Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deploying Mobility Securely. The Risks It’s just my calendar! Theft and loss Personal device ownership Malicious software Cracking and hacking.

Published bySuzan Francis Modified over 8 years ago

Similar presentations

Presentation on theme: "Deploying Mobility Securely. The Risks It’s just my calendar! Theft and loss Personal device ownership Malicious software Cracking and hacking."— Presentation transcript:

1 Deploying Mobility Securely

2 The Risks It’s just my calendar! Theft and loss Personal device ownership Malicious software Cracking and hacking

3 Attack surfaces 1. Secure the device 2. Secure the data 3. Secure the communications

4 Security Practises Perform Risk Assessment Establish Policy for: 1.Authentication 2.Encrypted Connectivity 3.Encrypted Data 4.Anti-Virus 5.Execution Control Automate enforcement Recovery

5 1. Authentication Device Password Network/Internet Access Certificates

6 Device Password - Microsoft 4-digit PIN (Pocket PC) Strong password (Pocket PC & SmartPhone) >4 digit PIN (Smartphone) Exponential delay with incorrect password Password protected ActiveSync partnership

7 Device Password – OEM Fingerprint reader HP iPAQ 5400 Series

8 Device Password – 3 rd Party Picture sequence –Tells a story –Easy to remember Picture order changes –Avoid pattern recognition –Balances screen scratches Short and long sequence –Quick access short PIN –Incorrect PIN reverts to long PIN Pointsec Software

9 Device Password – 3 rd Party Password Replacement Secures PDA access –Uses secret sign biometric –Sandia Laboratories Tested Scenarios –Information warfare –Homeland defense –HIPPA compliance –Enterprise security Crypto-Sign Crypto-Sign TM

10 Network/Internet Access NTLM Authentication Challenge Handshake Authentication Protocol (CHAP and MS-CHAP versions 1 and 2) Password Authentication Protocol (PAP)

11 Certificates Support for x.509 certificates Can authenticate users, operators, and servers Securely stored, managed and deleted on the device

12 2. Encrypted Connectivity VPN protocol support –PPTP and IPSec/L2TP Encryption for secure web sites –128 bit SSL –WTLS class 2 Encryption for LAN connectivity –VPN –802.1x – EAP-TLS and PEAP

13 3. Data Protection Limit the data to just what is needed…. Data resident on storage cards Cryptographic services for applications are built-in (Crypto API v2) SQL-CE provides 128-bit encryption (PPC only) Data that’s never on the device can never be lost. –Web-based applications –Terminal Services

14 4. Anti-Virus Software Built-in APIs for Anti-virus solutions –Computer Associates –F-Secure –McAfee –SOFTWIN Personal Firewall –Bluefire Security Technologies –Check Point VPN-1 SecureClient

15 5. Execution Control Smartphone now - Pocket PC in future release. Based on application signing and protects in two ways: –Installation –Execution Modes of operation –All apps allowed –Prompt user when un-signed app is trying to install or execute –Only signed applications (chaining to a trusted root certificate) are allowed Can revoke applications –By author (revoke a signing cert) –By executable (revoke a hash) Windows Mobile: Mobile-2-Market program –Run registered applications as unprivileged

16 Automated Enforcement Odyssey Software –Policy management facility that limits which applications a user can access at specific time periods of the day Trust Digital LLC –PDASecure Policy Editor provides centralized management to push security policies to all your PDA users Symbol Technologies, Inc. –Policy management facility that limits which applications a user can access

17 Recovery Replacement devices Backup file Data on PC Data on network server Restore process on secure web server

18 Perimeter protection –Device lock: PIN, Strong, exponential delay –Authentication protocols: PAP, CHAP, MS-CHAP, NTLM, TLS Data protection –128-bit Cryptographic services: CAPIv2 –Code signing (Smartphone only) –Anti-virus API Network protection –OTA device management security –Secure Browsing: HTTP (SSL), WAP (WTLS) –Virtual Private Networking (PPTP, L2TP IPSec) –Wireless network protection (WEP, 802.1x, WPA) Summary of Windows Mobile Security Features

19 Signature authentication –Certicom Corporation –Communication Intelligence Corporation –TSI/Crypto-Sign –VASCO Enhanced password protection –Hewlett-Packard Pictograph authentication –Pointsec Mobile Technologies Fingerprint authentication –Biocentric Solutions Inc. –HP iPAQ 5400 Card-based authentication –RSA Security –Schlumberger Sema Certificate Authentication on a Storage Card –JGUI Software Storage Encryption –F-Secure –Pointsec Mobile Technologies –Trust Digital LLC Encrypt Application Data –Certicom Corporation –Glück & Kanja Group –Ntrū Cryptosystems, Inc. Virtual Private Networking –Certicom Corporation –Check Point Software Technologies Ltd. –Columbitech –Entrust, Inc. –Epiphan Consulting Inc. Disable Applications –Trust Digital LLC Device Wipe –Asynchrony.com Public Key Infrastructure (PKI) –Certicom Corporation –Diversinet Corp. –Dreamsecurity Co., Ltd. –Glück & Kanja Group Thin Client Technology –Citrix –FinTech Solutions Ltd. –Microsoft 3rd Party Solution Providers

20

21 References Windows Mobile Security White paper –http://www.microsoft.com/windowsmobile/reso urces/whitepapers/security.mspxhttp://www.microsoft.com/windowsmobile/reso urces/whitepapers/security.mspx Security Product Solutions –http://www.microsoft.com/windowsmobile/infor mation/businesssolutions/security/secsearch. aspxhttp://www.microsoft.com/windowsmobile/infor mation/businesssolutions/security/secsearch. aspx

22

23

24

25 Headline Text

Download ppt "Deploying Mobility Securely. The Risks It’s just my calendar! Theft and loss Personal device ownership Malicious software Cracking and hacking."

Similar presentations

Network Security.

Network Security.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.

© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Remote Access Network Management Kelly Given Allison Traina.

Remote Access Network Management Kelly Given Allison Traina.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Remote Networking Architectures

Remote Networking Architectures
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

Similar presentations

Ads by Google