mobile security tips and tricks for securing your iphone
play

Mobile security: Tips and tricks for securing your iPhone, Android - PowerPoint PPT Presentation

Oct 07, 2022 •216 likes •407 views

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri Overview What data needs to be protected, what

  1. Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri

  2. Overview • What data needs to be protected, what should we avoid storing on mobile devices. • What habits, settings and applications can help make your mobile devices more secure. • Settings for iPhones, Android and flash drives will be discussed.

  3. What information is to be protected – Data classification • http://doit.missouri.edu/security/data-classification • DCL1—Public • DCL2—Sensitive – Business, financial and research data • DCL3—Restricted – 12 elements of FERPA – PCI – Red flag – GLBA – 18 elements of HIPAA – Other personally identifiable data • DCL4--National Security Interest (NSI)

  4. FERPA protected elements • Course Roster • Couse grades • Courses taken • Schedule • Test scores • Advising records • Educational services received • Disciplinary actions • Student identification number • Social Security number • Student private email (with exceptions related to business processes) • Some medical details (if paid by federal program)

  5. PCI & Red FLAG • PCI – Full card number (unencrypted) – Card verification number • (3 or 4 digits back of card) – UM eCommerce Security Guide – http://doit.missouri.edu/security/inspection/eCommerceSecurityGuide.pdf • Red Flag – Based upon Identity theft program – SSN – Credit score – Credit card details – Tax details – http://www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm

  6. Graham Leach Bliley Act (GLBA) • Employee financial account information • Student financial account information (aid, grants, bills) • Individual financial information • Business partner and vendor financial account information

  7. HIPAA protected data elements • Names • All geographical details, including street address, city, county, precinct, zip code, • All elements of dates (except year) and all ages over 89 (including year) • Phone numbers • Fax numbers • Electronic mail addresses • Social Security numbers • Medical record numbers • Health plan beneficiary numbers • Account numbers • Certificate/license numbers • Vehicle identifiers and serial numbers, including license plate numbers • Device identifiers and serial numbers • Web Universal Resource Locators (URLs) • Internet Protocol (IP) address numbers • Biometric identifiers, including finger and voice prints • Full face photographic images and any comparable images and • Any other unique identifying number, characteristic, or code

  8. Why worry ? • Sophos survey – 22% had lost a phone or mobile device – 70% do not password protect phone • Google intelligence survey – 40% of organizations are planning to deploy mobile phone data encryption – 33% are already protecting their mobile phones with encryption products and services

  9. Using mobile devices more securely • iPhone • Android • Common across platforms • USB flash drives & other stuff

  10. iPhone • Enable auto lock • Enable passcode lock • Wireless – Use WPA and WPA2 – Only use WEP as last resort – WEP better than nothing – Disable when not needed – Choose wisely what wireless you attach to – Don’t act as access point for others – Rogue GSM rare but possible • Use VPN whenever possible • Take care loaning to others (kids, others) • Use native device usage restrictions • Find My iPhone / Remote data wipe • Docking phone may allow access in spite of encryption or Passlock

  11. Android • Set a screen lock password or pattern • Turn on SIM card lock if available • Take care docking or tethering devices • Do not act as an access point (hotspot) • Disable Bluetooth when not in use • Take care downloading from Market • Review application access for new apps • Take care were you store backups of your phone • Often androids tied to Gmail & Google accounts with stored password

  12. Common platform vulnerabilities • Cautious browsing • Not all browsers offer HTTPS(SSL) support • Sun Java • Flash Player • FLV Player • QR Code  • Jail breaking • Rogue Wi-Fi • Rogue GSM http://doit.missouri.edu/security • Same social media abuses as on PC

  13. Flash drives and other USB stuff • Limit where used to minimize risk • Password protect when appropriate • MacAfee encryption product for mobile devices soon • Virus check flash drives when used somewhere new • Attach to keychain or lanyard to avoid loss • Label exterior of device with return address or phone number • We are working on policy to mandate level 3 data be encrypted on mobile devices too. • Report loss of flash drives containing UM information • Other devices to protect? Cameras, MP3 players etc…

  14. Best practices • Devices storing data must have ID and Password – (8 Character Upper-Lower-Number-Symbol etc.) • Level 3 data should be protected with strong encryption • User and other trusted individual should have encryption keys if not centrally managed – (IT Pro, Co-PI, boss… someone trusted to see the data) • Keep devices patched and up to date • Run antivirus and keep it up to date • Take great care with mixing of personal and professional information • Lost & stolen devices containing UM information must be reported – http://infosec.missouri.edu/hr/mandatory-reporting.html

  15. Common Helper apps • Antivirus • Antitheft • Firewall • Lost device locator • Data scrub when lost

  16. Last Thoughts • Set a non-trivial numeric device passcode – Not 123456, 111111 etc. • Use passcodes consisting of additional character sets or greater lengths whenever possible. • Set an inactivity timeout to automatically lock the device after ten minutes • Use data storage encryption If possible especially for level 3 data. • Automatic data wiping after ten failed passcode entry attempts. • Enable the ability to remotely wipe data from lost/stolen devices • Prohibit other users from modifying or disabling security safeguards

  17. Questions

  18. References • http://doit.missouri.edu/security/inspection/eCommerceSecurityGuide.pdf • http://www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm • http://infosec.missouri.edu/hr/mandatory-reporting.html • http://www.pcworld.com/businesscenter/article/152128/six_essential_apple _iphone_security_tips.html • http://securityevaluators.com/content/case-studies/iphone/ • http://www.mulliner.org/ipahone/ • http://resources.infosecinstitute.com/android-tips-and-settings/ • http://informationsecurityhq.com/android-security/ • http://www.slideshare.net/ronaldotcom/the-current-state-of-mobile-security • http://www.pcworld.com/businesscenter/article/152128/six_essential_apple _iphone_security_tips.html • http://lifehacker.com/5738171/common-sense-security-for-your-iphone • http://www.sandisk.com/media/226716/enisa-whitepaper.pdf

Recommend

Tips N Tricks Care and Feeding of the AM Transmitter Site (Grounding, Security,

Tips N Tricks Care and Feeding of the AM Transmitter Site (Grounding, Security,

Tips N Tricks Care and Feeding of the AM Transmitter Site (Grounding, Security, Maintenance, etc.) Agenda Overview Grounding Protecting equipment and engineers How much is too much? Jeff Welton Security Regional Sales

601 views • 27 slides
Tips N Tricks Care and Feeding of the FM Transmitter Site (Grounding, Cooling, Security,

Tips N Tricks Care and Feeding of the FM Transmitter Site (Grounding, Cooling, Security,

Tips N Tricks Care and Feeding of the FM Transmitter Site (Grounding, Cooling, Security, Maintenance, etc.) Agenda Overview Grounding Whats different from AM? Jeff Welton, CBRE Security Regional Sales Manager Central

704 views • 28 slides
Tips N Tricks How Not to Blow Stuff Up (Safety, IT Security, Maintenance, etc.) Agenda

Tips N Tricks How Not to Blow Stuff Up (Safety, IT Security, Maintenance, etc.) Agenda

Tips N Tricks How Not to Blow Stuff Up (Safety, IT Security, Maintenance, etc.) Agenda Overview Safety Fewer resources does not mean taking risks! Useful tools Grounding Protecting equipment and engineers

524 views • 30 slides
Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19

Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19

Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19 getting the most (security) out of your openssh The users perspective: least amount of hassle tradeoff between anxiety, angst and

559 views • 19 slides
Wireless Plans Bill Dickhardt 10/13/2017 My mobile gear iPhone SE (pay as you go) iPhone

Wireless Plans Bill Dickhardt 10/13/2017 My mobile gear iPhone SE (pay as you go) iPhone

Wireless Plans Bill Dickhardt 10/13/2017 My mobile gear iPhone SE (pay as you go) iPhone 6 (500/500/500 per month) 2 mobile hotspots (900MB each per month) Total cost per month?? ~$18.25 per month iPhone SE (~$2.00 per

322 views • 18 slides
(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers Philip

(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers Philip

(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers Philip Marquardt et al. ACM Computer and Communications Security 2011 By Ren-Jay Wang CS598 - COMPUTER SECURITY IN THE PHYSICAL An old kind of attack

446 views • 17 slides
Productivity tips & tricks Productivity tips & tricks for a developer for a developer

Productivity tips & tricks Productivity tips & tricks for a developer for a developer

Productivity tips & tricks Productivity tips & tricks for a developer for a developer Sebastian Witowski Sebastian Witowski 1 2 3 4 5 6 vs. vs. 7 8 dotles dotles .bashrc, .vimrc, .gitcong alias ..="cd

308 views • 15 slides
HSC FCO PRESENTS UNMJobs 2.0 Onboarding, Updates, Tips & Tricks, Q&A Session May 16,

HSC FCO PRESENTS UNMJobs 2.0 Onboarding, Updates, Tips & Tricks, Q&A Session May 16,

HSC FCO PRESENTS UNMJobs 2.0 Onboarding, Updates, Tips & Tricks, Q&A Session May 16, 2017 Agenda Onboarding Regular faculty TPTs System Updates New User Interface (update roll outs) Tips & Tricks

643 views • 14 slides
Tips and Tricks For Broadcast Engineers and Managers Agenda Overview Jeff Welton, CBRE Tips

Tips and Tricks For Broadcast Engineers and Managers Agenda Overview Jeff Welton, CBRE Tips

Tips and Tricks For Broadcast Engineers and Managers Agenda Overview Jeff Welton, CBRE Tips and Tricks Regional Sales Manager Central U.S. For Engineers For Managers Paul Freeman Tinkle, CRMC, CRSM President and General

1.25k views • 56 slides
Unpacking tips and tricks Protector Techniques Conclusion Samuel Chevet w4kfu@lse.epita.fr

Unpacking tips and tricks Protector Techniques Conclusion Samuel Chevet w4kfu@lse.epita.fr

Unpacking tips and tricks Samuel Chevet Presentation Process Unpacking tips and tricks Protector Techniques Conclusion Samuel Chevet w4kfu@lse.epita.fr http://www.lse.epita.fr 12 February 2013 Why this talk ? Unpacking tips and tricks

439 views • 26 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline

Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline

Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline Motivation Threat model and specific attacks Security architecture Security analysis Certificate revocation

751 views • 43 slides
Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC

Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC

Securing Next- generation Mobile Platf orms: The User- to- Device Authentication I ssue MPSoC (August 2006) Srivaths Ravi (Email: sravi@nec- labs. com) NEC Laboratories America Princeton, NJ Security Requirements of Mobile Appliances

159 views • 12 slides
Casting with the Pros Tips and Tricks for Effective Phishing Nathan Sweaney @sweaney

Casting with the Pros Tips and Tricks for Effective Phishing Nathan Sweaney @sweaney

Casting with the Pros Tips and Tricks for Effective Phishing Nathan Sweaney @sweaney nathan@secureideas.com Nathan Sweaney Security Consultant with Secure Ideas BSidesOK Organizer ISSA Oklahoma OWASP Tulsa @sweaney

456 views • 34 slides
902 Grant Disbursements: Ti Tips, Tricks and Troubleshooting for a T i k d T bl h ti f

902 Grant Disbursements: Ti Tips, Tricks and Troubleshooting for a T i k d T bl h ti f

902 Grant Disbursements: Ti Tips, Tricks and Troubleshooting for a T i k d T bl h ti f Flawless Submission COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF ENVIRONMENTAL PROTECTION BUREAU OF WASTE MANAGEMENT ACT 101, SECTION 902 MUNICIPAL

635 views • 34 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Being the best recorder player you can be Tips and tricks for getting the most out of your

Being the best recorder player you can be Tips and tricks for getting the most out of your

Presentation Flte Alors! Being the best recorder player you can be Tips and tricks for getting the most out of your practice and tackling difficult passages Good morning everyone. My name is Sarah Jeffery, and I am a recorder player living

470 views • 6 slides
cert.govt.nz security week slides https://www.cert.govt.nz/ PART 2 Matts Security Tips and

cert.govt.nz security week slides https://www.cert.govt.nz/ PART 2 Matts Security Tips and

Before we get started cert.govt.nz security week slides https://www.cert.govt.nz/ PART 2 Matts Security Tips and Tricks Hackers What do they want? Your Financial or Personal Info Hack your bank accounts, transfer money Sell

868 views • 39 slides
Tips on Securing Drupal Sites Greg Monroe SolarWind MSP DrupalCamp Atlanta 2018 The information

Tips on Securing Drupal Sites Greg Monroe SolarWind MSP DrupalCamp Atlanta 2018 The information

Tips on Securing Drupal Sites Greg Monroe SolarWind MSP DrupalCamp Atlanta 2018 The information here is my own and not the views of my employer Security the Final Frontier This is a semi-case study based on my experiences Not a Deep Dive

1.25k views • 30 slides
SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

NON-PROFIT PRESENTATION TIPS FOR NON-PROFIT PRESENTATION TIPS FOR SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 | info@212mediastudios.com Having an efgective communication strategy is the fjrst step for your

116 views • 9 slides
Developing for Mobile Platforms Media Computing 12 iPhone Application Programming Group The

Developing for Mobile Platforms Media Computing 12 iPhone Application Programming Group The

Developing for Mobile Platforms Media Computing 12 iPhone Application Programming Group The iOS Family Media Computing 13 iPhone Application Programming Group Mobile Device Characteristics Screen size is compact Memory is limited

546 views • 35 slides
Mobile Privacy: Tor On The iPhone And Other Unusual Devices Marco Bonetti - CutAway s.r.l.

Mobile Privacy: Tor On The iPhone And Other Unusual Devices Marco Bonetti - CutAway s.r.l.

Mobile Privacy: Tor On The iPhone And Other Unusual Devices Marco Bonetti - CutAway s.r.l. whoami Marco Bonetti Security Consultant @ CutAway s.r.l. mbonetti@cutaway.it http://www.cutaway.it/ Tor user & researcher @ SLP-IT

943 views • 53 slides
GOOD MORNING! THINK BIG, BE GREAT! Tips, tricks, and little bit of fun for engaging with our

GOOD MORNING! THINK BIG, BE GREAT! Tips, tricks, and little bit of fun for engaging with our

GOOD MORNING! THINK BIG, BE GREAT! Tips, tricks, and little bit of fun for engaging with our community Britt Delo & Keegan Aalderink Michigan West Coast Chamber of Commerce ITS ALL ABOUT YOU! Working together to improve the quality

524 views • 15 slides
FM Translators for AM stations We have the license, now what? (and other translator tips, tricks

FM Translators for AM stations We have the license, now what? (and other translator tips, tricks

FM Translators for AM stations We have the license, now what? (and other translator tips, tricks and suggestions) Agenda Overview Legal Audio source Chuck Kelly Jeff Welton Originating program Regional Sales Manager, Regional

216 views • 18 slides

More recommend