Join Lisa Bock for an in-depth discussion in this video Securing mobile devices, part of IT Security Foundations: Network Security.
- Today's mobile devices are essentially a small computer designed to consume information. Because of an always-on connection and the amount of time spent on mobile devices, users should take precaution to secure the device. Mobile devices are small, and they can be easily lost or stolen. Passwords can be compromised. A couple of the things that you should keep in mind as far as mobile device best practices: Keep software updated. Patches and updates reduce the threats from malware attacks.
And secure your phone. To slow someone down from gaining access to your information you should use a passphrase or password. Use a biometric, such as a fingerprint, if available. And set and idle timeout to lock the phone when not in use. Use good web sense. Use a secure connection, such as HTTPS, while shopping or banking. And stay up to date on your device. Know of recent threats. Beware of apps. Don't download every app you see, because apps can expose sensitive data such as call history and contacts.
Apps can perform suspicious actions, such as recording conversations. They can also disable anti-malware. You should only obtain apps from trusted sources such as Apple iTunes, Google Play, or Amazon Appstore for Android. This helps prevent malware which is often distributed via apps. Also, once you download, you want to review any privacy policies and understand what data the app wants to access such as your location, social media information, before you download and install the app.
With privacy, only give your cell phone number to someone you know. Don't give other people's numbers out without their permission. Disable the geotagging feature so they don't always know where you are at any given time. And don't respond to numbers that you don't know. Vishing is voice phishing, and is used to obtain information. And you should obtain permission before you take anyone's picture. Some general advice. You should know how to block calls, either all incoming calls or individual names and numbers.
You should be courteous while texting others. Don't root or jailbreak your phone. This voids the manufacturer's warranty. And use encryption if supported. And you should enroll in something such as Find My iPhone or an equivalent service. I'm at this website where you can see that you can enroll in Find My iPhone if you have one. But there are equivalent services for other devices. And you should use caution when connecting. You should avoid unsecured or unprotected networks.
The WiFi Pineapple is a fake access point. The WiFi Pineapple is a fake access point that can be purchased for under $100. It can be set up as an open network as a trap to get you to join, which in fact, it's a man-in-the-middle attack. Its objective is to steal credentials and other information. Here's how it looks. You may be in a coffee shop or an airport, and you see free internet access. The access point is open, and you join it, which in fact it's a bogus access point, and it could be, as I said, a man-in-the-middle attack.
So use caution when connecting.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Implementing secure content management (SCM)
- Implementing unified threat management (UTM)
- Introducing VLANs
- NAT addressing
- Network sniffing
- Understanding common attack methods, such as password attacks
- Protecting clients with antivirus software
- Implementing physical security