mobile security tips and tricks for securing your iphone
play

Mobile security: Tips and tricks for securing your iPhone, Android - PowerPoint PPT Presentation

Oct 07, 2022 •216 likes •407 views

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri Overview What data needs to be protected, what

  1. Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri

  2. Overview • What data needs to be protected, what should we avoid storing on mobile devices. • What habits, settings and applications can help make your mobile devices more secure. • Settings for iPhones, Android and flash drives will be discussed.

  3. What information is to be protected – Data classification • http://doit.missouri.edu/security/data-classification • DCL1—Public • DCL2—Sensitive – Business, financial and research data • DCL3—Restricted – 12 elements of FERPA – PCI – Red flag – GLBA – 18 elements of HIPAA – Other personally identifiable data • DCL4--National Security Interest (NSI)

  4. FERPA protected elements • Course Roster • Couse grades • Courses taken • Schedule • Test scores • Advising records • Educational services received • Disciplinary actions • Student identification number • Social Security number • Student private email (with exceptions related to business processes) • Some medical details (if paid by federal program)

  5. PCI & Red FLAG • PCI – Full card number (unencrypted) – Card verification number • (3 or 4 digits back of card) – UM eCommerce Security Guide – http://doit.missouri.edu/security/inspection/eCommerceSecurityGuide.pdf • Red Flag – Based upon Identity theft program – SSN – Credit score – Credit card details – Tax details – http://www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm

  6. Graham Leach Bliley Act (GLBA) • Employee financial account information • Student financial account information (aid, grants, bills) • Individual financial information • Business partner and vendor financial account information

  7. HIPAA protected data elements • Names • All geographical details, including street address, city, county, precinct, zip code, • All elements of dates (except year) and all ages over 89 (including year) • Phone numbers • Fax numbers • Electronic mail addresses • Social Security numbers • Medical record numbers • Health plan beneficiary numbers • Account numbers • Certificate/license numbers • Vehicle identifiers and serial numbers, including license plate numbers • Device identifiers and serial numbers • Web Universal Resource Locators (URLs) • Internet Protocol (IP) address numbers • Biometric identifiers, including finger and voice prints • Full face photographic images and any comparable images and • Any other unique identifying number, characteristic, or code

  8. Why worry ? • Sophos survey – 22% had lost a phone or mobile device – 70% do not password protect phone • Google intelligence survey – 40% of organizations are planning to deploy mobile phone data encryption – 33% are already protecting their mobile phones with encryption products and services

  9. Using mobile devices more securely • iPhone • Android • Common across platforms • USB flash drives & other stuff

  10. iPhone • Enable auto lock • Enable passcode lock • Wireless – Use WPA and WPA2 – Only use WEP as last resort – WEP better than nothing – Disable when not needed – Choose wisely what wireless you attach to – Don’t act as access point for others – Rogue GSM rare but possible • Use VPN whenever possible • Take care loaning to others (kids, others) • Use native device usage restrictions • Find My iPhone / Remote data wipe • Docking phone may allow access in spite of encryption or Passlock

  11. Android • Set a screen lock password or pattern • Turn on SIM card lock if available • Take care docking or tethering devices • Do not act as an access point (hotspot) • Disable Bluetooth when not in use • Take care downloading from Market • Review application access for new apps • Take care were you store backups of your phone • Often androids tied to Gmail & Google accounts with stored password

  12. Common platform vulnerabilities • Cautious browsing • Not all browsers offer HTTPS(SSL) support • Sun Java • Flash Player • FLV Player • QR Code  • Jail breaking • Rogue Wi-Fi • Rogue GSM http://doit.missouri.edu/security • Same social media abuses as on PC

  13. Flash drives and other USB stuff • Limit where used to minimize risk • Password protect when appropriate • MacAfee encryption product for mobile devices soon • Virus check flash drives when used somewhere new • Attach to keychain or lanyard to avoid loss • Label exterior of device with return address or phone number • We are working on policy to mandate level 3 data be encrypted on mobile devices too. • Report loss of flash drives containing UM information • Other devices to protect? Cameras, MP3 players etc…

  14. Best practices • Devices storing data must have ID and Password – (8 Character Upper-Lower-Number-Symbol etc.) • Level 3 data should be protected with strong encryption • User and other trusted individual should have encryption keys if not centrally managed – (IT Pro, Co-PI, boss… someone trusted to see the data) • Keep devices patched and up to date • Run antivirus and keep it up to date • Take great care with mixing of personal and professional information • Lost & stolen devices containing UM information must be reported – http://infosec.missouri.edu/hr/mandatory-reporting.html

  15. Common Helper apps • Antivirus • Antitheft • Firewall • Lost device locator • Data scrub when lost

  16. Last Thoughts • Set a non-trivial numeric device passcode – Not 123456, 111111 etc. • Use passcodes consisting of additional character sets or greater lengths whenever possible. • Set an inactivity timeout to automatically lock the device after ten minutes • Use data storage encryption If possible especially for level 3 data. • Automatic data wiping after ten failed passcode entry attempts. • Enable the ability to remotely wipe data from lost/stolen devices • Prohibit other users from modifying or disabling security safeguards

  17. Questions

  18. References • http://doit.missouri.edu/security/inspection/eCommerceSecurityGuide.pdf • http://www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm • http://infosec.missouri.edu/hr/mandatory-reporting.html • http://www.pcworld.com/businesscenter/article/152128/six_essential_apple _iphone_security_tips.html • http://securityevaluators.com/content/case-studies/iphone/ • http://www.mulliner.org/ipahone/ • http://resources.infosecinstitute.com/android-tips-and-settings/ • http://informationsecurityhq.com/android-security/ • http://www.slideshare.net/ronaldotcom/the-current-state-of-mobile-security • http://www.pcworld.com/businesscenter/article/152128/six_essential_apple _iphone_security_tips.html • http://lifehacker.com/5738171/common-sense-security-for-your-iphone • http://www.sandisk.com/media/226716/enisa-whitepaper.pdf

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tips N Tricks Care and Feeding of the AM Transmitter Site (Grounding, Security,

Tips N Tricks Care and Feeding of the AM Transmitter Site (Grounding, Security,

Tips N Tricks Care and Feeding of the AM Transmitter Site (Grounding, Security, Maintenance, etc.) Agenda Overview Grounding Protecting equipment and engineers How much is too much? Jeff Welton Security Regional Sales

601 views • 27 slides
Tips N Tricks Care and Feeding of the FM Transmitter Site (Grounding, Cooling, Security,

Tips N Tricks Care and Feeding of the FM Transmitter Site (Grounding, Cooling, Security,

Tips N Tricks Care and Feeding of the FM Transmitter Site (Grounding, Cooling, Security, Maintenance, etc.) Agenda Overview Grounding Whats different from AM? Jeff Welton, CBRE Security Regional Sales Manager Central

704 views • 28 slides
Tips N Tricks How Not to Blow Stuff Up (Safety, IT Security, Maintenance, etc.) Agenda

Tips N Tricks How Not to Blow Stuff Up (Safety, IT Security, Maintenance, etc.) Agenda

Tips N Tricks How Not to Blow Stuff Up (Safety, IT Security, Maintenance, etc.) Agenda Overview Safety Fewer resources does not mean taking risks! Useful tools Grounding Protecting equipment and engineers

524 views • 30 slides
Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19

Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19

Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19 getting the most (security) out of your openssh The users perspective: least amount of hassle tradeoff between anxiety, angst and

559 views • 19 slides
Wireless Plans Bill Dickhardt 10/13/2017 My mobile gear iPhone SE (pay as you go) iPhone

Wireless Plans Bill Dickhardt 10/13/2017 My mobile gear iPhone SE (pay as you go) iPhone

Wireless Plans Bill Dickhardt 10/13/2017 My mobile gear iPhone SE (pay as you go) iPhone 6 (500/500/500 per month) 2 mobile hotspots (900MB each per month) Total cost per month?? ~$18.25 per month iPhone SE (~$2.00 per

322 views • 18 slides
(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers Philip

(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers Philip

(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers Philip Marquardt et al. ACM Computer and Communications Security 2011 By Ren-Jay Wang CS598 - COMPUTER SECURITY IN THE PHYSICAL An old kind of attack

446 views • 17 slides
Productivity tips & tricks Productivity tips & tricks for a developer for a developer

Productivity tips & tricks Productivity tips & tricks for a developer for a developer

Productivity tips & tricks Productivity tips & tricks for a developer for a developer Sebastian Witowski Sebastian Witowski 1 2 3 4 5 6 vs. vs. 7 8 dotles dotles .bashrc, .vimrc, .gitcong alias ..="cd

308 views • 15 slides
HSC FCO PRESENTS UNMJobs 2.0 Onboarding, Updates, Tips & Tricks, Q&A Session May 16,

HSC FCO PRESENTS UNMJobs 2.0 Onboarding, Updates, Tips & Tricks, Q&A Session May 16,

HSC FCO PRESENTS UNMJobs 2.0 Onboarding, Updates, Tips & Tricks, Q&A Session May 16, 2017 Agenda Onboarding Regular faculty TPTs System Updates New User Interface (update roll outs) Tips & Tricks

643 views • 14 slides
Tips and Tricks For Broadcast Engineers and Managers Agenda Overview Jeff Welton, CBRE Tips

Tips and Tricks For Broadcast Engineers and Managers Agenda Overview Jeff Welton, CBRE Tips

Tips and Tricks For Broadcast Engineers and Managers Agenda Overview Jeff Welton, CBRE Tips and Tricks Regional Sales Manager Central U.S. For Engineers For Managers Paul Freeman Tinkle, CRMC, CRSM President and General

1.25k views • 56 slides
Unpacking tips and tricks Protector Techniques Conclusion Samuel Chevet w4kfu@lse.epita.fr

Unpacking tips and tricks Protector Techniques Conclusion Samuel Chevet w4kfu@lse.epita.fr

Unpacking tips and tricks Samuel Chevet Presentation Process Unpacking tips and tricks Protector Techniques Conclusion Samuel Chevet w4kfu@lse.epita.fr http://www.lse.epita.fr 12 February 2013 Why this talk ? Unpacking tips and tricks

439 views • 26 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline

Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline

Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline Motivation Threat model and specific attacks Security architecture Security analysis Certificate revocation

751 views • 43 slides
Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC

Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC

Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC (August 2006) Srivaths Ravi (Email: sravi@nec- labs. com) NEC Laboratories America Princeton, NJ Security Requirements of Mobile Appliances

159 views • 12 slides
Casting with the Pros Tips and Tricks for Effective Phishing Nathan Sweaney @sweaney

Casting with the Pros Tips and Tricks for Effective Phishing Nathan Sweaney @sweaney

Casting with the Pros Tips and Tricks for Effective Phishing Nathan Sweaney @sweaney nathan@secureideas.com Nathan Sweaney Security Consultant with Secure Ideas BSidesOK Organizer ISSA Oklahoma OWASP Tulsa @sweaney

456 views • 34 slides
902 Grant Disbursements: Ti Tips, Tricks and Troubleshooting for a T i k d T bl h ti f

902 Grant Disbursements: Ti Tips, Tricks and Troubleshooting for a T i k d T bl h ti f

902 Grant Disbursements: Ti Tips, Tricks and Troubleshooting for a T i k d T bl h ti f Flawless Submission COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF ENVIRONMENTAL PROTECTION BUREAU OF WASTE MANAGEMENT ACT 101, SECTION 902 MUNICIPAL

635 views • 34 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Security and Performance Analysis of Encrypted NoSQL Databases M.W. Grim BSc., Abe Wiersma BSc.

Security and Performance Analysis of Encrypted NoSQL Databases M.W. Grim BSc., Abe Wiersma BSc.

Security and Performance Analysis of Encrypted NoSQL Databases M.W. Grim BSc., Abe Wiersma BSc. Supervisor: F. Turkmen PhD February 6, 2017 University of Amsterdam Introduction Problem Securely storing BigData on NoSQL database systems.

669 views • 48 slides
Analysis of the WinZip Encryption Method Paper by: Tadayoshi Kohno Presented by: Ken, Mike,

Analysis of the WinZip Encryption Method Paper by: Tadayoshi Kohno Presented by: Ken, Mike,

Analysis of the WinZip Encryption Method Paper by: Tadayoshi Kohno Presented by: Ken, Mike, Jeremy & Paul The popular compression utility for Microsoft Windows computers Easy-to-use AES encryption - Advanced Encryption version

492 views • 38 slides
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
OpenVMS hypervised as-is artedi e.U. Agenda I so what is Hypervision ? and why is

OpenVMS hypervised as-is artedi e.U. Agenda I so what is Hypervision ? and why is

OpenVMS hypervised as-is artedi e.U. Agenda I so what is Hypervision ? and why is it needed/used ? Types of Hypervision why not OpenVMS ? Processor Architectures artedi e.U. Mai-16 2 Agenda - II what else is

660 views • 38 slides
Electrical Medical Records La Trobe University, Monash University, Victoria University and RMIT

Electrical Medical Records La Trobe University, Monash University, Victoria University and RMIT

Efficient and Secure Cloud Based Healthcare Systems for the Storage of Electrical Medical Records La Trobe University, Monash University, Victoria University and RMIT What We Will Cover Today Introduction and Motivation Introduction

472 views • 44 slides
Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary

Addressing Your Number 1 Security Risk: Data Privacy, Data Encryption A Complimentary Webinar From healthsystemCIO.com Sponsored by Proofpoint Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Slide Deck:

468 views • 22 slides
Full Disk Encryption Larry Carson, Associate Director, Information Security Management What

Full Disk Encryption Larry Carson, Associate Director, Information Security Management What

Full Disk Encryption Larry Carson, Associate Director, Information Security Management What Security Really Looks Like at UBC New s-w orthy Security I ncidents UBC Laptop Loss & UVic Loss of 11,845 VGH Loss of 450 medical Recovery with

426 views • 17 slides
Privacy Preserving Privacy Preserving Netw ork Flow Netw ork Flow Recording Recording Bilal

Privacy Preserving Privacy Preserving Netw ork Flow Netw ork Flow Recording Recording Bilal

Privacy Preserving Privacy Preserving Netw ork Flow Netw ork Flow Recording Recording Bilal Shebaro Shebaro (Computer Science (Computer Science- - UNM) UNM) Bilal Jedidiah R. Crandall R. Crandall (Computer Science (Computer Science- -

464 views • 33 slides

More recommend