Controls for Mobile Devices Naba Barkakati, Ph.D. Chief TechnologistU.S. Government Accountability ...
Convergence Sintermask - fabbster 3D-print...
Growth of Mobile Computing- Growth in broadband wireless connectivity  adoption of mobile devices such as smartphones an...
Growth of Mobile MalwareNumber of variants of “malware,” aimed at mobile deviceshas gone from about 14,000 to 40,000, a 18...
GAO Report on Mobile Device Security• GAO issued a report (GAO-12-757) on mobile device security at the request of House ...
Mobile Device Vulnerabilities1. No password/PIN2. No 2-factor authentication3. Unencrypted wireless transmissions4. Unknow...
Improving Mobile Device Security• How to protect against threats that may exploit these vulnerabilities?• Individuals can...
Controls for IndividualsEnable PINs and passwordsas a first line of defense Turn on 2-factorauthentication forsensitivetr...
Controls for Individuals (continued) Install antimalware  Install a personal firewall Verify authenticity of downloadeda...
Controls for Individuals (continued)Download and applysoftware updateswhenever they areavailable Lorem...
Controls for OrganizationsImplement centralized security management fordevicesUse integrity validation tools to scan devic...
Controls for Organizations (continued)Install enterprise firewall to isolate trafficto and from wireless devicesMonitor in...
Security Practices for Individuals• DOs 1. Turn off or set Bluetooth to “undiscoverable” 2. Limit use of public WiFi f...
Security Practices for Organizations1. Establish mobile device security policy2. Train employees on mobile device ...
GAO Recommendations to FCC, DHSFCC – work with wireless carriers and devicemanufacturers to implement baseline mobilesecur...
http://www.fcc.gov/smartphone-security 16
of 16

Naba barkakati controls for mobile devices

An overview of security controls for mobile devices
Published on: Mar 3, 2016
Published in: Technology      
Source: www.slideshare.net


Transcripts - Naba barkakati controls for mobile devices

  • 1. Controls for Mobile Devices Naba Barkakati, Ph.D. Chief TechnologistU.S. Government Accountability Office (GAO) 441 G St NW, Washington, DC 20548 USA Email: barkakatin@gao.gov Phone: 1-202-512-4499 1
  • 2. Convergence Sintermask - fabbster 3D-printer v01 transformation of "atoms to bits“ conversion of everything from voice, video, TV, etc. into digital information flow across platforms on the Internet 2
  • 3. Growth of Mobile Computing- Growth in broadband wireless connectivity  adoption of mobile devices such as smartphones and tablets- Almost half of American adults own smartphones and a quarter of the adults own tablets 3
  • 4. Growth of Mobile MalwareNumber of variants of “malware,” aimed at mobile deviceshas gone from about 14,000 to 40,000, a 185% increase inless than a year 4
  • 5. GAO Report on Mobile Device Security• GAO issued a report (GAO-12-757) on mobile device security at the request of House Energy and Commerce Committee.• Consulted key federal agencies – FCC, NIST, DHS, DOD, FTC – as well as wireless industry association (CTIA), and mobile device manufacturers (HTC, RIM, Motorola Mobility, Samsung, LG) plus information security companies• Report presents mobile devices vulnerabilities as well as security controls and practices to mitigate risks associated with the vulnerabilities 5
  • 6. Mobile Device Vulnerabilities1. No password/PIN2. No 2-factor authentication3. Unencrypted wireless transmissions4. Unknowingly install malware5. No security software installed6. Operating systems not updated routinely7. Apps not updated routinely8. No firewall to limit Internet connections9. “Rooting” or “jailbreaking” of device10.Unsecured communication channels 6
  • 7. Improving Mobile Device Security• How to protect against threats that may exploit these vulnerabilities?• Individuals can implement technical controls such as enabling passwords and encryption that can limit or prevent attacks.• Individuals can also adopt key practices such as using passwords, installing anti- malware software, limiting use of public WiFi etc that can mitigate the risk that their devices will be compromised.• Organizations can also adopt organization-wide controls and practices 7
  • 8. Controls for IndividualsEnable PINs and passwordsas a first line of defense Turn on 2-factorauthentication forsensitivetransactions  +Turn on remote disabling of lost or stolen devices(you have to install an app) 8
  • 9. Controls for Individuals (continued) Install antimalware  Install a personal firewall Verify authenticity of downloadedapplications (e.g., by verifyingdigital signatures)  9
  • 10. Controls for Individuals (continued)Download and applysoftware updateswhenever they areavailable Lorem Ipsum dolor sit ?b6445Fmv+t50QE2mgEnable encryption, amet, consectetuer adipiscingelit. Duis ElMaBug4QZ4EfYC77b mwUzAgoFlCSiZDDx+Jwhere available tellus. F+VN+xZzGI oeat5UxC9kz1YgdpxeN FPvAuK4NWMaCaoJX eb16Vtj4qtinRQa0UK4P FdCU0ySzb aaDyHtx5soNa836H9B 0XHn+lXA==?64bUse “whitelisting” 10
  • 11. Controls for OrganizationsImplement centralized security management fordevicesUse integrity validation tools to scan devices todetect compromiseImplement VPNUse PKI digital certificates for digital signingand encrypting emailsConform to government security specificationssuch as NIST, DOD 11
  • 12. Controls for Organizations (continued)Install enterprise firewall to isolate trafficto and from wireless devicesMonitor incoming traffic from mobiledevices Intrusion Prevention SystemMonitor and control mobile devicesGet device log files and analyze them 12
  • 13. Security Practices for Individuals• DOs 1. Turn off or set Bluetooth to “undiscoverable” 2. Limit use of public WiFi for sensitive transactions 3. Configure accounts to use https 4. Maintain physical control of device 5. Delete all before discarding mobile devices• DON’Ts 1. Don’t install unnecessary apps 2. Don’t click links sent in suspicious email 3. Don’t click on advertisements in applications 4. Don’t unnecessarily disclose mobile phone numbers 5. Don’t store sensitive information on device 6. Don’t “jailbreak” devices 13
  • 14. Security Practices for Organizations1. Establish mobile device security policy2. Train employees on mobile device Mobile Security security Training3. Establish deployment plan for mobile devices4. Perform risk assessments for mobile devices5. Implement configuration management for mobile devices 14
  • 15. GAO Recommendations to FCC, DHSFCC – work with wireless carriers and devicemanufacturers to implement baseline mobilesecurity safeguards; track progress once this isdoneDHS – establish baseline measure of consumerawareness of mobile security and measureeffectiveness of awareness campaign of NationalInitiative for Cybersecurity Education (NICE)See http://www.fcc.gov/smartphone-security 15
  • 16. http://www.fcc.gov/smartphone-security 16

Related Documents