Tutorial on Smartphone Security
|
|
- Roy Gibson
- 8 years ago
- Views:
Transcription
1 Tutorial on Smartphone Security Wenliang (Kevin) Du Professor
2 Smartphone Usage
3 Smartphone Applications
4 Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security Risks» Malware» Suggestions
5 Protections: Apple versus Google» Approval Processes» Access Control» Data Protection
6 Approval Process Apps Code review, testing, etc. Apple App Distribution Installation Apps Other 3 rd Party stores
7 Apple s App Development Process App Developer Registration Issued by Apple Certificate Accountability, Code Integrity App development
8 Public Key Encryption and PKI» Traditional Encryption: Secret Key Encryption > The same key is used for encryption and decryption > The key must be secret > Algorithms: AES, DES» Public Key Encryption > Public Key: public, used for encryption > Private key: secret, used for decryption > Algorithms: RSA
9 Public Key Encryption M1 Public Key: KeyPub Private Key: KeyPriv KeyPub Enc(M2) M2 Decryption using KeyPriv M3 Algorithm: RSA, ElGamal
10 Digital Signature using Public Key Verify M is written by Alice. Public Key: KeyPub Private Key: KeyPriv KeyPub Alice M, Signature M, Signature Verify M is NOT written by Alice. (M, KeyPriv) Signature KeyPub Algorithm: RSA, ElGamal, DSA
11 Digital Signature using Public Key Du Du s Private Key Digital Signature S Du s Public Key Everybody can verify whether the code is written by Du or not. Question: How do you know the public key is Du s?
12 Digital Certificate and PKI M: Public Key Name: Kevin Du Example: VeriSign M, VeriSign s Private Key Digital Signature S M Verification By everybody VeriSign s Public Key Usually preloaded in browsers and OS Digital Ceritificate: Public Key Name: Kevin Du Some other information VeriSign s Signature
13 The Whole Process
14 Weakness of PKI» We trust CAs (Certificate Authority)» CAs can be compromised > July 10 July 20, 2011: DigiNotar s system was hacked > 500 rogue certificates were issued by hackers Google, Skype, Mozilla, Microsoft > Microsoft remove this CA from its OS > Google and Mozilla block all DigiNotar s digital certificate > DigiNotar filed for bankruptcy in September 2011.
15 Apple s App Development Process App Developer Registration Issued by Apple Certificate Accountability, Code Integrity App development
16 Google s App Development Process Issued by a trusted party Certificate Accountability, Code Integrity App Developer App development Anonymous Certificate (self-signed) No Accountability, No Code Integrity Only for Android Market, Not for 3 rd party market
17 Access Control» We ve Learned: Downloaded programs are dangerous > Virus, Worms > Trojan, Backdoors» Apps are downloaded programs.» Need to control their access.
18 Unix Security Basics: Users» Normal Users > uid: user ID > Users are separated from each other» Root Users (Administrator, Superuser) > uid = 0 > Root has all the privileges > if (uid ==0) do privileged operations
19 Unix File Permission -rwxr-x--- 2 richard staff Aug mydata.txt owner group others
20 Access Control GPS System Resources Isolations - Isolations among Apps - Isolation between App and System
21 Isolation among Apps Uid = 6001 Uid = 6009 Uid = 7003 File permission: rw-rw---- Each App runs as a separate user (normal user) Access control is enforced by the underlying Linux
22 Security Check Break The Isolation among Apps Uid = 1020 Uid = 6009 Data sharing among apps Use the functionalities of other apps
23 Isolation Between App and System GPS Hardware OS Kernel Each app runs as a normal user Only root can directly access system resources System Resources
24 Security Check Allow Apps to Access System Resources GPS Hardware OS Kernel System Resources Privileged Deputy (e.g. system services)
25 Access Control GPS System Resources How to cross the isolation boundary? - Between Apps - Between App and System Permissions Controlled
26 Permission-Based Access Control GPS, Internet Alert: Ask once SMS, , Call: Ask every time Many Others: Granted Installation Execution Can only use A B C User A B C Declare Permissions (Android defines 100+ permissions)
27 Permission Examples in Android ACCESS_FINE_LOCATION BLUETOOTH CALL_PHONE CAMERA INTERNET READ_CONTACTS WRITE_CONTACTS READ_CALENDAR READ_SMS SEND_SMS Access GPS Connect to Bluetooth device Directly make phone calls Use camera Access to the Internet Read user s contacts data Write contacts data Read user s calendar data Read SMS messages Send SMS messages
28 Android s Permission System This is where the problem is. I need: INTERNET Device ID Wireless fraud Accept!
29 Malware: Malicious Software» Malware: Malicious Software > Information Stealer (spyware) > Money Stealer (e.g. make phone calls) > Control the phone (e.g. bot)» How do malware attack?
30 How Malware Attacks Systems Privilege Escalation (Jailbreaking/Rooting) Malicious Apps Abusing the given privileges Stealing personal info. Making expensive phone call Malicious web sites Malicious PDF files Suggestion: patch your system, read reviews, check developer s reputation.
31 Example: Attacks Through Browser» The user visits a malicious or infected website» Code in the page exploit a vulnerability in WebKit, the engine of browsers (CVE )» The attack then exploits a Skype vulnerability (CVE ) > allows local users to read sensitive files including contacts, conversation transcripts, voic , and so on.
32 Unapproved Apps Apps with More power Jailbreaking and Rooting Custom OS More control Custom OS Jailbreak Rooting Apple s Control Google s Control They are legal, but they bring more security risks. Suggestion: don t do it if you don t have to.
33 A Typical Attack on Android Legitimate Developer Android Market, or 3 rd -Party Markets Cases: MYOURNET (21 apps) Droid Dream (>58 apps) Suggestions: Read reviews Check developers Check permissions Install virus scan Malicious Developer Victim
34 Example: Fake Angry Birds Space» Faked one available on various Android app marketplaces, not Google s market» Trojan Horse: Andr/KongFu-L» Use GingerBreak exploit to gain root access» Install malicious code
35 WebView Attack on Web: A Design Flaw 3 rd Party App: Not by FB Malicious App Contents Damage: - Delete Friends - Steal info. In Facebook - Post messages Affect most systems - ios, Android, Windows Phone Suggestion: Use 1 st party or trusted 3 rd party apps to access Web accounts
36 Data Protection
37 Recent Studies (March 2012)» American lost $30B worth of smartphones.» Only 50% lost phones are returned.» Nearly all who found the lost phones tried to access the information on the phone.» 22% of the respondents lost their phones.» 70% didn t use password protection.
38 Consequence of Device Loss Cloud Services Facebook Company WiFi Amazon Online Banking Data Other Accounts Lock the phone does not help much. Remote wipe has limited power.
39 Data Encryption iphone 3GS iphone 4 Password, PIN Encryption is useless PIN: easily crackable 4 digit PIN = 14 bits Strong encryption: 128 bits Suggestion: don t lose your phone
40 Apple v.s. Google» Tight Control: Apple > Control on ios code > Code checking, accountability > Control on the app market» Loose Control: Google > Open source: public scrutiny, contribution by others > No code checking, no accountability > So far, Android has more malwares than ios
41 Summary of Suggestions» Don t root/jailbreak if not necessary» Be more careful when downloading Android Apps» Avoid 3 rd -party Android market» Paid apps turned free: check the developers» PIN doesn t protect your data much
42 Questions?
Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold
Android Security Device Management and Security by Stephan Linzner & Benjamin Reimold Introducing Stephan Linzner Benjamin Reimold Consultant, Software Engineer Mobile Developer Founder of Stuttgart GTUG
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationLecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security
Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile
More informationSmartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved
Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationThe dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more
The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific
More informationProtecting against Mobile Attacks
2014-APR-17 Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537 2 Agenda Attacks moving to mobile
More informationSecuring mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationIbrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?
Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices
More informationProtecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015
Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 What are You Trying to Protect? If someone got into your email, what
More informationEnterprise Mobility Report 12/2014. Creation date: 4.1.2015. Vlastimil Turzík
12/2014 Creation date: 4.1.2015 Author: Vlastimil Turzík Content Content... 2 Introduction... 3 ios... 3... 3 Android... 3... 3 Android devices vulnerable to new Trojan... 3 CVE-2014-7911... 3 CVE-2014-8507...
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationEnterprise Mobile Threat Report
Enterprise Mobile Threat Report The State of ios and Android Security Threats to Enterprise Mobility I. Introduction This report examines enterprise security threats for ios and Android. While Android
More informationThe Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager
The Mobile Security Challenge: Opportunities & Issues Matthew Young, Security Programs Manager Mobility -we have come a long way and where is it going? Image: Word Press Mobility To achieve mobility, two
More informationCEH Version8 Course Outline
CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationTrust Digital Best Practices
> ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or
More informationAndroid vs. Apple ios Security Showdown Tom Eston
Android vs. Apple ios Security Showdown Tom Eston About Your Presenter Tom Eston CISSP, GWAPT Manger of the SecureState Profiling & Penetration Team Specializing in Attack & Penetration, Mobile Security
More informationStudying Security Weaknesses of Android System
, pp. 7-12 http://dx.doi.org/10.14257/ijsia.2015.9.3.02 Studying Security Weaknesses of Android System Jae-Kyung Park* and Sang-Yong Choi** *Chief researcher at Cyber Security Research Center, Korea Advanced
More informationSecurity Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationTechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security
Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring
More informationSECURING TODAY S MOBILE WORKFORCE
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
More informationAnswers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.
Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationSecuring your Mobile Environment. Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank
Securing your Mobile Environment Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank These things are everywhere These things are everywhere These things are everywhere These things are everywhere
More informationReport on Consumer Behaviors and Perceptions of Mobile Security. Presented by NQ Mobile & NCSA January 25, 2012
Report on Consumer Behaviors and Perceptions of Mobile Security Presented by NQ Mobile & NCSA January 25, 2012 Methodology Online survey of 1,158 consumers. Participants had to own a smartphone. Respondents
More information2015 MDRT Annual Meeting e Handout Material. What is Your Smartphone Leaking?
2015 MDRT Annual Meeting e Handout Material Title: Speaker: What is Your Smartphone Leaking? Anwar Visram, CISSP Presentation Date: Wednesday, June 17, 2015 10:00 11:00 a.m. The Million Dollar Round Table
More informationCYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP
CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP August 2014 RSA agents recently traced a threat actor advertising a mobile credit card store application. The cybercriminal shared the information
More informationMobile Device Management and Security Glossary
Mobile Device Management and Security Glossary February, 2011 MOBILE OS ActiveSync Exchange ActiveSync (EAS) is a Microsoft technology that allows mobile users to access their Microsoft Exchange mailboxes
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationplatforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential
Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.
More informationMobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.
White Paper Securing Today s Mobile Workforce Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2012, Juniper Networks, Inc. 1 Table
More informationTom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell
Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü
More informationWEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project
WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure
More informationSecurity Threats for Mobile Platforms
Security Threats for Mobile Platforms Goran Delac Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, Croatia Abstract - The proliferation of smart-phone devices, with ever advancing
More informationKaspersky Security 10 for Mobile Implementation Guide
Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful
More informationEnterprise Mobility Report 10/2014. Creation date: 31.10.2014. Vlastimil Turzík, Edward Plch
10/2014 Creation date: 31.10.2014 Author: Vlastimil Turzík, Edward Plch Content Content... 2 Introduction... 4 Interesting Articles... 4 95% of companies challenged by BYOD security... 4 ios... 4 Vulnerability...
More informationCHECK POINT Mobile Security Revolutionized. [Restricted] ONLY for designated groups and individuals
CHECK POINT Mobile Security Revolutionized [Restricted] ONLY for designated groups and individuals 2014 Check Point Software Technologies Ltd. 1 Rapidly Expanding Mobile Threats MOBILE THREATS are ESCALATING
More informationMOBILE SECURITY: DON T FENCE ME IN
MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY
More informationContact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationIAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner johannes.feichtner@iaik.tugraz.at IAIK
Motivation 2 Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at What you have heard last time Mobile devices: Short history, features Technical evolution, major OS,
More informationSecurity and the Smartphone Revolution
Security and the Smartphone Revolution About the Speaker Joseph Granneman, MBA, CISSP Joseph Granneman has developed a passion and expertise in information security in his 20 years of experience as a CIO,
More informationZNetLive Malware Monitoring
Introduction The criminal ways of distributing malware or malicious software online have gone through a change in past years. In place of using USB drives, attachments or disks to distribute viruses, hackers
More informationTufts University. COMP116 Introduction to Computer Security. Recovery After Losing the Physical Device
Tufts University COMP116 Introduction to Computer Security Recovery After Losing the Physical Device Dec. 11 th 2014 Author: Haoyang Mao Mentor: Ming Chow 1 Abstract The only truly secure system is one
More informationKaspersky Security for Mobile Administrator's Guide
Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33
ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 Why care about ios Security? 800M 800 million ios devices activated 130 million in last year 98%
More informationDefending Behind The Device Mobile Application Risks
Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem
More informationGlobalSign Malware Monitoring
GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationSuccessful Mobile Deployments Require Robust Security
By: Maribel D. Lopez FIRMS MUST BUILD SECURITY ENABLED MOBILITY Mobility is no longer considered a luxury within enterprise but a critical part of a networking strategy as 9irms look to increase productivity
More informationIntroduction to Cyber Security
Mark R. Herring Attorney General Commonwealth of Virginia Office of the Attorney General 900 East Main Street Richmond, Virginia 23219 (804) 786-2071 (Telephone) (804) 786-1991 (Facsimile) Introduction
More informationMobile Operating Systems & Security
Mobile Operating Systems & Security How can I protect myself? Operating Systems Android Apple Microsoft What do they do? operate smartphones, tablets, watches and other mobile devices includes touchscreens
More informationWindows Phone 8 Security Overview
Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationMobile Security Apps. Hendrik Pilz Director Technical Lab / Mobile Security hpilz@av-test.de
Hendrik Pilz Director Technical Lab / Mobile Security hpilz@av-test.de The test report is also available on About AV-TEST 24 employees in Magdeburg and Leipzig Tests of security solutions for consumers
More informationMobile Malware in the Enterprise
Mobile Malware in the Enterprise Stephen Garrett Allen 12/7/2015 Abstract In today's enterprise bring your own device or BYOD is prevalent and mobile malware is maturing out of its infancy stage. To combat
More informationThe Challenges of Implementing a Bring Your Own Device Policy
BYOD The Challenges of Implementing a Bring Your Own Device Policy MARK HARRIS, Ph.D. KAREN PATTEN, Ph.D. UNIVERSITY OF SOUTH CAROLINA SC-GMIS NETWORK & TELECOM WORKSHOP SALUDA SHOALS RIVER CENTER OCTOBER
More informationBYOD Policy for [AGENCY]
BYOD Policy for [AGENCY] This document provides policies, standards, and rules of behavior for the use of smartphones, tablets and/or other devices ( Device ) owned by [AGENCY] employees personally (herein
More informationFuture of Mobile App Security. Vincent Sritapan Program Manager Cyber Security Division Science and Technology Directorate
Future of Mobile App Security Vincent Sritapan Program Manager Cyber Security Division Science and Technology Directorate Do You Know What Your Apps Are Doing? Spying Microphone & camera surveillance $
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationClick to edit Master title style
About Alexandra Instituttet A/S Non-profit application oriented research institution focus on IT GTS Godkendt Teknologisk Service Institut 100+ employees generating R&D Researchers Providers Users Commercial
More informationEnterprise Mobile Security. Managing App Sideloading Threats on ios
Enterprise Mobile Security Managing App Sideloading Threats on ios I. Introduction II. The Path to App Sideloading Through rigorous app review Apple has lowered the risk of downloading malware from its
More informationProtect Yourself in the Cloud Age
Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationCertified Secure Computer User
Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the
More informationInformation Security Threat Trends
Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing
More informationONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program
More informationDr. David Turahi Director for IT&IMS - MOICT Uganda
Dr. David Turahi Director for IT&IMS - MOICT Uganda A smart phone is a mobile phone offering advanced capabilities beyond a typical mobile phone, often with computer like functionality. There is no industry
More informationHow To Protect Your Mobile Device From Attack
Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000
More informationSmartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices
Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices Daniel V. Hoffman, CISSP, CEH, CHFI Chief Technology Officer Page 1 Global Threat Center Exploit Research and Development
More informationInformation Security Updates Mobile Security Best Practices for General User
Information Security Updates Mobile Security Best Practices for General User A ccording to research figures from Business Intelligence 1, the number of smartphones sold worldwide has already surpassed
More informationThe Risks and Rewards of Social Media and Mobile Devices
The Risks and Rewards of Social Media and Mobile Devices October 29-30, 2012 Tony Brooks, CISA Principal & Director of IT Assurance Tony and Brooks, Risk Services CISA, CRISC Partner HORNE - IT LLP Assurance
More informationAvoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationThe Incident Response Playbook for Android and ios
SESSION ID: AIR-W03R The Incident Response Playbook for Android and ios Andrew Hoog CEO and Co-founder NowSecure @ahoog42 @NowSecureMobile Andrew Hoog Author of three books Incident Response for Android
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationAvoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationNorton Mobile Privacy Notice
Effective: April 12, 2016 Symantec and the Norton brand have been entrusted by consumers around the world to protect their computing devices and most important digital assets. This Norton Mobile Privacy
More information6. ecommerce Security and Payment Systems. Alexander Nikov. Teaching Objectives. Video: Online Banking, Is It Secure?
INFO 3435 ecommerce 6. ecommerce Security and Payment Systems Alexander Nikov Teaching Objectives Explain the scope of ecommerce crime and security problems. Describe the key dimensions of e-commerce security.
More informationBring Your Own Device. Individual Liable User Policy Considerations
Bring Your Own Device Individual Liable User Contents Introduction 3 Policy Document Objectives & Legal Disclaimer 3 Eligibility Considerations 4 Reimbursement Considerations 4 Security Considerations
More informationMobile Device Mismanagement Vulnerabili*es in MDM Solu*ons and their impact
Mobile Device Mismanagement Vulnerabili*es in MDM Solu*ons and their impact Stephen Breen 06 AUG 2014 Bios Stephen Breen Senior Consultant Christopher Camejo Director of Assessment Services 2 Contents
More informationAdobe Flash Player and Adobe AIR security
Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,
More informationUser Manual for Version 4.4.0.5. Mobile Device Management (MDM) User Manual
User Manual for Version 4.4.0.5 Mobile Device Management (MDM) User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?...
More informationMobile Security Framework; Advances in Mobile Governance in Korea. TaeKyung Kim tkkim@stu.ac.kr
Mobile Security Framework; Advances in Mobile Governance in Korea TaeKyung Kim tkkim@stu.ac.kr I. e-banking in Korea 1. e-banking? BIS (Bank for International Settlements) - e-finance(electronic banking)
More information