The Security of MDM systems. Hack In Paris 2013 Sebastien Andrivet
|
|
- Gwenda Barton
- 8 years ago
- Views:
Transcription
1 The Security of MDM systems Hack In Paris 2013 Sebastien Andrivet
2 Who am I? Sebastien Andrivet Switzerland (Geneva) Specialized in security Mobiles (ios, Android) Forensic Developer C++, x86 and ARM (Cyberfeminist & Hacktivist) 2
3 Agenda Smart devices, BYOD, COPE,... MDM typical features MDM market MDM & security - on paper MDM & security - findings 3
4 Smart devices 4
5 5
6 MDM, MAM,... MDM Mobile Device Management MAM Mobile Application Management MCM Mobile Content Management Etc. 6
7 MDM - Typical features Device inventory tracking Software inventory tracking Telephone expense management Device tracking Backup & restore Remote lock, wipe, etc App deployment Etc. 7
8 BYOD - COPE BYOD: Bring Your Own Device COPE: Corporate Owned, Personally Enabled Differences Costs Ownership Management 8
9 NOC, not NOC Some products use a central relay Network Operations Center - NOC Blackberry Good Technologies Some others are not MobileIron 9
10 Deployment On premise (virtual server) Appliance Cloud-based 10
11 MDM Market Source: Gartner (May 2013) 11
12 MobileIron Management of devices ios, Android, BlackBerry, Windows Phone,... Enterprise App Store Integration into Enterprise with API Exchange/Notes Proxy (Sentry) No NOC, on-premise or cloud Uses native apps (thin agent) 12
13 Good Management of devices ios, Android, Windows Phone,... Not BlackBerry Enterprise App Store Access to Exchange/Notes through Good Server NOC Uses its own apps (thick agent) s, calendar, contact 13
14 Security on Paper 14
15 CVE, exploit-db,... CVE Details Nothing Exploit-DB Only 1 entry for MobileIron (June 10, 2013) Open Security Research About Good hacking (read mails) A paper from isec Partners Some references about SCEP xcon 15
16 Switzerland 16
17 My Target Is it possible for an operator (MDM admin) to: Read / steal s Without authorization If yes, is it traceable? 17
18 In other terms Is it possible for an IT employee to steal information from its employer like s of the management, about clients,... and sell them to Germany, France, United States,... 18
19 My Tests These products are big It takes time to test then entirely So I focus only one some aspects Installation / Deployment Enrollment of devices Management interface 19
20 Timeframe First series of tests in Oct.-December 2012 Second series in June 2013 MDM MobileIron Good Both with Exchange On premise (virtual machines) 20
21 Good - Network self-service Good NOC your network MDM server Firewall No DMZ 21
22 MobileIron - Network MDM server Firewall 22
23 MobileIron - Network Internal LAN DMZ Internet Firewall Firewall MDM Exchange AD etc. tcp/ tcp/443 (https) tcp/443 (https) tcp/8080 tcp/9997 tcp/
24 Operating Systems MobileIron CentOS Good Windows Server
25 Processes Good runs as Administrator of the server No least privilege Not possible to change it MobileIron users tomcat, apache, mysql,... 25
26 Exchange MobileIron Exchange proxy (ActiveSync) Sentry Good You have to give to Good MDM almost all rights to Exchange mailboxes 26
27 Good & Mails You are not reading s Good Server did All you need to read s of someone is to enroll a new device (OTA) No need of user s password An MDM admin can do that See Open Security Research (April 2012) 27
28 Admin Interface MobileIron Important this was the state last year (Dec. 2012) 28
29 Admin Interface <Removed in this public version> 29
30 Retrieve Passwords in Clear Magic request action=getlocaluserlist&limit=20 Gives the password in clear of... your colleagues! My password Password of my colleague Mitigation: You have to be authenticated 30
31 Another magic request action=getldapconfigs Gives the password in clear of the LDAP (AD) account! Mitigation: You have to be authenticated 31
32 Cross-Site Scripting In various places <img src=1.gif onerror=alert( XSS_in_Name )> 32
33 Cross-Site Scripting <Removed in this public version> 33
34 Cross-Site Scripting Good They take anti-xss measures everywhere except in one place 34
35 Mitigation Good & MobileIron session cookies Secure HttpOnly So not so easy to steal (by XSS,...) MobileIron X-Frame-Options: SameOrigin 35
36 Cross-Site Request Forgery MobileIron Everywhere, no anti-csrf measures POST can be replaced by GET So very easy to use an image,... to trigger Good Everywhere, no anti-csrf measures But POSTs 36
37 Example - PoC #1 Remove iphone passcode When an ios device is enrolled (configuration profile), a MDM can remove the passcode over-the-air only MDM can do that (validated by certificates) Using CSRF vulnerabilities of MobileIron, I have developed an PoC to remove the passcode of a given iphone 37
38 Example - PoC #1 The PoC sends the following (using an <IMG> tag) action=unlockpassword&phone=[{%22devicei d%22%3a %23fb2acc3e-47c7-502a-8a80-8fd7dfd97a86% 22}] 23fb...86 is the UUID of the phone to unlock Of course, some social engineering (or XSS) is necessary 38
39 Example - PoC #2 Good By combining data leakage + XSS + CSRF, we were able to give admin rights to any user 39
40 Example - PoC #2 Contrary to MobileIron, CSRF with GET is not possible Use POST instead 40
41 Command Line MobileIron has also a command line interface A little like a router enable command for privileged actions May also be accessible from SSH or Telnet Depending of configuration 41
42 Remote Command Execution Not found by myself, but by prdelka Exploit-DB, June 10, 2013 Command show log uses less underneath and sudo Execute a shell command inside less with! or Executed as root This is patched now 42
43 Today These problems (XSS, CSRF, retrieve passwords in clear,...) have been fixed in latest versions of MobileIron Filtering and replacement to avoid XSS Not sure (hum...) it is correctly done but no time to investigate further Anti-CSRF tokens (per session) But some other problems remain... 43
44 Weak Encryption Both products are using AES, SHA, etc. They are FIPS-blah blah certified But what about keys... 44
45 MobileIron Local Users With MobileIron, administrators are local users Not possible to use LDAP (AD) users Stored in an XML file identityconfig.xml Password encrypted 45
46 MobileIron Local Users base-64 encoding AES encryption, with ECB PKCS#5 padding key... <actual passphrase not disclosed in this public version> This passphrase is derived with SHA-1, one time 46
47 PoC #3 Fix, identical key for all installations No salt, no iterations (1), no PBKDF2,... We have made a small java application to recover passwords from a given installation The same encryption is used for various information 47
48 User Accounts MobileIron stores accounts (smart devices users) in a MySQL database table mi_users Same hash, but not same encrypted password (sometimes). Are they using salt? 48
49 Keys No. It uses... 5 keys These keys are initialized at startup with fixed, hardcoded values To encrypt a password, one of those keys is chosen randomly To verify a password, each key is tried one by one... Same mechanism is used for other passwords 49
50 PoC #4 We have made a small Java application to recover passwords from a mysql database a MobileIron backup 50
51 But wait a minute...! Why MobileIron is storing those password? In particular for LDAP (external users)? Where are these passwords coming from? From self-service portal? From Sentry server (ActiveSync)? From NSA? From space? 51
52 They come from... From the smart device app during enrollment Password is transmitted and stored Save User Password Preferences Related to Exchange profiles MobileIron recommends to check Yes DO NOT DO THAT! 52
53 Agents on devices Practical Attacks against Mobile Device Management (MDM) BlackHat 2013, Lacoon Mobile Security How to break Good (and others) secure containers But I personally don t agree with them regarding ios 53
54 Agents on devices Auditing Enterprise Class Applications and Secure Containers on Android isec Partners, Dec Only Android Good & MobileIron Breaking encryption keys, defeating rooting detection,... 54
55 More... There are several more points MobileIron & ios keychain Good AES keys generation Jailbreak detection Etc. But time is limited Perhaps for another talk... 55
56 Conclusion Actual security of MDM solution very dependent of their configuration For ex. Save user password Very dependent of the deployment context Case by case Like any somehow complex system 56
57 Conclusion Security was not the priority of MDM sys At least during development Situation is improving But still vulnerable points like encryption Difficult to say that one product is safer than another Good is better programmed But Good NOC is a problem 57
58 Thank you! Follow me on Web site My 58
Enterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationTECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS
TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS Technical audits in accordance with Regulation 211/2011 of the European Union and according to Executional Regulation 1179/2011 of the
More information1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?
MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationSophos Mobile Control Technical guide
Sophos Mobile Control Technical guide Product version: 2 Document date: December 2011 Contents 1. About Sophos Mobile Control... 3 2. Integration... 4 3. Architecture... 6 4. Workflow... 12 5. Directory
More informationAPPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION
APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION Response Code: Offeror should place the appropriate letter designation in the Availability column according
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationHow To Manage A Mobile Device Management (Mdm) Solution
Mobile Device Management Buyers Guide IT departments should be perceived as the lubricant in the machine that powers an organization. BYOD is a great opportunity to make life easier for your users. But
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationIT Resource Management vs. User Empowerment
Mobile Device Management Buyers Guide IT Resource Management vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity leading to rising mobile
More informationManageEngine Desktop Central. Mobile Device Management User Guide
ManageEngine Desktop Central Mobile Device Management User Guide Contents 1 Mobile Device Management... 2 1.1 Supported Devices... 2 1.2 What Management Operations you can Perform?... 2 2 Setting Up MDM...
More informationMobile Device Management and Security Glossary
Mobile Device Management and Security Glossary February, 2011 MOBILE OS ActiveSync Exchange ActiveSync (EAS) is a Microsoft technology that allows mobile users to access their Microsoft Exchange mailboxes
More informationCasper Suite. Security Overview
Casper Suite Security Overview JAMF Software, LLC 2015 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software 301 4th Ave S Suite
More informationSecuring Corporate Email on Personal Mobile Devices
Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...
More informationiphone in Business Mobile Device Management
19 iphone in Business Mobile Device Management iphone supports Mobile Device Management, giving businesses the ability to manage scaled deployments of iphone across their organizations. These Mobile Device
More informationBYOD: End-to-End Security
BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com
More informationTCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions
TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy Mobility Solutions The growth of in-house and third-party enterprise mobile applications; device diversity across ios, Android,
More informationDeploying iphone and ipad Mobile Device Management
Deploying iphone and ipad Mobile Device Management ios supports Mobile Device Management (MDM), giving businesses the ability to manage scaled deployments of iphone and ipad across their organizations.
More informationFileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.
FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates
More informationIT Resource Management & Mobile Data Protection vs. User Empowerment
Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationHow To Protect The Agency From Hackers On A Cell Phone Or Tablet Device
PRODUCT DESCRIPTION Product Number: 0.0.0 MOBILE DEVICE MANAGEMENT (MDM) Effective Date: Month 00, 0000 Revision Date: Month 00, 0000 Version: 0.0.0 Product Owner: Product Owner s Name Product Manager:
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationipad in Business Mobile Device Management
ipad in Business Mobile Device Management ipad supports Mobile Device Management, giving businesses the ability to manage scaled deployments of ipad across their organizations. These Mobile Device Management
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationAdvanced Configuration Steps
Advanced Configuration Steps After you have downloaded a trial, you can perform the following from the Setup menu in the MaaS360 portal: Configure additional services Configure device enrollment settings
More informationTechnical Whitepaper. Secure Docs
Technical Whitepaper Secure Docs Contents Introduction 3 Overview 4 Technical Details 4 Conclusion 7 Good Technology 866-7-BE-GOOD www.good.com Secure Docs Technical Whitepaper 2 Introduction As of Q1
More informationactivecho Driving Secure Enterprise File Sharing and Syncing
activecho Driving Secure Enterprise File Sharing and Syncing activecho Overview In today s enterprise workplace, employees are increasingly demanding mobile and collaborative solutions in order to get
More informationREDCap Technical Overview
REDCap Technical Overview Introduction REDCap is a web application for building and managing online surveys and databases. This document delineates many of the broader technical aspects of REDCap, such
More informationBen Hall Technical Pre-Sales Manager
Ben Hall Technical Pre-Sales Manager LANDESK MDM Solutions Mobility Manager (MDM in the Cloud) Secure User Management Suite with CSA LetMobile (Secure Mobile Email) Core MDM Functionality MDM Functionality
More informationSystems Manager Cloud-Based Enterprise Mobility Management
Datasheet Systems Manager Systems Manager Cloud-Based Enterprise Mobility Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, monitoring, and
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationAgenda. John Veldhuis, Sophos The playing field Threats Mobile Device Management. Pagina 2
Mobile Security Agenda John Veldhuis, Sophos The playing field Threats Mobile Device Management Pagina 2 The Changing Mobile World Powerful devices Access everywhere Mixed ownership User in charge Powerful
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationHealthcare Buyers Guide: Mobile Device Management
Healthcare Buyers Guide: Mobile Device Management Physicians and other healthcare providers see value in using mobile devices on the job. BYOD is a great opportunity to provide better and more efficient
More informationMDM Mobile Device Management
Page 1 About 1Mobility 1Mobility has successfully established itself as a global company, offering cloud based, internationalized and scalable Enterprise Mobility Management (EMM) solution that monitors,
More informationGuidance End User Devices Security Guidance: Apple ios 7
GOV.UK Guidance End User Devices Security Guidance: Apple ios 7 Updated 10 June 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform Can
More informationThe Centrify Vision: Unified Access Management
The Centrify Vision: Unified Access Management Control, Secure and Audit Access To Your On-Premise and Cloud-based Infrastructure On-premise Centrify the Enterprise Cloud Personal Devices Mobile Devices
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationWorkplace-as-a-Service BYOD Management
For companies with people in them Workplace-as-a-Service BYOD Management Solution Overview The BYOD Management solution provides customers with IT tools and services to deploy a Workplace-as-a-Service
More informationPentesting iphone & ipad Apps Hack In Paris 2011 June 17
Pentesting iphone & ipad Apps Hack In Paris 2011 June 17 Who are we? Flora Bottaccio Security Analyst at ADVTOOLS Sebastien Andrivet Director, co-founder of ADVTOOLS ADVTOOLS Swiss company founded in 2002
More informationBuilding a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014
Building a BYOD Program Using the Casper Suite Technical Paper Casper Suite v9.4 or Later 17 September 2014 JAMF Software, LLC 2014 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts
More informationSophos Mobile Control Installation prerequisites form
Sophos Mobile Control Installation prerequisites form Product version: 3 Document date: January 2013 Contents 1 About this document... 3 2 System environment... 4 3 Communication between devices and push
More informationDirect Control for Mobile & Supporting Mac OS X in Windows Environments
Direct Control for Mobile & Supporting Mac OS X in Windows Environments Leveraging Existing IT Staff Knowledge, Processes and Infrastructure to Support Mac OS X Systems and Their Users Ed Frola Senior
More informationAnswers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.
Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating
More informationQuickStart Guide for Mobile Device Management
QuickStart Guide for Mobile Device Management Version 8.5 Inventory Configuration Security Management Distribution JAMF Software, LLC 2012 JAMF Software, LLC. All rights reserved. JAMF Software has made
More informationWeb Application Guidelines
Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security
More informationSECURITY DOCUMENT. BetterTranslationTechnology
SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationSmart (and safe) Lighting:
Smart (and safe) Lighting: An Overview of Cyber Security October 29, 2015 Jason Brown CISO, Merit Network Agenda 2 The New Normal Discuss Methodologies of Security Recap Q & A Target Hack 3 40,000 credit
More informationTotal Enterprise Mobility
Total Enterprise Mobility Presented by Wlodek Dymaczewski, IBM Wlodek Dymaczewski dymaczewski@pl.ibm.com www.maas360.com Top Enterprise Mobility Initiatives Embrace Bring Your Own Device (BYOD) Migrate
More informationAthena Mobile Device Management from Symantec
Athena Mobile Device Management from Symantec Scalable, Secure, and Integrated Device Management for ios and Android Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationConfiguration Guide BES12. Version 12.2
Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining
More informationCisco Mobile Collaboration Management Service
Cisco Mobile Collaboration Management Service Cisco Collaboration Services Business is increasingly taking place on both personal and company-provided smartphones and tablets. As a result, IT leaders are
More informationQuickStart Guide for Mobile Device Management. Version 8.6
QuickStart Guide for Mobile Device Management Version 8.6 JAMF Software, LLC 2012 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationBES10 Cloud architecture and data flows
BES10 Cloud architecture and data flows Architecture: BES10 Cloud solution Component APNs BlackBerry Cloud Connector BES10 Cloud BlackBerry Infrastructure Company directory Devices GCM Other third-party
More informationCTERA End-to-End Security. Whitepaper by CTERA Networks
CTERA End-to-End Security Whitepaper by CTERA Networks Copyright 2009-2012 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written
More informationBuilding Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh
Building Apps for iphone and ipad Presented by Ryan Hope, Sumeet Singh 1 Let s continue the conversation! @MaaS360 [Share comments, continue Q&A, suggest future topics] #MaaS360Webinar Click the link in
More informationMobile Device Management Solution Hexnode MDM
Mobile Device Management Solution Hexnode MDM Frequently Asked Questions www.hexnode.com Frequently Asked Questions How is Hexnode MDM license calculated?...4 Which ports do I need to open for Hexnode
More informationSmart Devices @ Givaudan. From BYOD experience to new mobile opportunities
Smart Devices @ Givaudan From BYOD experience to new mobile opportunities 2 Givaudan What s going on? Consumerization of IT Personal device proliferation Personal cloud services proliferation Millenials
More informationios Enterprise Deployment Overview
ios Enterprise Deployment Overview ios devices such as ipad and iphone can transform your business. They can significantly boost productivity and give your employees the freedom and flexibility to work
More informationTroubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual
Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics
More informationRFI Template for Enterprise MDM Solutions
RFI Template for Enterprise MDM Solutions 2012 Zenprise, Inc. 1 About This RFI Template A secure mobile device management solution is an integral part of any effective enterprise mobility program. Mobile
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationMobile device and application management. Speaker Name Date
Mobile device and application management Speaker Name Date 52% 90% >80% 52% of information workers across 17 countries report using three or more devices for work* 90% of enterprises will have two or more
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More information1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5
User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?... 2 2. Activation of Mobile Device Management... 3 2.1. Activation
More informationEnterprise Mobility Management for Financial Sector
Enterprise Mobility Management for Financial Sector Conferința Ziarul Financiar: Scurgeri de informații, furt de date confidențiale, hackeri. Pot fi o realitate? Principalele riscuri de securitate și strategii
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationMobileIron Support. Table of Contents. 1. Introduction. 2. Supported Features. Version 1.1 - November 2015
MobileIron Support Version 1.1 - November 2015 Table of Contents 1. Introduction 2. Supported Features 3. Relevant Components 4. Testing a Trial Version with AppConnect 5. Creating a Configuration on the
More informationSophos Mobile Control
Sophos Mobile Control Enterprise Mobility Management - simplifed Joanna Wziątek-Ładosz Sales Engineer, Sophos 1 Why Sophos for EMM? Simple to learn and to operate Comprehensive self-service portal to reduce
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationSophos Mobile Control - Competitive Overview
Sophos Mobile Control - Competitive Overview Content Page Introduction to MDM Market overview, positioning and discovery questions 2 Lightweight vs Heavy weight approaches 3 Competitive comparisons AirWatch
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationLync SHIELD Product Suite
Lync SHIELD Product Suite The Natural Solution For Securing Lync Connectivity For today s mobile enterprise, the need to connect smartphones to the corporate network has become a vital business requirement.
More informationMobile Device Mismanagement Vulnerabili*es in MDM Solu*ons and their impact
Mobile Device Mismanagement Vulnerabili*es in MDM Solu*ons and their impact Stephen Breen 06 AUG 2014 Bios Stephen Breen Senior Consultant Christopher Camejo Director of Assessment Services 2 Contents
More informationMobile Security Mobile Device Management Mobile Application Management
Mobile Security Mobile Device Management Mobile Application Management Corporate Overview Largest MDM provider with over 300+ employees, 150 focused on R&D Provide mobility solutions to 1500+ global customers
More informationUsing MobileIron Sentry for Control and Visibility into ActiveSync Devices
Smart about Smartphones Vol. 4 Using MobileIron Sentry for Control and Visibility into ActiveSync Devices Introduction With the rising popularity of Apple ios, Android, Windows Mobile and Symbian devices
More informationBusiness and enterprise cloud sync, backup and sharing solutions
Business and enterprise cloud sync, backup and sharing solutions Private Cloud Synchronization Collaboration Backup / Versioning Web Access Mobile Access LDAP / Active Directory Federated RADIUS Single
More informationAirWatch Solution Overview
AirWatch Solution Overview Marenza Altieri-Douglas - AirWatch Massimiliano Moschini Brand Specialist Itway 2014 VMware Inc. All rights reserved. Cloud Computing 2 BYOD 3 Device aziendali? 4 From Client/Server
More informationSalesforce1 Mobile Security Guide
Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationMobile Device Management for CFAES
Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationCopyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com
Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationCounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version 1.0.1. ForeScout Mobile
CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module Version 1.0.1 ForeScout Mobile Table of Contents About the Integration... 3 ForeScout MDM... 3 Additional Documentation...
More informationMobility Challenges & Trends The Financial Services Point Of View
Mobility Challenges & Trends The Financial Services Point Of View Nikos Theodosiou Cloud Computing Solutions Presales/Marketing Engineer The New World Agenda The Mobile World The Challenges The Solutions
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More information