security

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
496
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Mobile Device Security

  1. 1. Mobile Device Security Protecting the Edge of the Network CTST 2009 Salvatore D’Agostino IDmachines LLC
  2. 2. It’s getting attention
  3. 3. What is a mobile device? • Cell phone – NFC – Bluetooth – 802.11.x – 3G, 4G • Laptop • Rugged Devices • Media Players • Automobile, Aircraft • Thumb Drives • Smart Card
  4. 4. Attack Vector(s) • Email – Attachments • MMS • SMS • Could be anything on thumb drive… • NIST SP-800-124
  5. 5. Device Identity, Another Take on Convergence • Devices matters as much as individuals • Need to be treated in a very similar manner – Enrollment – Registration – Issuance – Activation – Lifecycle Management
  6. 6. Can FIPS 201 address devices? • Device certificates widely used • Provides single method of authentication: – Doors – Desktops – Devices • Network gear • Desktops and Servers • Mobile devices • Programmable Logic Controllers – Smart Grid
  7. 7. Device Dilemma • Need to manage device security • Need to manage behavior of people that use it – Nearly half of people consider laptop their property • Often don’t have the expertise in the operating system (embedded) • Roaming issue • Now they can connect directly to the network – Not just the email server • Many vendors
  8. 8. Mobile Device Applications and Solutions Expanding Rapidly • Out of band authentication – One Time Passwords Delivered to the Phone • Many vendors entering space – Verisign iPhone app – Battle.net mobile authenticator – Valimo – Payline – CORISECIO – Air France NFC boarding passes – A hundred more…..
  9. 9. Simple Things to Do • Enable PINs and Passwords – Better if tied to x.509 digital certificate • Enable hard reset and data wipe for lost devices – PIN lockout with CAC • Lojack for phones – Ability to track lost devices • Encrypt data • http://csrc.nist.gov/publications/nistbul/Jan2009 _Cell-Phones-and-PDAs.pdf
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×