Mobile (in)security? @ Mobile Edge '14

Post on 11-Jul-2015

210 views 3 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

transcript

Cláudio André / ca@integrity.pt

/// Mobile (in)security ?

2

/// MOBILE (IN)SECURITY ?

WHOAMI

•  Pentester at Integrity S.A.

•  Web applications, Mobile Applications and

Infrastructure

•  BSc in Management Information Technology

•  Offensive Security Certified Professional

3

/// MOBILE (IN)SECURITY ?

MOBILE EQUIPMENTS

http://www.idc.com/prodserv/smartphone-os-market-share.jsp

301.3 million shipments 2014Q2

4

/// MOBILE (IN)SECURITY ?

2014Q2 MARKETSHARE

84.7%

11.7%

2.5% 0.5% 0.7%

Android

iOS

Windows Phone

BlackBerry OS

Others

http://www.idc.com/prodserv/smartphone-os-market-share.jsp

5

/// MOBILE (IN)SECURITY ?

MOBILE PLATFORMS ON ENTERPRISE

BYOD & Mobile Security 2013 Survey Linkedin Information Security Group

6

/// MOBILE (IN)SECURITY ?

ENTERPRISES MAIN SECURITY CONCERNS

BYOD & Mobile Security 2013 Survey Linkedin Information Security Group

7

/// MOBILE (IN)SECURITY ?

ENTERPRISES MAIN SECURITY CONCERNS

I'm not a Hacker. Just a silly guy with a ski mask on. Don't know what I'm doing.

8

/// MOBILE (IN)SECURITY ?

SECURITY HORROR STORIES 2014 (SO FAR...)

Ebay - 145 million users and encrypted email address. JP Morgan Chase - Customer information of 76 million households and 7 million business. Home Depot - 56 million debit and credit cards. Target - 40 million credit and debit cards. Community Health Systems - Personal data of 4.5 million patients.

9

/// MOBILE (IN)SECURITY ?

ATTACK VECTORS

10

/// MOBILE (IN)SECURITY ?

ATTACK VECTORS

Device Network Server

11

/// MOBILE (IN)SECURITY ?

ATTACK VECTORS

•  Browser •  System •  Phone / SMS •  Apps •  Malware •  ...

Device

12

/// MOBILE (IN)SECURITY ?

ATTACK VECTORS

Tech details in: http://security.claudio.pt

13

/// MOBILE (IN)SECURITY ?

ATTACK VECTORS

Network •  Packet Sniffing •  Man-In-The-Middle (MITM) •  Rogue Access Point •  ...

14

/// MOBILE (IN)SECURITY ?

ATTACK VECTORS

Server •  Brute Force Attacks •  SQL Injections •  OS Command Execution •  ...

15

/// MOBILE (IN)SECURITY ?

A WAY TO...

Mobile Device Management; Mobile Application Management; Endpoint Security Tools; Network Access Control (NAC) Endpoint Malware Protections; …..

16

/// MOBILE (IN)SECURITY ?

MOBILE DEVICE MANAGEMENT

-  Focus on the Device -  Provisioning -  Security Policies Enforcement -  Reporting and Monitoring -  Software Distribution

17

/// MOBILE (IN)SECURITY ?

MOBILE APPLICATION MANAGEMENT

-  Focus on the Applications -  Same as previous but applied to the applications. -  Corporate App Store (wrapping)

18

/// MOBILE (IN)SECURITY ?

WHICH ONE TO CHOOSE ?

-  Depends on your objectives -  Mixed solution

19

/// MOBILE (IN)SECURITY ?

NOT ONLY *WARE APPROACH

-  Defense-In-Depth -  Raise User Awareness -  Secure Development Best Practises (OWASP) -  Threat Modeling -  Continuous Penetration Testing

20

Thank you.

Top related

Get Started with Raiser's Edge NXT - Blackbaud · Get Started with Raiser's Edge NXT An Overview of Relationship and Security Management on Your Desktop or Mobile Device Raiser's
Documents
Overview of the Cisco 3825 Mobile Wireless Edge · PDF fileCisco 3825 Mobile Wireless Edge Router Software Configuration Guide ... The Cisco 3825 Mobile Wireless Edge Router is a ...
Documents
What's next for enterprise mobility mobile edge @ Mobile Edge '14
Mobile
Mobile Edge
Entertainment & Humor
Mobile security powerpoint explaining common mobile security features
Mobile
Content-Based Mobile Edge Networking (CBMEN) DARPA … 2011 5 13... · Content-Based Mobile Edge Networking (CBMEN) DARPA-BAA ... Content-Based Mobile Edge Networking (CBMEN) ...
Documents
Security SAP Mobile Platform 2.3 SP03 - SyBooks Onlineinfocenter.sybase.com/.../doc/pdf/smp_security.pdf · Network Edge Single Sign-on Authentication ... DMZ Security.....133 Relay
Documents
TRITON Mobile Security Help - ForcepointTRITON Mobile Security Help | Mobile Security Solutions Welcome to Websense ® TRITON® Mobile Security. Mobile Se curity is a cloud-based service
Documents
Mobile Edge in Focus - Automotive
Documents
In-Edge AI: Intelligentizing Mobile Edge Computing, Caching and ... · In-Edge AI: Intelligentizing Mobile Edge Computing, Caching and Communication by Federated Learning Xiaofei
Documents
mobile app edge
Documents
BBVA Innovation Edge. Mobile Payments
Economy & Finance
In-Edge AI: Intelligentizing Mobile Edge Computing ...
Documents
Akamai Edge Security Solutions Brochure | Akamai · Akamai Edge Security Solutions 4 Akamai edge security solutions are deployed on a global platform that extends from your applications
Documents
2011 Mobile Edge Catalog
Documents
Internet & MobIle ConneCtIvIty, H.264, DAy/nIGHt 8 ......Internet & MobIle ConneCtIvIty, H.264, DAy/nIGHt (8x8, 8x4) 8 CHAnnel eDGe+ SeCUrIty CAMerA SySteM lH328 edge+ Series HoMe
Documents
Edge Security with Forefront Sandeep Modhvadia Security Specialist.
Documents
Innovation Edge. Mobile Banking (English)
Documents
08-ETSI Mobile Edge Computing - MEC Congress 2016 18 … · ETSI%White%Paper%“Mobile%Edge%Computing% Nakey% ... ETSI MEC first term ETSI MEC second term. ... 08-ETSI Mobile Edge
Documents
Converged. Holistic. Borderless. · Unisys Mobile Security Mobile Environment Management Mobile Assessments & Consulting Mobile Security Mobile App Development Mobile Infrastructure
Documents

Copyright © 2018 DOCUMENTS