Windows Phone 8 provides several security features to protect devices and data, including secure boot to prevent malware installation, device encryption, and application sandboxing. It also supports enterprise management of apps and policies through Exchange ActiveSync or System Center Mobile Device Management for features like remote wiping, password policies, and app distribution controls.
The incorporation of Security-Enhanced Linux in Android (SEAndroid) is an important security enhancement to the platform.
Android is built on top of the Linux kernel, with a collection of traditional and customized Linux libraries and daemons.
....
The incorporation of Security-Enhanced Linux in Android (SEAndroid) is an important security enhancement to the platform.
Android is built on top of the Linux kernel, with a collection of traditional and customized Linux libraries and daemons.
....
Video at http://mrkn.co/andsec
With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise.
In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration.
Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves.
Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices.
By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.
Pwning Windows Mobile applications by Ankit GiriOWASP Delhi
Mobile Platform Operating Systems
Windows Phone Overview
What we can test?
Challenges
Approach & Prerequisites
Methodology
Application File Structure
Tools for Penetration Testing
Security Features
Video at http://mrkn.co/andsec
With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise.
In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration.
Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves.
Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices.
By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.
Pwning Windows Mobile applications by Ankit GiriOWASP Delhi
Mobile Platform Operating Systems
Windows Phone Overview
What we can test?
Challenges
Approach & Prerequisites
Methodology
Application File Structure
Tools for Penetration Testing
Security Features
Mobile Enterprise Application PlatformNugroho Gito
mobile enterprise application, mobile application development, mobile enterprise, hybrid mobile, mobile security, reverse engineer, obfuscation, ibm, mobilefirst platform, bluemix, api management, mobile backend as a service
Pequeña presentación sobre más opciones de seguridad de Microsoft Windows 10. Esta charla está englobada dentro de un ciclo de micro-charlas de seguridad de cliente Windows.
Presentation on conducting mobile device forensics without the use of expensive commercial tools, instead utilising FOSS alternatives. Conducting manual analysis makes you a better forensic analyst as well as helps to discover more potential evidence. From acquisition, to analysis, to malware disassembly, this presentation will provide a primer on all facets of mobile forensics.
Give your users the latest mobile technology while keeping your organization’s data safe. We help you secure, monitor and control mobile devices with over-the-air control. The self-service portal makes mobile management easy and stops Bring Your Own Device (BYOD) from becoming an IT nightmare. Choose the delivery model to suit your needs.
For more on Sophos Mobile Control, visit: http://bit.ly/SMC_solutions
What's your BYOD Strategy? Objectives and tips from Microsoft & ApteraAptera Inc
It was challenging enough to make sure everyone had access to the software and files they needed back in the days when we all worked on desktops in the office. But with your employees working on their own devices, both in and out of the office, it’s even harder to keep them fully equipped. Plus, you have the added challenge of making sure sensitive or proprietary information stays secure as people come and go with their own laptops, tablets, and smart phones. Fortunately, cloud technologies like Windows Intune are already available to help your business meet these challenges.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
This is a series of articles about shell extensions that enhance high-level features of any operation system. However, such possibilities not only enrich platform but simplify developing trojans, exploits that leads to the new security holes. Mostly this kind of extensions are known as usermode rootkits.
http://hakin9.org/theultimat/
This webinar by Endeavour's Technology Consulting group provides insights on Enterprise Security & android platform.
Data and transaction security has become of paramount importance with increase in mobile application usage in enterprises. The challenges of the security issues faced have become a top priority in every enterprise. Businesses and IT departments are experiencing employees opting for Android phones as corporate communication tools over other Smartphone as they offer powerful apps and innovative hardware specs.
Fra få til mange typer af mobile devices. Lær hvordan du administrerer dine mobile devices via SystemCenter Config Mgr og Windows Intune. Præsentation af Kent Agerlund, CoreTech
Visual Studio Online is the online home for your development projects. Visual Studio Online connects to Visual Studio, Eclipse, Xcode, and other Git clients to support development for a variety of platforms and languages.
Find out more about how you can use the power of Visual Studio Online to drive your development projects.
Look beyond the hype and create a strategy that will unlock the potential of the Internet of Your Things to realize real, transformative results in your organization.
Look beyond the hype and create a strategy that will unlock the potential of the Internet of Your Things to realize real, transformative results in your organization.
Code in the Cloud presentation as presented in Antwerp Lindner Hotel on 8th December 2014
#codeinthecloud
Agenda from the event:
In the AM (Introduction)
- Introduction to Application Lifecycle Management and Visual Studio Online
- Managing your project: what, who and when
- Working with code: keeping the source code safe and in-sync and be productive as a developer
- Tracking progress: how are we doing
- Improving quality: continuous build, deploy and testing
EAT
In the PM (Putting it all into practice)
- Exciting demonstrations and walkthroughs on how to run your project with Visual Studio Online.
Unlimited resources at your fingertips, only bounded to the limitations of your imagination. Windows Azure allows you to be flexible at your own pace and with your own provisioning needs, whether you're a developer or IT professional. This talk will handle all things IaaS related to Windows Azure, going over the capabilities in usage and architecture.
Belgian app builders: discover your new home: http://msdn.be/apps AKA the Apps on Windows portal.
2. Agenda
Security goals
What is this all about?
System integrity
Prevent malware from taking control
App platform security
Architecture and recommendations
Data protection
Prevent unauthorized access to data
Access control & App Mgmt
Provide secure access to device
Remediation
What if something goes wrong?
3. All large screen, dual-core, LTE and NFC
Nokia Lumia 920 Nokia Lumia 820 Samsung ATIV S HTC 8X
4.5”, PureMotion display, 4.3”, ClearBlack display, Carl 4.8”, HD super AMOLED 4.3”, Gorilla Glass 2 display,
PureView OIS camera Zeiss lens display ultra-wide angle camera lens
Nokia City lens, Nokia music Snap on back cover, Wireless NFC Tap-to-send, Built-in Beats Audio, built-in
streaming, Wireless charging charging, Nokia City lens, Samsung Family Story amp
Nokia music streaming
4. Security Goals
User first
Great users experiences .. What’s the impact
End user safety
Not always aware .. Tools to protect
Developer trust
Create apps .. Trustable platform
Business compliance
Enterprise .. Policy .. Management
5. New WP8 security controls
Secure Boot helps ensure the integrity of the
entire Operating System
Secure Boot implementation is provided by SoC
Two phases:
pre-UEFI secure boot loaders to initialize the hardware
UEFI secure boot helps ensure integrity of OS
Secure Boot helps prevent malware from being
installed on the phone
6. Secure boot process
Power On
Windows
Firmware Windows Phone 8 OS
OEM UEFI boot
boot Phone boot
applications
loaders manager
Windows
Phone 8
update OS
Boot to
boot
flashing
SoC Vendor mode
OEM
MSFT http://www.uefi.org/specs/
7. Signed pre-boot loader
During manufacturing
Pre boot is securely signed
Add public key used to sign the initial boot loaders
+ numbers of unique & common keys per device
Blow appropriate fuses – read only
Every phone gets unique key
Encryption, …
No secure boot bypass for users
Secure flashing is required
8. Secure UEFI Boot Loader
All about keys
Platform Key – Master key
Once PK is provisioned the UEFI environment is “enabled”
be used to sign updates
Allowed and Forbidden Signature Database –
DB/DBX
Controls what images can be loaded
Contains forbidden keys – can be updated
Supports only signed components
Secure boot policy
Boot Sequence
9. Code Signing
All Windows Phone 8 binaries must have digital
signatures signed by Microsoft
OS components and Apps have a digital signatures
Different from WP7, OEM binaries are signed by Microsoft
With the control of every layers, it becomes
very difficult to integrate a custom build.
10. Windows Phone 7 Application
security model
Chamber security Model (Sandbo
Fixed For the Kernel & Drivers <- risk
Permissions
Chamber For OS component and cross OS apps like
Types
music – expose to multiple apps
Capabilities
Created ad-hoc for apps based on
Dynamic
Build
Expressed in application manifest
Disclosed on Marketplace
Defines app’s security boundary on phone
11. Capabilities
WP7 capabilities
Capabilities are detected during ingestion and overwrite what you specified
during development.
WP8 capabilities
• You are responsible for specifying the correct capabilities that are used by your
application in the AppManifest before submitting your app to the Store
12. Windows Phone 8 Application
security model
WP8 chambers are built on
the Windows security
infrastructure
TBC for the kernel
LPC for all
• Apps
• OS components
Dynamic • Drivers
Build
(LPC)
The attack surface becomes smaller
13. Internet Explorer 10 for Windows Phone
Fast and safe browsing
Run in the Least privilege sandbox
Cannot access data in the phone’s file system or access
information from other applications in memory.
No plug-ins
Real time anti-phishing protection
SmartScreen Filter
14. Device Encryption
Full internal storage
encryption to protect
information
Build on Windows BitLocker architecture (TPM 2.0)
Encryption is always on
Not manageable or pre-boot PIN entry
All internal storage is encrypted
SD card not encrypted but can be managed
15. Data Leak Prevention (DLP)
Information Rights Management
(IRM) Helps prevent intellectual
property from being leaked
Protects emails and documents on the phone from
unauthorized distribution
SupportExchange Server and SharePoint
Active Directory Rights Management supports all your
Mobile Information Management (MIM) needs
16. Security takeaways
Secure boot turned on
Security model for applications
All binaries are signed
Device encryption on
Device access must be controlled!
17. Device management choice
Exchange ActiveSync with Exchange Server
and Office 365 for email and config
management
Widely used for mobile email and access policy management
Enterprise App and device management with
System Center Mobile Device Management
For app distribution and access policy management
18. Mobile device policy and reporting
EA
S MDM Enterprise policies MDM Reporting
Simple password Server configured policy values
Alphanumeric password Query installed enterprise app
Minimum password length Device name
Minimum password complex characters Device ID
Password expiration OS platform type
Password history Firmware version
Device wipe threshold OS version
Inactivity timeout Device local time
(NA) IRM enabled Processor type
Remote device wipe Device model
Device encryption (new) Device manufacturer
Disable removable storage card (new) Device processor architecture
Remote update of business apps (new) Device language
Remote or local un-enroll (new)
19. Enterprise Application Management
1. Registration 1. Device Enrollment
IT depart
Dev Center
2. Signing Tools 2. Get apps
3. Cert and
Enterprise ID
Registration Development & deployment
1. Enterprise registers @ Dev center 1. Develop Corp App
2. Enterprise downloads app tools 2. Sign package with enterprise
3. Geotrust checks that vetting is Certificate
complete, and generates a 3. Integrate in Corp app catalog
certificate for enterprise 4. Generate tokens to side load
5. Deploy by mail, Corp hub ..
No need to publish it
Supports multiple organizations tokens
20. Enterprise app ingestion
Enterprise apps are not submitted to Marketplace for ingestion
App ingestion in enterprise catalog is owned and managed
exclusively by IT
IT is responsible for the quality of enterprise apps
IT is responsible for any impact on the overall experience on the phone
Use the Windows Phone Marketplace Test Kit to evaluate apps
Enterprise app capabilities are the same as a public apps
Capabilities are enforced on the phone at app install time
Sandbox still there
If app uses the location capability, would suggest to add an option to disable it
21. WP7 Phones enterprise app
deployment
1.Submit you app to me marketplace
2.Mark as hidden
3.Email a Deep Link (IRM)
4.User downloads and install the app
5.Advice – Add a User Authentication
Enterprise app installation works only for enrolled phones
22. Unmanaged Phones enterprise app
deployment (BYOD)
1.Enterprise IT signs the XAP
2.Email a link with the app enrollment token (IRM)
3.User downloads and install the app enrollment token
4.User navigates via web to the enterprise app store or via
a client app
Enterprise app installation works only for enrolled phones
5.App is downloaded and installed on the phone
6.Advice – Add a User Authentication
23. Managed Phones Enterprise App
management
Managed by MDM
1.The phone initiates enrollment with MDM
2.MDM provisions certificates and sends the app
enrollment token to the phone
3.IT can decide to push only one App,
4.Advice – push a discovery app that provides access to
apps in the enterprise store
5.User always decides to install Apps
6.Automatic update or remove Apps ones enrolled with the
enterprise
25. Remediate
Remote and local wipe
Admin initiated or end user initiated
Windowsphone.live.com (Demo)
Windows update
OTA only - not manageable by IT
Application revocation
Marketplace and enterprise apps
26. Robust security helps to protect information
Secure boot
Complete boot sequence is secured
Assures operating system integrity and know state, helps protect against malware
Code signing
All code is signed
Making sure only known and trusted software components can execute
App sandboxing
Least privilege, secure chambers model is applied to operating system services, inbox apps,
and store apps
Marketplace developer validation, app certification, and malware scanning
Assures apps can be trusted and helps protect against malware
Device encryption
Always-on, hardware assisted, and accelerated, full internal storage encryption
27. 5 – 6 – 7 MARCH 2013
Kinepolis Antwerp
3 days full of fascinating technical sessions for
developers and IT professionals.
www.techdays.be