Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mobile Device Security

668 views

Published on

IDmachines CTST 2009 slides on device security

  • Be the first to comment

  • Be the first to like this

Mobile Device Security

  1. 1. Mobile Device Security Protecting the Edge of the Network CTST 2009 Salvatore D’Agostino IDmachines LLC
  2. 2. It’s getting attention
  3. 3. What is a mobile device? • Cell phone – NFC – Bluetooth – 802.11.x – 3G, 4G • Laptop • Rugged Devices • Media Players • Automobile, Aircraft • Thumb Drives • Smart Card
  4. 4. Attack Vector(s) • Email – Attachments • MMS • SMS • Could be anything on thumb drive… • NIST SP-800-124
  5. 5. Device Identity, Another Take on Convergence • Devices matters as much as individuals • Need to be treated in a very similar manner – Enrollment – Registration – Issuance – Activation – Lifecycle Management
  6. 6. Can FIPS 201 address devices? • Device certificates widely used • Provides single method of authentication: – Doors – Desktops – Devices • Network gear • Desktops and Servers • Mobile devices • Programmable Logic Controllers – Smart Grid
  7. 7. Device Dilemma • Need to manage device security • Need to manage behavior of people that use it – Nearly half of people consider laptop their property • Often don’t have the expertise in the operating system (embedded) • Roaming issue • Now they can connect directly to the network – Not just the email server • Many vendors
  8. 8. Mobile Device Applications and Solutions Expanding Rapidly • Out of band authentication – One Time Passwords Delivered to the Phone • Many vendors entering space – Verisign iPhone app – Battle.net mobile authenticator – Valimo – Payline – CORISECIO – Air France NFC boarding passes – A hundred more…..
  9. 9. Simple Things to Do • Enable PINs and Passwords – Better if tied to x.509 digital certificate • Enable hard reset and data wipe for lost devices – PIN lockout with CAC • Lojack for phones – Ability to track lost devices • Encrypt data • http://csrc.nist.gov/publications/nistbul/Jan2009 _Cell-Phones-and-PDAs.pdf

×