Deploying Mobility Securely - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Deploying Mobility Securely

Description:

Deploying Mobility Securely. The Risks. It's just my calendar! Theft and loss ... Picture order changes. Avoid pattern recognition. Balances screen scratches ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 25
Provided by: Shar3
Category:

less

Transcript and Presenter's Notes

Title: Deploying Mobility Securely


1
Deploying Mobility Securely
2
The Risks
  • Its just my calendar!
  • Theft and loss
  • Personal device ownership
  • Malicious software
  • Cracking and hacking

3
Attack surfaces
1. Secure the device
2. Secure the data
3. Secure the communications
4
Security Practises
  • Perform Risk Assessment
  • Establish Policy for
  • Authentication
  • Encrypted Connectivity
  • Encrypted Data
  • Anti-Virus
  • Execution Control
  • Automate enforcement
  • Recovery

5
1. Authentication
  • Device Password
  • Network/Internet Access
  • Certificates

6
Device Password - Microsoft
  • 4-digit PIN (Pocket PC)
  • Strong password (Pocket PC SmartPhone)
  • gt4 digit PIN (Smartphone)
  • Exponential delay with incorrect password
  • Password protected ActiveSync partnership

7
Device Password OEM
HP iPAQ 5400 Series
Fingerprint reader
8
Device Password 3rd Party
  • Picture sequence
  • Tells a story
  • Easy to remember
  • Picture order changes
  • Avoid pattern recognition
  • Balances screen scratches
  • Short and long sequence
  • Quick access short PIN
  • Incorrect PIN reverts to long PIN

Pointsec Software
9
Device Password 3rd Party
  • Password Replacement
  • Secures PDA access
  • Uses secret sign biometric
  • Sandia Laboratories Tested
  • Scenarios
  • Information warfare
  • Homeland defense
  • HIPPA compliance
  • Enterprise security

Crypto-Sign TM
10
Network/Internet Access
  • NTLM Authentication
  • Challenge Handshake Authentication Protocol (CHAP
    and MS-CHAP versions 1 and 2)
  • Password Authentication Protocol (PAP)

11
Certificates
  • Support for x.509 certificates
  • Can authenticate users, operators, and servers
  • Securely stored, managed and deleted on the device

12
2. Encrypted Connectivity
  • VPN protocol support
  • PPTP and IPSec/L2TP
  • Encryption for secure web sites
  • 128 bit SSL
  • WTLS class 2
  • Encryption for LAN connectivity
  • VPN
  • 802.1x EAP-TLS and PEAP

13
3. Data Protection
  • Limit the data to just what is needed.
  • Data resident on storage cards
  • Cryptographic services for applications are
    built-in (Crypto API v2)
  • SQL-CE provides 128-bit encryption (PPC only)
  • Data thats never on the device can never be
    lost.
  • Web-based applications
  • Terminal Services

14
4. Anti-Virus Software
  • Built-in APIs for Anti-virus solutions
  • Computer Associates
  • F-Secure
  • McAfee
  • SOFTWIN
  • Personal Firewall
  • Bluefire Security Technologies
  • Check Point VPN-1 SecureClient

15
5. Execution Control
  • Smartphone now - Pocket PC in future release.
  • Based on application signing and protects in two
    ways
  • Installation
  • Execution
  • Modes of operation
  • All apps allowed
  • Prompt user when un-signed app is trying to
    install or execute
  • Only signed applications (chaining to a trusted
    root certificate) are allowed
  • Can revoke applications
  • By author (revoke a signing cert)
  • By executable (revoke a hash)
  • Windows Mobile Mobile-2-Market program
  • Run registered applications as unprivileged

16
Automated Enforcement
  • Odyssey Software
  • Policy management facility that limits which
    applications a user can access at specific time
    periods of the day
  • Trust Digital LLC
  • PDASecure Policy Editor provides centralized
    management to push security policies to all your
    PDA users
  • Symbol Technologies, Inc.
  • Policy management facility that limits which
    applications a user can access

17
Recovery
  • Replacement devices
  • Backup file
  • Data on PC
  • Data on network server
  • Restore process on secure web server

18
Summary of Windows Mobile Security Features
  • Perimeter protection
  • Device lock PIN, Strong, exponential delay
  • Authentication protocols PAP, CHAP, MS-CHAP,
    NTLM, TLS
  • Data protection
  • 128-bit Cryptographic services CAPIv2
  • Code signing (Smartphone only)
  • Anti-virus API
  • Network protection
  • OTA device management security
  • Secure Browsing HTTP (SSL), WAP (WTLS)
  • Virtual Private Networking (PPTP, L2TP IPSec)
  • Wireless network protection (WEP, 802.1x, WPA)

19
3rd Party Solution Providers
  • Signature authentication
  • Certicom Corporation
  • Communication Intelligence Corporation
  • TSI/Crypto-Sign
  • VASCO
  • Enhanced password protection
  • Hewlett-Packard
  • Pictograph authentication
  • Pointsec Mobile Technologies
  • Fingerprint authentication
  • Biocentric Solutions Inc.
  • HP iPAQ 5400
  • Card-based authentication
  • RSA Security
  • Schlumberger Sema
  • Certificate Authentication on a Storage Card
  • JGUI
  • Software Storage Encryption
  • F-Secure
  • Encrypt Application Data
  • Certicom Corporation
  • Glück Kanja Group
  • Ntru Cryptosystems, Inc.
  • Virtual Private Networking
  • Certicom Corporation
  • Check Point Software Technologies Ltd.
  • Columbitech
  • Entrust, Inc.
  • Epiphan Consulting Inc.
  • Disable Applications
  • Trust Digital LLC
  • Device Wipe
  • Asynchrony.com
  • Public Key Infrastructure (PKI)
  • Certicom Corporation
  • Diversinet Corp.
  • Dreamsecurity Co., Ltd.
  • Glück Kanja Group

20
(No Transcript)
21
References
  • Windows Mobile Security White paper
  • http//www.microsoft.com/windowsmobile/resources/w
    hitepapers/security.mspx
  • Security Product Solutions
  • http//www.microsoft.com/windowsmobile/information
    /businesssolutions/security/secsearch.aspx

22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
Headline Text
Write a Comment
User Comments (0)
About PowerShow.com