Mobile Enforcement

CompTIA Security+ Certification (SY0-501) Chapter 7 - Beyond the Basic LAN
12 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$99.99
List Price:  $139.99
You save:  $40
€91.73
List Price:  €128.43
You save:  €36.69
£78.50
List Price:  £109.90
You save:  £31.40
CA$135.42
List Price:  CA$189.60
You save:  CA$54.17
A$152.22
List Price:  A$213.12
You save:  A$60.89
S$133.77
List Price:  S$187.28
You save:  S$53.51
HK$781.89
List Price:  HK$1,094.68
You save:  HK$312.79
CHF 88.30
List Price:  CHF 123.63
You save:  CHF 35.32
NOK kr1,058
List Price:  NOK kr1,481.24
You save:  NOK kr423.24
DKK kr684.10
List Price:  DKK kr957.77
You save:  DKK kr273.66
NZ$164.15
List Price:  NZ$229.81
You save:  NZ$65.66
د.إ367.20
List Price:  د.إ514.09
You save:  د.إ146.89
৳10,978.23
List Price:  ৳15,369.96
You save:  ৳4,391.73
₹8,290.53
List Price:  ₹11,607.08
You save:  ₹3,316.54
RM471.80
List Price:  RM660.54
You save:  RM188.74
₦156,534.34
List Price:  ₦219,154.34
You save:  ₦62,620
₨27,950.66
List Price:  ₨39,132.05
You save:  ₨11,181.38
฿3,595.26
List Price:  ฿5,033.51
You save:  ฿1,438.25
₺3,229.78
List Price:  ₺4,521.83
You save:  ₺1,292.04
B$499.40
List Price:  B$699.18
You save:  B$199.78
R1,883.20
List Price:  R2,636.56
You save:  R753.35
Лв179.42
List Price:  Лв251.19
You save:  Лв71.77
₩133,286.20
List Price:  ₩186,606.01
You save:  ₩53,319.81
₪365.03
List Price:  ₪511.06
You save:  ₪146.02
₱5,561.09
List Price:  ₱7,785.75
You save:  ₱2,224.66
¥14,911.76
List Price:  ¥20,877.07
You save:  ¥5,965.30
MX$1,670.32
List Price:  MX$2,338.52
You save:  MX$668.19
QR364.82
List Price:  QR510.77
You save:  QR145.94
P1,359.04
List Price:  P1,902.71
You save:  P543.67
KSh13,398.66
List Price:  KSh18,758.66
You save:  KSh5,360
E£4,718.65
List Price:  E£6,606.31
You save:  E£1,887.65
ብር5,656.15
List Price:  ብር7,918.84
You save:  ብር2,262.68
Kz83,512.74
List Price:  Kz116,921.18
You save:  Kz33,408.44
CLP$93,810.03
List Price:  CLP$131,337.80
You save:  CLP$37,527.76
CN¥710.61
List Price:  CN¥994.89
You save:  CN¥284.27
RD$5,917.87
List Price:  RD$8,285.25
You save:  RD$2,367.38
DA13,435.55
List Price:  DA18,810.31
You save:  DA5,374.76
FJ$226.69
List Price:  FJ$317.37
You save:  FJ$90.68
Q780.94
List Price:  Q1,093.35
You save:  Q312.40
GY$20,949.18
List Price:  GY$29,329.69
You save:  GY$8,380.51
ISK kr13,659.63
List Price:  ISK kr19,124.03
You save:  ISK kr5,464.40
DH1,002.67
List Price:  DH1,403.78
You save:  DH401.11
L1,768.33
List Price:  L2,475.73
You save:  L707.40
ден5,652.42
List Price:  ден7,913.61
You save:  ден2,261.19
MOP$805.88
List Price:  MOP$1,128.27
You save:  MOP$322.38
N$1,866.55
List Price:  N$2,613.25
You save:  N$746.69
C$3,681.10
List Price:  C$5,153.70
You save:  C$1,472.59
रु13,266.49
List Price:  रु18,573.62
You save:  रु5,307.13
S/368.83
List Price:  S/516.39
You save:  S/147.55
K382.06
List Price:  K534.91
You save:  K152.84
SAR375
List Price:  SAR525.02
You save:  SAR150.01
ZK2,508.19
List Price:  ZK3,511.57
You save:  ZK1,003.37
L456.04
List Price:  L638.48
You save:  L182.43
Kč2,310.02
List Price:  Kč3,234.13
You save:  Kč924.10
Ft36,211.46
List Price:  Ft50,697.50
You save:  Ft14,486.03
SEK kr1,038.11
List Price:  SEK kr1,453.39
You save:  SEK kr415.28
ARS$85,066.49
List Price:  ARS$119,096.49
You save:  ARS$34,030
Bs691.23
List Price:  Bs967.75
You save:  Bs276.52
COP$389,029.38
List Price:  COP$544,656.70
You save:  COP$155,627.31
₡50,979.09
List Price:  ₡71,372.77
You save:  ₡20,393.67
L2,470.17
List Price:  L3,458.33
You save:  L988.16
₲730,160.41
List Price:  ₲1,022,253.79
You save:  ₲292,093.37
$U3,841.23
List Price:  $U5,377.88
You save:  $U1,536.64
zł395.31
List Price:  zł553.46
You save:  zł158.14
Already have an account? Log In

Transcript

If you're an organization that's deploying mobile devices, you have a lot of responsibility. And that's what this episode is about what I call mobile enforcement. So I want to break this episode into two big pieces. The first one are some of the evil actions that your users can do to your individual devices. And the second part is some of the monitoring effect a little bit kind of big brother type of monitoring, that enterprises should at least consider to cover themselves from potential liability, depending on how their users use their phones. So let's go ahead and start off with some of the evil things that people can do.

First of all, there's something called sideloading. Now normally, when you're installing software, you take advantage of whatever the name of the store is for your platform. For example, with an Android it's called the Google Play Store. And that's the only place you can install software. So the reason we do that is because Google and an apple worked very hard to make sure that the software that's installable is Good, it's not doing evil things, it doesn't have malware, it's not stealing your social security number, whatever it might be. sideloading is the process of getting around that store.

Now on apples, this is very difficult to do, you have to set up a developer account and all this stuff. On androids, it's actually pretty easy to do. And you can actually go to certain websites, and you can download a particular file, download it onto your Android device, and double tap on it, and you install it just like you would install a program on a Windows desktop. Now, sideloading can be a good thing or a bad thing, a lot of people who are doing development work, they're not ready to go to the store. And so you do sideloading to test things out and that type of thing. But it can also be incredibly, incredibly dangerous.

And it's something we want to try to prevent our users from doing. So the quick and easy answer is get an apple and it's going to be really, really hard. Also, there are certain tools we can use within the Android world to monitor and to stop side loading. much safer is something called carrier unlocking. Traditionally, these individual smartphones were distributed by a particular carrier here in the United States that have names like at&t, Verizon, and T Mobile. And basically they are locked to that particular carrier.

By being locked, it means you can only put if it's at&t locked, you can only put at&t Sims in it. If it's Verizon locked, you can only put Verizon Sims in it. And in the United States, you are actually required by law to be given away to unlock the phone if you want. by unlocking the phone, you can do some pretty cool stuff. For example, you can take advantage of third party folks like Google phi and Ting, who will provide you their Sims. Now these guys will piggyback on major carriers, you can often get very, very inexpensive rates.

I can't tell you how many people I've seen who are using at&t or something like that and paying a 70 8090 hundred dollars a month and all of a sudden now they're down To 35 simply by yanking out a sim and putting in another one, the security issues that you might run into this are pretty small. The only real downside that I would be concerned is that if I issue a phone on an at&t account, I would have the ability to track things. And if I were in a scenario where suddenly a particular phone that I issued had no data use had no voice use, I might be wondering if they unlock that phone, that phone. Far more nefarious is the concept of routing. If it's an Android, or jailbreaking, if it's an apple, you got to remember that when you are handed a smartphone, you don't have root access.

You don't have the administrator super user account that's actually held in control by the actual distributor of the software itself. And they do this for some really good reasons. It's a lot harder to have people do bad things to their system to reformat the firmware to install malware all kinds of things like that if you don't give them access to it. However, there are situations where a very technical person like me, would like to get what's known as root access. When I get root access, I can install very, very powerful software that should not be in the hands of normal people. And I can do a lot of really interesting things.

For example, one of the things I can do is called custom firmware. So I want you to take a look at this screen right here. So what we're looking at is this particular phone has been routed, so every time I boot it up, it gives me a screen that looks like this. That screen is just Google's way of saying, I really, really don't like the fact that you have rooted this phone. So with my phone, I also do things like install custom firmware. So if you take a look at this screen, in essence, what you're looking at right here with the little robot on his back, that is the equivalent of going into the phone's bias.

And they just call it firmware here. And what I'm doing is I'm getting rid of the firmware that came with the Android device and putting in a custom firmware. Now, custom firmware sounds like a great idea. It does have some big benefits. For example, with my phone. There's a lot of companies that put a what we call crap where lots of little applications that you can't uninstalled and do things that you're uncomfortable with.

And because I have a level of sophistication, I use these custom firmwares to get rid of that. I also use these to take advantage there's all kinds of hardware inside my phone that is turned off by default, and using custom firmware allows me to turn them on. You know, every android phone comes with an FM radio, using a custom firmware I can turn that radio on. Now, this sounds like a good idea but it also exposes you to a lot of things. issues. For example, once you've routed a phone and install custom firmware, all those wonderful automatic updates that you enjoy so much, they stop working.

Also, a lot of times, you have trouble accessing the store. Now for me, it's worth it because I've got an extra phone that I do extra stuff with my primary phone that I live on a day to day basis that if you call me this is what I'd pick up. I've never routed that. So as the person who is issuing the phone, routing devices is a really, really bad idea. If somebody wants to route a phone, let them go get their own phone and go about routing it. routing exposes you to all kinds of malware to all kinds of dangerous programs.

And it's a risk that I'm not willing to take if I'm offering somebody else a phone. So those are the issues that we can run into that individuals can do to our devices. Now let's take a moment and let's talk about what I'm just gonna call Big Brother. Hi, I'm Ed mic. Okay, so evil mic is an unfair thing to say, if I'm issuing smart devices to people, there are a lot of features on there that I should be actively monitoring to look for misuse. So what I want to do is just run through these really, really quick, so you understand why we need to avoid them.

Do you mind if I get rid of this? Oh, you try putting a mustache on a mustache. Okay, real quick. First of all, is firmware over the air updates. Now, firmware does get updated, and that's usually going to be dispersed by the actual people who run the operating system themselves. Although in some enterprises, if you're big enough, you can control that.

The downside to firmware over the air updates is that it can cost outrageous sums of money. So if you just want to double your data bill, any one given month, just make sure everybody has firmware over the air updates turned on so they can do it. Make sure that that's turned off across the board and on all these different smart operators. Systems that's a policy you can turn off from one control point. Second is camera use. Now this is a little bit maybe I should put the mustache back on, I get nervous about monitoring my peoples camera use, I discover that usually the better thing to do is have a written policy saying, we are monitoring all of the things you're doing on your camera, and you'll be surprised how much more careful people would be.

However, there is some serious litigation issues involved with misuse of cameras and don't go thinking naked pictures. There's all kinds of other things that can go on that are far more nefarious. Taking pictures of competitors, products, stealing barcodes, there's all kinds of things and direct monitoring is really the only way you can watch for stuff like this. The next one I want to talk about is SMS and MMS basically texting the issue we run into these is number one, what are our people SMS in and and texting out between each other but more importantly than that is really again, just cost. It's shocking how much people can overrun in terms of their bills, just by texting. It depends on what your billing system is.

But I have seen nightmare scenarios, especially when people kick into roaming things where they're in another geographical area. And suddenly bills go. Absolutely sky high. So be sure to watch for that. Next is external media. Now, when we're talking about external media, we're talking about two different things here.

Number one, have you actually plugged in a external storage device to your particular phone? or more commonly, what are we talking about an extra SD card that you can slide onto your phone to do whatever you might want to do? The downside to these is that if this phone is being used for company information, there is no easy way to prevent a user from copying that data from your phone onto the external media. So if you've got propriety information. If you have confidential information, you need to either get phones that absolutely turn it off, or at the very least have a good policy that people understand what they can and can't do in terms of external media. Now, the next two, and I'm going to kind of hit them at once, our recording microphone and GPS tag.

And the reason I'm putting these two things that sound disparate together is because these are used for that scariest of situation when somebody loses a phone. all operating systems have some kind of find my phone feature, and that's great. But you can often take that a step further, there are third party apps and tools out there that for example, if you press a button three times in quick succession, it will turn on the microphone. it'll send out GPS tagging, it will start pinging via text two or three or four different people until someone else can come in and punch in a code. If somebody is in a scary situation where they're uncomfortable. Those types of tools can be incredibly important.

So it goes way beyond simply losing a phone. And last is payment methods. payment methods are amazing. I love taking advantage of my Google pay features. I'm not an apple person, but I know Apple has one as well. Even things like PayPal provide all kinds of incredibly easy payment method tools, where your credit card or your bank account is connected to these things.

In many situations, direct real time monitoring is absolutely required. All of the tools that I use, have real time tracking to them. Now, luckily, I don't have a ton of employees. But in my situation, if anybody uses any of these devices, the moment they use it, I instantly get a text showing the amount and the device and the source what store they went to, to be able to get something like that. This is the first place that bad guys go to if they steal a phone, is they're going to try to use some of these pieces. payment methods.

Granted most payment methods take advantage of fingerprint tools and pass codes, but it's never a guarantee, especially if somebody is under duress with a very, very scary person.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.