Mobile devices are now part of everyday life and you will be expected to understand the various methods used to secure them and compare and contrast the methods.
Built into every mobile device is the screen lock which, like a login and password, controls access to the device. There are numerous methods listed here that access devices through the screen lock.
Fingerprint lock: A fingerprint lock has a built-in fingerprint reader that is used to access the device.
Face lock; Face lock uses the built-in camera to identify the users face to allow access.
Swipe lock: Swipe lock has a predefined pattern that users outline with their finger to allow access.
Passcode lock: Passcode lock uses a personal identification number (PIN) to access the device.
In the event a user loses a mobile device, the data stores on it can be remotely erased to prevent the data from being accessed.
Mobile devices include GPS receivers to assist with navigation. This function can also be provided through a WiFi network or a wireless providers network to assist with locating a lost device.
Data stored on a mobile device can be backed up to a cloud storage device that will automatically synchronize the data.
As a security feature, mobile devices can be configured to: erase the phone after a predetermined number of unsuccessful login attempts (iPhone), require a user’s Google password (Android), or require a factory reset (Windows Phone).
Just like desktop computers, mobile devices are susceptible to viruses and malware. Because of the open availability of software for Android devices, they have antivirus/antimalware software available.
Just like desktop computers, mobile devices require patches and updates to ensure they are always running the latest software. These are made available automatically, as required.
Mobile devices use biometrics for authentication using fingerprint scanning and facial recognition.
Because mobile devices are easily misplaced and lost, some manufacturers have full device encryption so that everything on the device is encrypted. Apple IOS, since version 8, and Windows phone 8 and 8.1 support full device encryption.
Multifactor authentication utilizes more than one form of identification to allow access to a device. On a mobile device, it may be face recognition and a passcode.
An authenticator application is a physical device, carried by the user, to gain access to a device. An example would be a token generator that creates a pseudo-random number that is entered into the device that must match a number generator in the device. These can be incorporated directly into mobile devices.
Depending on the mobile device, you may be required to purchase applications from a single source like the Apple store. Apple closely monitors the applications and is considered a trusted source for applications. Other devices such as Android are open source and users have many outlets where they can acquire applications. This is not closely monitored by Android and would be considered an untrusted source.
Firewalls are generally not incorporated into mobile devices, since most data is outbound and mobile devices are generally not used in an environment where other services require access. There are some firewall applications available for Android devices.
Since most mobile devices owned by the individual may also contain corporate information, there is a need for policies and procedures. A mobile device manager generally sets the policies and procedures regarding allowed applications, camera usage, etc.
BYOD vs. corporate owned: Most organizations do not provide mobile phones for their employees, since nearly everyone owns one. The concept is to allow the employee to BYOD (bring your own device).
Profile security requirements: Profile security requirements define the minimum security settings required on mobile devices.
This section outlines the proper techniques employed to securely destroy data. Some of the questions will be presented using scenario type questions.
When you no longer need data on an old system, one of the options available to you is to physically destroy any data that is remaining on the hard drive.
Shredder: Large industrial shredders can be used to completely destroy a hard drive.
Drill/hammer: An electric drill or a hammer can be used to easily destroy the platters of a hard drive, which would completely destroy the data.
Electromagnetic: A degaussing coil is a large powerful electromagnet that will remove the magnetic information stored on a hard drive.
Incineration: An incinerator can be used to completely destroy the data stored on a hard drive.
Certificate of destruction: Large organizations may not have time to destroy hard drives and may elect to hire a third-party vendor to destroy drives. These companies will provide a certificate of destruction that proves the drives were properly disposed. These certificates help create a paper trail showing the disposition of the drives and data.
In some cases, you may want to reuse the physical drive. You need to know the best practices for physical drive recycling or repurposing. To completely remove everything, making the data unrecoverable, would require a regular format that overwrites the drive sectors with zeros. A regular format is standard with all Windows operating systems since Vista.
Low-level vs. standard format: A low-level format is performed at the factory when the drive is manufactured. A low-level format would completely remove any data from a hard drive, but cannot be performed by the user. A standard (quick) format sets up the file system, installs the boot sector and master boot record, but does not completely remove the data.
Overwrite: Overwrite is the process of writing new data over the top of existing data, which would completely remove the old data.
Drive Wipe: Drive Wipe is software specifically designed to completely overwrite a hard drive, completely removing any stored data.
The data in a small office home office is just as valuable as it is in a large enterprise’s network. This section covers the management of a SOHO network. Many of the questions will be presented as scenarios about securing these networks.
The following topics cover best practices for setting up and protecting a wireless home/SOHO network.
Changing default SSID: Wireless access points typically come with preassigned service set identifiers SSID. You may wish to modify the default SSID to something less obvious or, if available, consider disabling the broadcast of the SSID altogether. Disabling the SSID broadcast, however, does not guarantee that someone with the proper equipment couldn’t find it.
Setting encryption: Data transmitted on a small wireless network has been encrypted for safety and this should never be disabled. The best encryption scheme available on today’s wireless access points is either WPA or WPA2.
Disabling SSID broadcast: Your wireless access point by default will broadcast your SSID. This should be disabled, making it more difficult (but not impossible) for hackers to locate your network.
Antenna and access point placement: In larger buildings, multiple access points can be used to increase coverage area. The placement of the access point and the antennas should be configured to allow some overlap of the signals with the channel spaces, so that no two adjacent access points share the same channels. Antennas should never be located near microwave ovens or baby monitors, since those devices will interfere with the signals.
Radio power levels: On many access points, users have the option to modify the signal strength of the radio transmitter. The power output should be set as low as possible to allow coverage, but not to interfere with other nearby access points that may be using the same channels. Lowering the power output also helps to eliminate outside users from receiving your signals.
WPS (Wireless Protection Setup): WPS is a security standard that was designed to allow users to easily set up security on a WiFi network. Newer access points are equipped with a push button that automates system setup. The button will disable the older, less secure, WEP encryption in favor of more secure WPA2. It will allow device access, for a very limited time, which greatly simplifies system setup. The system is secure as long as no one is able to access the push button on the access point. For this reason, access points should be secured in a safe location.
Access points typically come with preconfigured login and passwords. These default accounts must be modified from the defaults originally assigned.
Media Access Control (MAC) filtering is a method that allows you to accept or reject WiFi connections, based on the MAC address of the device. To utilize it, MAC filtering needs to be enabled on the access point and a list of MAC addresses to be filtered is added to the access point.
Most access points include a DHCP server that simplifies the configuration of attached network interface cards by setting the IP address, default gateway, DNS, etc. The IP addresses are assigned from a pool of available addresses to ensure each network interface card has a unique address. However, on most networks, there are devices such as printers, servers, and gateways that need to have their IP addresses (which should never be changed) assigned statically. The administrator needs to remove these static address from the pool of available addresses to prevent the DCHP server from assigning them to hosts.
Nearly all wireless access points come with a built-in firewall. These typically are not as full featured as a stand-alone hardware firewall. If your SOHO network requires access be provided to outside users possibly to connect to a server, you will need capabilities beyond what is provided by your access point. You may want to limit inbound traffic to a very specific port number, and depending on the amount of traffic, you may want to consider setting up a DMZ that’s on a completely different network than your office.
Port forwarding allows you to map specific TCP and UDP port numbers to a range of specific IP address inside your network to direct incoming traffic.
In many office locations, there are public areas, possibly a waiting room or a conference room, that contain network connections. These could be used by unauthorized individuals to gain access to your network. It’s considered best practice to disable unused ports on switches and routers on your network to prevent this from happening.
Content filtering allows control of what is being sent across the network, as well as inbound and outbound traffic. Filtering can be performed on content to filter sensitive data, or by limiting access to inappropriate websites. These are often used by parents to limit children’s access (parental controls).
Routers, switches, access points, and other network-related hardware should be checked to see that the latest firmware has been applied to the device to maintain reliability and security. These devices need to be updated periodically to ensure you have the latest version.
Physical access to network devices needs to be maintained to prevent security breaches. If an individual can gain access to devices, they can very easily circumvent security settings provided by the device. For that reason, routers, switches, servers, and access points need to be maintained in a securely locked area.