SlideShare ist ein Scribd-Unternehmen logo

Mobile Device Security

Salvatore D'Agostino
Salvatore D'Agostino

IDmachines CTST 2009 slides on device security

1 von 9
Downloaden Sie, um offline zu lesen
Mobile Device Security Protecting the Edge of the Network CTST 2009 Salvatore D’Agostino IDmachines LLC
It’s getting attention
What is a mobile device? • Cell phone – NFC – Bluetooth – 802.11.x – 3G, 4G • Laptop • Rugged Devices • Media Players • Automobile, Aircraft • Thumb Drives • Smart Card
Attack Vector(s) • Email – Attachments • MMS • SMS • Could be anything on thumb drive… • NIST SP-800-124
Device Identity, Another Take on Convergence • Devices matters as much as individuals • Need to be treated in a very similar manner – Enrollment – Registration – Issuance – Activation – Lifecycle Management
Can FIPS 201 address devices? • Device certificates widely used • Provides single method of authentication: – Doors – Desktops – Devices • Network gear • Desktops and Servers • Mobile devices • Programmable Logic Controllers – Smart Grid
Device Dilemma • Need to manage device security • Need to manage behavior of people that use it – Nearly half of people consider laptop their property • Often don’t have the expertise in the operating system (embedded) • Roaming issue • Now they can connect directly to the network – Not just the email server • Many vendors
Mobile Device Applications and Solutions Expanding Rapidly • Out of band authentication – One Time Passwords Delivered to the Phone • Many vendors entering space – Verisign iPhone app – Battle.net mobile authenticator – Valimo – Payline – CORISECIO – Air France NFC boarding passes – A hundred more…..
Simple Things to Do • Enable PINs and Passwords – Better if tied to x.509 digital certificate • Enable hard reset and data wipe for lost devices – PIN lockout with CAC • Lojack for phones – Ability to track lost devices • Encrypt data • http://csrc.nist.gov/publications/nistbul/Jan2009 _Cell-Phones-and-PDAs.pdf

Empfohlen

mobile application security
mobile application securitymobile application security
mobile application security-jyothish kumar sirigidi
 
Mobile Device Management & Data Protection
Mobile Device Management & Data ProtectionMobile Device Management & Data Protection
Mobile Device Management & Data ProtectionGeekTek IT Services
 
2018 hotel technology communication trends
2018 hotel technology communication trends2018 hotel technology communication trends
2018 hotel technology communication trendsNexus Net
 
CellSIM OS Overview 1.0
CellSIM OS Overview 1.0CellSIM OS Overview 1.0
CellSIM OS Overview 1.0Vladimir Nagin
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
SIM Card Overview
SIM Card OverviewSIM Card Overview
SIM Card OverviewCarlos Enrique Ortiz
 
TS31103 ISIM introduction
TS31103 ISIM introductionTS31103 ISIM introduction
TS31103 ISIM introductionKimmy Yang
 
Webinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDMWebinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDMBitglass
 

Empfohlen

mobile application security
mobile application securitymobile application security
mobile application security-jyothish kumar sirigidi
 
Mobile Device Management & Data Protection
Mobile Device Management & Data ProtectionMobile Device Management & Data Protection
Mobile Device Management & Data ProtectionGeekTek IT Services
 
2018 hotel technology communication trends
2018 hotel technology communication trends2018 hotel technology communication trends
2018 hotel technology communication trendsNexus Net
 
CellSIM OS Overview 1.0
CellSIM OS Overview 1.0CellSIM OS Overview 1.0
CellSIM OS Overview 1.0Vladimir Nagin
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
SIM Card Overview
SIM Card OverviewSIM Card Overview
SIM Card OverviewCarlos Enrique Ortiz
 
TS31103 ISIM introduction
TS31103 ISIM introductionTS31103 ISIM introduction
TS31103 ISIM introductionKimmy Yang
 
Webinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDMWebinar Express: Securing BYOD without MDM
Webinar Express: Securing BYOD without MDMBitglass
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element SolutionsUgo Chirico
 
SmartTrust WIB 1.3
SmartTrust WIB 1.3SmartTrust WIB 1.3
SmartTrust WIB 1.3Julien SIMON
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Bank security
Bank securityBank security
Bank securityPLN9 Security Services Pvt. Ltd.
 
Mobile computing
Mobile computingMobile computing
Mobile computingamellia27
 
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control PanelsmartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panelsmart-i Electronics Systems Pvt Ltd.
 
Making Mobile Manageable
Making Mobile Manageable Making Mobile Manageable
Making Mobile Manageable Spiceworks Ziff Davis
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNitesh Malviya
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
 
Internet of Things changing our lives
Internet of Things changing our livesInternet of Things changing our lives
Internet of Things changing our livesABHILASHGUPTAKONIJET
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10Nitesh Malviya
 
Sierraware virtual phone
Sierraware virtual phoneSierraware virtual phone
Sierraware virtual phoneSierraware
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)Andrea Colombetti
 
Smart Business using IoT
Smart Business using IoTSmart Business using IoT
Smart Business using IoTMithileysh Sathiyanarayanan
 
Smartphone security
Smartphone securitySmartphone security
Smartphone securityMike Brannon
 
SOVA security management
SOVA security managementSOVA security management
SOVA security managementSOVA Systems
 
Securing Wireless Cellular Systems
Securing Wireless Cellular SystemsSecuring Wireless Cellular Systems
Securing Wireless Cellular SystemsACMBangalore
 
World's Most Secure Privacy Phones
World's Most Secure Privacy PhonesWorld's Most Secure Privacy Phones
World's Most Secure Privacy PhonesJohn Adam
 
Cellnetrix brochure 2013
Cellnetrix brochure 2013Cellnetrix brochure 2013
Cellnetrix brochure 2013Vladimir Nagin
 
EQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance ForumEQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance Forumguest1279be
 
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and TestingNIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and TestingSalvatore D'Agostino
 

Weitere ähnliche Inhalte

Was ist angesagt?

Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element SolutionsUgo Chirico
 
SmartTrust WIB 1.3
SmartTrust WIB 1.3SmartTrust WIB 1.3
SmartTrust WIB 1.3Julien SIMON
 
Mobile computing
Mobile computingMobile computing
Mobile computingamellia27
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNitesh Malviya
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
 
Internet of Things changing our lives
Internet of Things changing our livesInternet of Things changing our lives
Internet of Things changing our livesABHILASHGUPTAKONIJET
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10Nitesh Malviya
 
Sierraware virtual phone
Sierraware virtual phoneSierraware virtual phone
Sierraware virtual phoneSierraware
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)Andrea Colombetti
 
Smartphone security
Smartphone securitySmartphone security
Smartphone securityMike Brannon
 
SOVA security management
SOVA security managementSOVA security management
SOVA security managementSOVA Systems
 
Securing Wireless Cellular Systems
Securing Wireless Cellular SystemsSecuring Wireless Cellular Systems
Securing Wireless Cellular SystemsACMBangalore
 
World's Most Secure Privacy Phones
World's Most Secure Privacy PhonesWorld's Most Secure Privacy Phones
World's Most Secure Privacy PhonesJohn Adam
 
Cellnetrix brochure 2013
Cellnetrix brochure 2013Cellnetrix brochure 2013
Cellnetrix brochure 2013Vladimir Nagin
 

Was ist angesagt? (20)

Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
 
SmartTrust WIB 1.3
SmartTrust WIB 1.3SmartTrust WIB 1.3
SmartTrust WIB 1.3
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Bank security
Bank securityBank security
Bank security
 
Mobile computing
Mobile computingMobile computing
Mobile computing
 
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control PanelsmartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
 
Making Mobile Manageable
Making Mobile Manageable Making Mobile Manageable
Making Mobile Manageable
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authentication
 
Internet of Things changing our lives
Internet of Things changing our livesInternet of Things changing our lives
Internet of Things changing our lives
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10
 
Sierraware virtual phone
Sierraware virtual phoneSierraware virtual phone
Sierraware virtual phone
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)
 
Smart Business using IoT
Smart Business using IoTSmart Business using IoT
Smart Business using IoT
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
 
SOVA security management
SOVA security managementSOVA security management
SOVA security management
 
Securing Wireless Cellular Systems
Securing Wireless Cellular SystemsSecuring Wireless Cellular Systems
Securing Wireless Cellular Systems
 
World's Most Secure Privacy Phones
World's Most Secure Privacy PhonesWorld's Most Secure Privacy Phones
World's Most Secure Privacy Phones
 
Cellnetrix brochure 2013
Cellnetrix brochure 2013Cellnetrix brochure 2013
Cellnetrix brochure 2013
 

Andere mochten auch

EQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance ForumEQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance Forumguest1279be
 
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and TestingNIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and TestingSalvatore D'Agostino
 
Representative Case Studies
Representative Case StudiesRepresentative Case Studies
Representative Case Studiescliff27
 
Exchange 2003ten Exchange 2010a GeçIş
Exchange 2003ten Exchange 2010a GeçIşExchange 2003ten Exchange 2010a GeçIş
Exchange 2003ten Exchange 2010a GeçIşofficeblogu
 
Industry best prototyping practices iab 24 april 2013
Industry best prototyping practices iab 24 april 2013Industry best prototyping practices iab 24 april 2013
Industry best prototyping practices iab 24 april 2013Salvatore D'Agostino
 
Utilising learning styles
Utilising learning stylesUtilising learning styles
Utilising learning stylesarteimi
 
Double transform contoor extraction
Double transform contoor extractionDouble transform contoor extraction
Double transform contoor extractionarteimi
 
Electronic publishing
Electronic publishingElectronic publishing
Electronic publishingarteimi
 
FICAM Impact On Enterprise Architecture And Applications
FICAM Impact On Enterprise Architecture And ApplicationsFICAM Impact On Enterprise Architecture And Applications
FICAM Impact On Enterprise Architecture And ApplicationsSalvatore D'Agostino
 
UTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIES
UTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIESUTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIES
UTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIESarteimi
 
De Ontdekkingen Van Schliemann
De Ontdekkingen Van SchliemannDe Ontdekkingen Van Schliemann
De Ontdekkingen Van Schliemannxave88
 
rule refinement in inductive knowledge based systems
rule refinement in inductive knowledge based systemsrule refinement in inductive knowledge based systems
rule refinement in inductive knowledge based systemsarteimi
 
الجودة في التعليم التقني
الجودة في التعليم التقنيالجودة في التعليم التقني
الجودة في التعليم التقنيarteimi
 
Ai in education2
Ai in education2Ai in education2
Ai in education2arteimi
 

Andere mochten auch (18)

EQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance ForumEQAR workshop at the 4th European Quality Assurance Forum
EQAR workshop at the 4th European Quality Assurance Forum
 
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and TestingNIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
NIST FIPS 201-2 Workshop SIA Perspectives on Standards and Testing
 
Representative Case Studies
Representative Case StudiesRepresentative Case Studies
Representative Case Studies
 
Identity Assertions Draftv5
Identity Assertions Draftv5Identity Assertions Draftv5
Identity Assertions Draftv5
 
Exchange 2003ten Exchange 2010a GeçIş
Exchange 2003ten Exchange 2010a GeçIşExchange 2003ten Exchange 2010a GeçIş
Exchange 2003ten Exchange 2010a GeçIş
 
Industry best prototyping practices iab 24 april 2013
Industry best prototyping practices iab 24 april 2013Industry best prototyping practices iab 24 april 2013
Industry best prototyping practices iab 24 april 2013
 
Utilising learning styles
Utilising learning stylesUtilising learning styles
Utilising learning styles
 
Double transform contoor extraction
Double transform contoor extractionDouble transform contoor extraction
Double transform contoor extraction
 
Electronic publishing
Electronic publishingElectronic publishing
Electronic publishing
 
FICAM Impact On Enterprise Architecture And Applications
FICAM Impact On Enterprise Architecture And ApplicationsFICAM Impact On Enterprise Architecture And Applications
FICAM Impact On Enterprise Architecture And Applications
 
Askep cidera kepala
Askep cidera kepalaAskep cidera kepala
Askep cidera kepala
 
Alphabet
AlphabetAlphabet
Alphabet
 
UTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIES
UTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIESUTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIES
UTILIZING COOPERATIVE LEARNING FOR IT GRADUATE STUDIES
 
De Ontdekkingen Van Schliemann
De Ontdekkingen Van SchliemannDe Ontdekkingen Van Schliemann
De Ontdekkingen Van Schliemann
 
Micro2440 Um 20090817
Micro2440 Um 20090817Micro2440 Um 20090817
Micro2440 Um 20090817
 
rule refinement in inductive knowledge based systems
rule refinement in inductive knowledge based systemsrule refinement in inductive knowledge based systems
rule refinement in inductive knowledge based systems
 
الجودة في التعليم التقني
الجودة في التعليم التقنيالجودة في التعليم التقني
الجودة في التعليم التقني
 
Ai in education2
Ai in education2Ai in education2
Ai in education2
 

Ähnlich wie Mobile Device Security

Internet of Things Architecture / Topology
Internet of Things Architecture / TopologyInternet of Things Architecture / Topology
Internet of Things Architecture / TopologyNEEVEE Technologies
 
Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013Shane Turner
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectivePragati Rai
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxgouriuplenchwar63
 
551_MH_overview_handout.ppt
551_MH_overview_handout.ppt551_MH_overview_handout.ppt
551_MH_overview_handout.pptNiloyMondal10
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns John Mathon
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapHai Nguyen
 
Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Aruba, a Hewlett Packard Enterprise company
 
Internet of Things Stack
Internet of Things StackInternet of Things Stack
Internet of Things StackPostscapes
 
Securing hand held computing devices
Securing hand held computing devicesSecuring hand held computing devices
Securing hand held computing devicesjraja01
 
Industrial internet of things by sujata tilak
Industrial internet of things by sujata tilakIndustrial internet of things by sujata tilak
Industrial internet of things by sujata tilakAkshay Tilak
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 

Ähnlich wie Mobile Device Security (20)

Internet of Things Architecture / Topology
Internet of Things Architecture / TopologyInternet of Things Architecture / Topology
Internet of Things Architecture / Topology
 
M2M_IoT_Presentation
M2M_IoT_PresentationM2M_IoT_Presentation
M2M_IoT_Presentation
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 
551_MH_overview_handout.ppt
551_MH_overview_handout.ppt551_MH_overview_handout.ppt
551_MH_overview_handout.ppt
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile Security
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 
Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...
 
Internet of Things Stack
Internet of Things StackInternet of Things Stack
Internet of Things Stack
 
Smart phone and mobile phone risks
Smart phone and mobile phone risksSmart phone and mobile phone risks
Smart phone and mobile phone risks
 
Securing hand held computing devices
Securing hand held computing devicesSecuring hand held computing devices
Securing hand held computing devices
 
Industrial internet of things by sujata tilak
Industrial internet of things by sujata tilakIndustrial internet of things by sujata tilak
Industrial internet of things by sujata tilak
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Mobile computing
Mobile computingMobile computing
Mobile computing
 

Mobile Device Security

  • 1. Mobile Device Security Protecting the Edge of the Network CTST 2009 Salvatore D’Agostino IDmachines LLC
  • 3. What is a mobile device? • Cell phone – NFC – Bluetooth – 802.11.x – 3G, 4G • Laptop • Rugged Devices • Media Players • Automobile, Aircraft • Thumb Drives • Smart Card
  • 4. Attack Vector(s) • Email – Attachments • MMS • SMS • Could be anything on thumb drive… • NIST SP-800-124
  • 5. Device Identity, Another Take on Convergence • Devices matters as much as individuals • Need to be treated in a very similar manner – Enrollment – Registration – Issuance – Activation – Lifecycle Management
  • 6. Can FIPS 201 address devices? • Device certificates widely used • Provides single method of authentication: – Doors – Desktops – Devices • Network gear • Desktops and Servers • Mobile devices • Programmable Logic Controllers – Smart Grid
  • 7. Device Dilemma • Need to manage device security • Need to manage behavior of people that use it – Nearly half of people consider laptop their property • Often don’t have the expertise in the operating system (embedded) • Roaming issue • Now they can connect directly to the network – Not just the email server • Many vendors
  • 8. Mobile Device Applications and Solutions Expanding Rapidly • Out of band authentication – One Time Passwords Delivered to the Phone • Many vendors entering space – Verisign iPhone app – Battle.net mobile authenticator – Valimo – Payline – CORISECIO – Air France NFC boarding passes – A hundred more…..
  • 9. Simple Things to Do • Enable PINs and Passwords – Better if tied to x.509 digital certificate • Enable hard reset and data wipe for lost devices – PIN lockout with CAC • Lojack for phones – Ability to track lost devices • Encrypt data • http://csrc.nist.gov/publications/nistbul/Jan2009 _Cell-Phones-and-PDAs.pdf