Deploying and Managing Mobility Securely - PowerPoint PPT Presentation

1 / 31

About This Presentation

Title:

Deploying and Managing Mobility Securely

Description:

A Smartphone/Pocket PC is not the same as a PC it's just a phone/PDA that got ... Authentication protocols: PAP, CHAP, MS-CHAP, NTLM, TLS. Data protection ... – PowerPoint PPT presentation

Number of Views:80

Avg rating:3.0/5.0

Slides: 32

Provided by: downloadM

Category:

more less

Transcript and Presenter's Notes

Title: Deploying and Managing Mobility Securely

1
Deploying and Managing Mobility Securely

Jason Langridge
UK Mobility Business Manager

2
Agenda

Observations and Questions for you!
What are we protecting?
Threats and how to mitigate them
Managing and enforcing policy
Summary

3
Statements and observations

Security is an excuse not a reason not to
deploy a mobile solution
A Smartphone/Pocket PC is not the same as a PC
its just a phone/PDA that got really really
smart
The use of mobile devices is very different to a
laptop
Security and Device Management are not
independent they are intrinsically linked

4
Questions for you!

Do you have a mobile device security policy?
Its not the same as a laptop policy.
Do you let security influence your choice of
device or platform?
Who is handling your data as it goes from its
corporate home to your users mobile devices?
Is security designed into any custom mobile apps
or an afterthought?

5
What Are We Protecting?

The physical device?
Corporate Knowledge?
Misuse of Resources(and increased costs)?
Corporate legal exposure
Sarbanes-Oxley, GLBA (US),
Privacy Directive, Data Protection Directive
(EU),and Safe Harbor Principles (US)
OECD Fair Information Practices
CFAA (Computer Fraud and Abuse Act)

6
Fundamental Tradeoff
Secure
You get to pick any two!
Usable
Cost
7
Threats and how to mitigate them

Major threat categories
Unauthorized Access to device
Unauthorized Access to data
Interception of data
Viruses and trojan applications
Perform Risk Assessment
Establish Policy for
Device Password
Anti-Virus
Application Installation and Execution
Transmission of Data
Data Protection

8
1. Device Password

4-digit PIN (Pocket PC)
Strong password (Pocket PC SmartPhone)
gt4 digit PIN (Smartphone)
Exponential delay with incorrect password
Password protected ActiveSync partnership
Now enforceable and manageable through MSFP and
SMS

9
2. Anti-Virus Software

Built-in APIs for Anti-virus solutions
Computer Associates
F-Secure
McAfee
SOFTWIN
Airscanner
Trend
Personal Firewall
Bluefire Security Technologies
Check Point VPN-1 SecureClient

10
3. Application Level Security
11
3. Application-level Security1 tier and 2
tier?

Smartphone supports 2 tier If an application
is not blocked, it could be signed for one of 2
different trust levels

Trusted Access to all registries, APIs,
hardware interfaces
Normal Exists only on two-tier devices
Some APIs restricted, parts of Registry are
read-only
gt95 of device accessible, adequate for almost
all apps
Intended as a way to improve reliability of apps,
not a primary defense against damage from
malicious code

12
3. Application-level Security1 tier and 2
tier?

New to Windows Mobile 5.0 Pocket PC supports 1
tier
The configuration or application is either
blocked completely or trusted completely

13
4. Securing transmission of data

Network Authentication
NTLM versions 1 and 2
SSL Basic and TLS Client Authentication
WiFi 802.1x user auth using
Protected EAP (PEAP)
EAP/TLS (cert-based)
WPA

14
4. Windows Mobile VPN
15
5. Data Protection

Limit the data to just what is needed.
Cryptographic services for applications are
built-in (Crypto API v2)
SQL-CE provides 128-bit encryption (PPC only)
3rd Party options

16
Summary of Windows Mobile Security Features

Perimeter protection
Device lock PIN, Strong, exponential delay
Authentication protocols PAP, CHAP, MS-CHAP,
NTLM, TLS
Data protection
128-bit Cryptographic services CAPIv2
Code signing (SmartPhone only)
Anti-virus API
Network protection
OTA device management security
Secure Browsing HTTP (SSL), WAP (WTLS)
Virtual Private Networking (PPTP, L2TP IPSec)
Wireless network protection (WEP, 802.1x, WPA)

17
Mobile Device Management and Security Challenges

Devices infrequently connected to an
organisations network
Low bandwidth, higher cost connections
Unreliable connections
Device loss that leads to work stoppage

18
Customer requests for mobile device management

Security Data protection
Ensuring corporate data on the device is secure
Configuration Applying settings
Applying networking, application and security
settings
Inventory Asset and version tracking
Storing device serial numbers, OS and application
versions
Application deployment and update
Deploying applications, and updating or patching
based on version
OS Deployment and update

MSFP will provide
19
SMS 2003 Device Management Feature Pack (DMFP)

Add-on to SMS 2003 SP1 to manage Pocket PC,
Pocket PC Phone and Windows CE based devices
Components install on SMS 2003 site systems
Client agent installs on Windows Mobile devices
via SD Card or Activesync
Device clients can connect direct to the SMS
server independent of a PC
Aimed at the major feature requests

20
Feature Set

Hardware/Software inventory
File collection
Software distribution
Script execution
Settings management
Password policy management
Automated client distribution via SMS 2003
Advanced Client desktop

21
Mobile Device Management Working environments

Customers already deployed or licensed for SMS
Support for both personal and line of business
devices
Flexible configuration required
SMS 2003 Device Management Feature Pack (DMFP)

Customers who dont currently have a management
solution in place
Managing critical business processes
Robust configuration management
b2m solutions - mProdigy

22
Mobile Enterprise Management
Tom Fell Mobile Systems Architect, b2m solutions
23
mProdigyFive Software Modules
Application Monitoring
Supplier Management
Focus for todays presentation
Communications Management
Asset Management
Device Management
24
mProdigy Features

Hands off commissioning of devices
Deployment Profiles
detailed device configuration management
provides tight control whilst maintaining
flexibility
support multiple device types in the same
operational role
Patches for ad-hoc updates
Remote diagnostics
Remote warm / cold reboot
Cold boot resilience
Distributed deployment

25
mProdigy Features

Asset register includes details of devices and
associated peripherals
Repair loop management
Event tracking (used by Supplier Management
Application Monitoring)
Alerts
Manage devices by group / location / function
GPRS / 802.11 /Ethernet Support
Efficient and robust communications
infrastructure (optimised protocol for pay per
byte networks)

26
mProdigyFive Software Modules
Application Monitoring
Supplier Management
Change Management
Communications Management
Asset Management
Device Management
Technology Management
27
Mobile Device Management Demonstration

Tom Fell
Mobile Systems Architect, b2m solutions

28
Summary and Recommendations

Security is no longer an excuse
Define a security policy for mobile devices
Find out how many devices are in use in your
organisation!
If you need
Security Policy and Password Policy control
MSFP
Software deployment, settings management and
asset control Management Solution

http//www.microsoft.com/uk/technet

30
References

Windows Mobile Security White paper
http//www.microsoft.com/windowsmobile/resources/w
hitepapers/security.mspx
Security Product Solutions
http//www.microsoft.com/windowsmobile/information
/businesssolutions/security/secsearch.aspx

31
3rd Party Solution Providers