Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deploying and Managing Mobility Securely Jason Langridge UK Mobility Business Manager.

Published byJonah Flowers Modified over 8 years ago

Similar presentations

Presentation on theme: "Deploying and Managing Mobility Securely Jason Langridge UK Mobility Business Manager."— Presentation transcript:

1 Deploying and Managing Mobility Securely Jason Langridge UK Mobility Business Manager

2 Agenda Observations and Questions for you! What are we protecting? Threats and how to mitigate them Managing and enforcing policy Summary

3 Statements and observations Security is an excuse – not a reason not to deploy a mobile solution A Smartphone/Pocket PC is not the same as a PC – it’s just a phone/PDA that got really really smart The use of mobile devices is very different to a laptop Security and Device Management are not independent they are intrinsically linked

4 Questions for you! Do you have a mobile device security policy? – It’s not the same as a laptop policy. Do you let security influence your choice of device or platform? Who is handling your data as it goes from its corporate home to your users’ mobile devices? Is security designed into any custom mobile apps — or an afterthought?

5 What Are We Protecting? The physical device? Corporate Knowledge? Misuse of Resources (and increased costs)? Corporate legal exposure: – Sarbanes-Oxley, GLBA (US), – Privacy Directive, Data Protection Directive (EU), and “Safe Harbor” Principles (US) – OECD Fair Information Practices – CFAA (Computer Fraud and Abuse Act)

6 Fundamental Tradeoff Secure UsableCost You get to pick any two!

7 Threats and how to mitigate them Major threat categories – Unauthorized Access to device – Unauthorized Access to data – Interception of data – Viruses and trojan applications Perform Risk Assessment Establish Policy for: 1. Device Password 2. Anti-Virus 3. Application Installation and Execution 4. Transmission of Data 5. Data Protection

8 1. Device Password 4-digit PIN (Pocket PC) Strong password (Pocket PC & SmartPhone) >4 digit PIN (Smartphone) Exponential delay with incorrect password Password protected ActiveSync partnership Now enforceable and manageable through MSFP and SMS

9 2. Anti-Virus Software Built-in APIs for Anti-virus solutions – Computer Associates – F-Secure – McAfee – SOFTWIN – Airscanner – Trend Personal Firewall – Bluefire Security Technologies – Check Point VPN-1 SecureClient

10 3. Application Level Security Security Policies Configured via the Security Configuration Service Provider Unsigned Applications PolicyDisables execution of unsigned apps Unsigned CABS Policy Disables installation of unsigned applications Unsigned Prompt Policy Code Enables prompt-mode for unsigned installation and execution Privileged Applications PolicyEnables “1 tier” or “2 tier” security model

11 3. Application-level Security “1 tier” and “2 tier”? Smartphone supports “2 tier”: If an application is not blocked, it could be signed for one of 2 different trust levels – Trusted: Access to all registries, APIs, hardware interfaces – Normal: Exists only on two-tier devices – Some APIs restricted, parts of Registry are read-only – >95% of device accessible, adequate for almost all apps – Intended as a way to improve reliability of apps, not a primary defense against damage from malicious code

12 3. Application-level Security “1 tier” and “2 tier”? New to Windows Mobile 5.0: Pocket PC supports “1 tier” – The configuration or application is either blocked completely or trusted completely

13 4. Securing transmission of data Network Authentication – NTLM versions 1 and 2 – SSL Basic and TLS Client Authentication WiFi 802.1x user auth using – Protected EAP (PEAP) – EAP/TLS (cert-based) – WPA

14 4. Windows Mobile VPN VPN Name Mutually Authenticated Standards Based Password Only PPTP/MSCHAPv2 Layer 2 Tunneling Protocol Third Party VPN solutions

15 5. Data Protection Limit the data to just what is needed…. Cryptographic services for applications are built-in (Crypto API v2) SQL-CE provides 128-bit encryption (PPC only) 3 rd Party options: CompanyProduct Applian TechnologiesThe Pocket Lock offers both file and folder encryption. Asynchrony.comPDA Defense for the Pocket PC encrypts databases, files, and memory cards. Cranite SystemsWirelessWall provides AES data encryption for Pocket PCs Developer One, Inc.CodeWallet Pro provides a secure way to store and access important information on your Pocket PC or Smartphone Handango, Inc.Handango Security Suite for Pocket PC provides file and data encryption. Pointsec Mobile Technologies Pointsec for Pocket PC encrypts all data stored in the device, whether in RAM or on external storage cards. SoftWinterseNTry 2020 encrypts data on external storage cards. Trust Digital LLCPDASecure secures access to a Pocket PC and encrypts the data on it. It also prevents unauthorized infrared beaming of data.

16 Perimeter protection – Device lock: PIN, Strong, exponential delay – Authentication protocols: PAP, CHAP, MS-CHAP, NTLM, TLS Data protection – 128-bit Cryptographic services: CAPIv2 – Code signing (SmartPhone only) – Anti-virus API Network protection – OTA device management security – Secure Browsing: HTTP (SSL), WAP (WTLS) – Virtual Private Networking (PPTP, L2TP IPSec) – Wireless network protection (WEP, 802.1x, WPA) Summary of Windows Mobile Security Features

17 Mobile Device Management and Security Challenges Devices infrequently connected to an organisation’s network Low bandwidth, higher cost connections Unreliable connections Device loss that leads to work stoppage

18 Customer requests for mobile device management Security – Data protection – Ensuring corporate data on the device is secure Configuration – Applying settings – Applying networking, application and security settings Inventory – Asset and version tracking – Storing device serial numbers, OS and application versions Application deployment and update – Deploying applications, and updating or patching based on version OS Deployment and update MSFP will provide

19 SMS 2003 Device Management Feature Pack (DMFP) Add-on to SMS 2003 SP1 to manage Pocket PC, Pocket PC Phone and Windows CE based devices Components install on SMS 2003 site systems Client agent installs on Windows Mobile devices via SD Card or Activesync Device clients can connect direct to the SMS server independent of a PC Aimed at the major feature requests

20 Feature Set Hardware/Software inventory File collection Software distribution Script execution Settings management Password policy management Automated client distribution via SMS 2003 Advanced Client desktop

21 Mobile Device Management – Working environments Customers already deployed or licensed for SMS Support for both personal and line of business devices Flexible configuration required SMS 2003 Device Management Feature Pack (DMFP) Customers who don’t currently have a management solution in place Managing critical business processes Robust configuration management b2m solutions - mProdigy

22 Mobile Enterprise Management Tom Fell Mobile Systems Architect, b2m solutions

23 Device Management Asset Management Communications Management Supplier Management Application Monitoring mProdigy Five Software Modules Focus for today’s presentation

24 mProdigy Features “Hands off” commissioning of devices Deployment Profiles – detailed device configuration management – provides tight control whilst maintaining flexibility – support multiple device types in the same operational role Patches for “ad-hoc” updates Remote diagnostics Remote warm / cold reboot Cold boot resilience Distributed deployment

25 mProdigy Features Asset register includes details of devices and associated peripherals Repair loop management Event tracking (used by Supplier Management & Application Monitoring) Alerts Manage devices by group / location / function GPRS / 802.11 /Ethernet Support Efficient and robust communications infrastructure (optimised protocol for “pay per byte” networks)

26 Device Management Asset Management Communications Management Supplier Management Application Monitoring mProdigy Five Software Modules Change Management Technology Management

27 Mobile Device Management Demonstration Tom Fell Mobile Systems Architect, b2m solutions

28 Summary and Recommendations Security is no longer an excuse Define a security policy for mobile devices Find out how many devices are in use in your organisation! If you need: – Security Policy and Password Policy control – MSFP – Software deployment, settings management and asset control – Management Solution

29 http://www.microsoft.com/uk/technet

30 References Windows Mobile Security White paper – http://www.microsoft.com/windowsmobile/resources/whitepapers/ security.mspx http://www.microsoft.com/windowsmobile/resources/whitepapers/ security.mspx Security Product Solutions – http://www.microsoft.com/windowsmobile/information/businesssol utions/security/secsearch.aspx http://www.microsoft.com/windowsmobile/information/businesssol utions/security/secsearch.aspx

31 Signature authentication – Certicom Corporation – Communication Intelligence Corporation – TSI/Crypto-Sign – VASCO Enhanced password protection – Hewlett-Packard Pictograph authentication – Pointsec Mobile Technologies Fingerprint authentication – Biocentric Solutions Inc. – HP iPAQ 5400 Card-based authentication – RSA Security – Schlumberger Sema Certificate Authentication on a Storage Card – JGUI Software Storage Encryption – F-Secure – Pointsec Mobile Technologies – Trust Digital LLC Encrypt Application Data – Certicom Corporation – Glück & Kanja Group – Ntrū Cryptosystems, Inc. Virtual Private Networking – Certicom Corporation – Check Point Software Technologies Ltd. – Columbitech – Entrust, Inc. – Epiphan Consulting Inc. Disable Applications – Trust Digital LLC Device Wipe – Asynchrony.com Public Key Infrastructure (PKI) – Certicom Corporation – Diversinet Corp. – Dreamsecurity Co., Ltd. – Glück & Kanja Group Thin Client Technology – Citrix – FinTech Solutions Ltd. – Microsoft 3 rd Party Solution Providers

Download ppt "Deploying and Managing Mobility Securely Jason Langridge UK Mobility Business Manager."

Similar presentations

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,
Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Call Center Call Center on a Stick Ceedo for Call Center Presentation.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Call Center Call Center on a Stick Ceedo for Call Center Presentation.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Workspace Concept and Technology Overview Ceedo Client Workspace.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Workspace Concept and Technology Overview Ceedo Client Workspace.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.

© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.

© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo for Citrix Optimal User Experience & Maximum IT Control Ceedo for Call.
POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.

POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
The slides for this event will be posted at: www.microsoft.com/uk/msdn/postevents.

The slides for this event will be posted at:
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Similar presentations

Ads by Google