DOCSLIB.ORG

Mobile Device Best Practices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mobile Device Best Practices National Security Agency | Mobile Device Best Practices Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information. Airplane mode Bluetooth® Cellular service signal ocation Near-field communication (NFC) ecent applications soft key Wi-Fi PASSWORDS ! Avoid Disable Do Do Not Use strong lock-screen pins/passwords: a 6-digit BLUETOOTH®1 PIN is sufficient if the device wipes itself after Disable Bluetooth® when 10 incorrect password you are not using it. Airplane attempts. Set the device mode does not always to lock automatically ® disable Bluetooth . after 5 minutes. LOCATION 9:31 ! WI-FI Disable location services when ! TEXT MESSAGES not needed. DO NOT bring the DO NOT connect to public ! APPLICATIONS John Doe device with you to sensitive DO NOT have sensitive conversations Agree, but we should consider the Wi-Fi networks. Disable foreign policy implications...… locations. 31 on personal devices, even if you think Wi-Fi when unneeded. Delete Install a minimal number of the content is generic. unused Wi-Fi networks. applications and only ones Hey, ohn Check out the from official application foreign policy implications... POWER https://foreignp0licy.net/ stores. Be cautious of the whitepapers/tradistan- Power the device off and on weekly. ! CONTROL energy-forecast.pdf ! personal data entered ATTACHMENTS/LINKS into applications. Close Maintain physical control of DO NOT open unknown email the device. Avoid connecting to applications when not using. attachments and links. Even MODIFY unknown removable media. legitimate senders can pass on SOFTWARE UPDATES malicious content accidently DO NOT jailbreak or root the device. CASE or as a result of being INSTALL NEW APP? Consider using a protective Update the device software compromised or impersonated YES X NO case that drowns the and applications as soon as by a malicious actor. ! POP-UPS microphone to block room possible. audio (hot-miking attack). Unexpected pop-ups like this are usually malicious. If one appears, Cover the camera when not using. ! TRUSTED ACCESSORIES forcibly close all applications BIOMETRICS (i.e., iPhone®2: double tap the Only use original charging cords or Home button* or Android®3: CONVERSATIONS Consider using Biometrics charging accessories purchased click “recent apps” soft key). (e.g., fingerprint, face) from a trusted manufacturer. DO NOT DO NOT have sensitive authentication for use public USB charging stations. conversations in the convenience to protect data Never connect personal devices to vicinity of mobile devices of minimal sensitivity. government computers, whether via not configured to handle physical connection, Wi-Fi, secure voice. or Bluetooth®. *For iPhone X®2 or later, see: support.apple.com/en-us/HT201330 The information contained in this document was developed in the course of NSA’s Cybersecurity mission, including its responsibilities to assist Executive departments and agencies with operations security programs. 1Bluetooth® is a registered trademark of Bluetooth SIG, Inc. 2iPhone® and iPhone® applications are a registered trademark of Apple, Inc. U/OO/155488-20 | PP-20-0622| Oct 2020 rev 1.1 3Android® is a registered trademark of Google LLC. National Security Agency | Mobile Device Best Practices WHAT CAN I DO TO PREVENT/MITIGATE? Use Avoid Carrying Only Install Turn Off Do Not Turn Use Lock Maintain Update Encrypted Do Not Click Device/No Use Turn Off Apps from Cellular, Connect Device Mic-Drowning Device Physical Software Voice/ Links or Open Sensitive Trusted Location Official WiFi, to Public Off & On Case, Cover with Control of & Apps Text/Data Attachments Conversations Accessories Services Stores Bluetooth Networks Weekly Camera PIN Device Apps Around Device Spearphishing (To install Malware) Malicious Apps Zero-Click Exploits Malicious Wi-Fi Network/Close Access Network Attack Foreign Lawful Intercept/ Untrusted Cellular Network Room Audio/ Video Collection THREAT/VULNERABILITY Call/Text/Data Collection Over Network Geolocation of Device Close Access Physical Attacks Supply Chain Attacks Does not prevent Sometimes prevents Almost always prevents (no icon) Disclaimer of Endorsement NSA Cybersecurity The information and opinions contained in this document are provided “as is” and without any warranties or guarantees. Reference Client Requirements/General Cybersecurity Inquiries: Cybersecurity Requirements Center, 410.854.4200, [email protected]. herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not Media Inquires: Press Desk: 443.634.0721, [email protected]. constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes..
Load more

Recommended publications
  • Mobile Gaming Victor Bahl 8.13.2012 Internet & Devices Growth (Obligatory Slide)
    mobile gaming Victor Bahl 8.13.2012 internet & devices growth (obligatory slide) Apps are ~$10 Billion market, growing at ~100% per year Fun Fact: Getting to 1 M users: AOL: 9 years; Facebook: 9 months; “Draw Something”: 9 days Mobility & Networking, Microsoft Research bandwidth demand! 1 ~ 10 billion mobile devices in 2016 10B (1.4 devices / human) 6B 6 2007 2011 2007 2011 2016 2011-2016 ~ 18X growth in mobile data traffic2 (~ 10 exabytes / month) Source: (1) GSMA; (2) Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2011–2016 Mobility & Networking, Microsoft Research gaming today Source: Strategy Analytics - Apptrax4 Mobility & Networking, Microsoft Research …but you already knew that Some things I heard today: . how game analytics was used to increase dwell time . how in-the-wild user behavior may be modeled (& used) . The challenges in getting to MMOG games . wireless peer-to-peer games . power management by making use of saliency All great stuff, let me say a few words about some things I didn’t hear ….. Mobility & Networking, Microsoft Research services behind the games Fun fact: in 2011 ~$12 billion was spent on social/mobile games in 2015 revenue is projected to be ~24 billion (19% CGR) Apps that connect to backends receive higher rankings and more downloads because they are likely dynamic with more fresh content and are more social and contextual - Kinvey Inc., 2012 Xbox LIVE 30% growth year over year 40+ Million Users 2.1 billion hours played per month 35 Countries 176,802,201,383 Gamer Points scored
    [Show full text]
  • Inside Russia's Intelligence Agencies
    EUROPEAN COUNCIL ON FOREIGN BRIEF POLICY RELATIONS ecfr.eu PUTIN’S HYDRA: INSIDE RUSSIA’S INTELLIGENCE SERVICES Mark Galeotti For his birthday in 2014, Russian President Vladimir Putin was treated to an exhibition of faux Greek friezes showing SUMMARY him in the guise of Hercules. In one, he was slaying the • Russia’s intelligence agencies are engaged in an “hydra of sanctions”.1 active and aggressive campaign in support of the Kremlin’s wider geopolitical agenda. The image of the hydra – a voracious and vicious multi- headed beast, guided by a single mind, and which grows • As well as espionage, Moscow’s “special services” new heads as soon as one is lopped off – crops up frequently conduct active measures aimed at subverting in discussions of Russia’s intelligence and security services. and destabilising European governments, Murdered dissident Alexander Litvinenko and his co-author operations in support of Russian economic Yuri Felshtinsky wrote of the way “the old KGB, like some interests, and attacks on political enemies. multi-headed hydra, split into four new structures” after 1991.2 More recently, a British counterintelligence officer • Moscow has developed an array of overlapping described Russia’s Foreign Intelligence Service (SVR) as and competitive security and spy services. The a hydra because of the way that, for every plot foiled or aim is to encourage risk-taking and multiple operative expelled, more quickly appear. sources, but it also leads to turf wars and a tendency to play to Kremlin prejudices. The West finds itself in a new “hot peace” in which many consider Russia not just as an irritant or challenge, but • While much useful intelligence is collected, as an outright threat.
    [Show full text]
  • Android Operating System
    Software Engineering ISSN: 2229-4007 & ISSN: 2229-4015, Volume 3, Issue 1, 2012, pp.-10-13. Available online at http://www.bioinfo.in/contents.php?id=76 ANDROID OPERATING SYSTEM NIMODIA C. AND DESHMUKH H.R. Babasaheb Naik College of Engineering, Pusad, MS, India. *Corresponding Author: Email- [email protected], [email protected] Received: February 21, 2012; Accepted: March 15, 2012 Abstract- Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Android, an open source mobile device platform based on the Linux operating system. It has application Framework,enhanced graphics, integrated web browser, relational database, media support, LibWebCore web browser, wide variety of connectivity and much more applications. Android relies on Linux version 2.6 for core system services such as security, memory management, process management, network stack, and driver model. Architecture of Android consist of Applications. Linux kernel, libraries, application framework, Android Runtime. All applications are written using the Java programming language. Android mobile phone platform is going to be more secure than Apple’s iPhone or any other device in the long run. Keywords- 3G, Dalvik Virtual Machine, EGPRS, LiMo, Open Handset Alliance, SQLite, WCDMA/HSUPA Citation: Nimodia C. and Deshmukh H.R. (2012) Android Operating System. Software Engineering, ISSN: 2229-4007 & ISSN: 2229-4015, Volume 3, Issue 1, pp.-10-13. Copyright: Copyright©2012 Nimodia C. and Deshmukh H.R. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
    [Show full text]
  • A Survey Onmobile Operating System and Mobile Networks
    A SURVEY ONMOBILE OPERATING SYSTEM AND MOBILE NETWORKS Vignesh Kumar K1, Nagarajan R2 (1Departmen of Computer Science, PhD Research Scholar, Sri Ramakrishna College of Arts And Science, India) (2Department of Computer Science, Assistant Professor, Sri Ramakrishna College Of Arts And Science, India) ABSTRACT The use of smartphones is growing at an unprecedented rate and is projected to soon passlaptops as consumers’ mobile platform of choice. The proliferation of these devices hascreated new opportunities for mobile researchers; however, when faced with hundreds ofdevices across nearly a dozen development platforms, selecting the ideal platform is often met with unanswered questions. This paper considers desirable characteristics of mobileplatforms necessary for mobile networks research. Key words:smart phones,platforms, mobile networks,mobileplatforms. I.INTRODUCTION In a mobile network, position of MNs has been changing due todynamic nature. The dynamic movements of MNs are tracked regularlyby MM. To meet the QoS in mobile networks, the various issuesconsidered such as MM, handoff methods, call dropping, call blockingmethods, network throughput, routing overhead and PDR are discussed. In this paper I analyse the five most popular smartphone platforms: Android (Linux), BlackBerry, IPhone, Symbian, and Windows Mobile. Each has its own set of strengths and weaknesses; some platforms trade off security for openness, code portability for stability, and limit APIs for robustness. This analysis focuses on the APIs that platforms expose to applications; however in practice, smartphones are manufactured with different physical functionality. Therefore certain platform APIs may not be available on all smartphones. II.MOBILITY MANAGEMENT IP mobility management protocols proposed by Alnasouri et al (2007), Dell'Uomo and Scarrone (2002) and He and Cheng (2011) are compared in terms of handoff latency and packet loss during HM.
    [Show full text]
  • Guidelines on Mobile Device Forensics
    NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Sam Brothers Wayne Jansen http://dx.doi.org/10.6028/NIST.SP.800-101r1 NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Software and Systems Division Information Technology Laboratory Sam Brothers U.S. Customs and Border Protection Department of Homeland Security Springfield, VA Wayne Jansen Booz-Allen-Hamilton McLean, VA http://dx.doi.org/10.6028/NIST.SP. 800-101r1 May 2014 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3541 et seq., Public Law (P.L.) 107-347. NIST is responsible for developing information security standards and guidelines, including minimum requirements for Federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate Federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in Circular A- 130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in Circular A- 130, Appendix III, Security of Federal Automated Information Resources. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on Federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • Guidelines on Mobile Device Forensics
    NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Sam Brothers Wayne Jansen http://dx.doi.org/10.6028/NIST.SP.800-101r1 NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Software and Systems Division Information Technology Laboratory Sam Brothers U.S. Customs and Border Protection Department of Homeland Security Springfield, VA Wayne Jansen Booz Allen Hamilton McLean, VA http://dx.doi.org/10.6028/NIST.SP. 800-101r1 May 2014 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3541 et seq., Public Law (P.L.) 107-347. NIST is responsible for developing information security standards and guidelines, including minimum requirements for Federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate Federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in Circular A- 130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in Circular A- 130, Appendix III, Security of Federal Automated Information Resources. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on Federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • MOBILE OPERATING SYSTEM TRANSITION Insights and Considerations Mobile Operating System Transition – Insights and Considerations | 1
    MOBILE OPERATING SYSTEM TRANSITION Insights and Considerations Mobile Operating System Transition – Insights and Considerations | www.honeywellaidc.com 1 Introduction A shift in the mobile operating system landscape has occurred over the last several years. The transition from legacy Windows® is well underway. While there remain several distinct choices on the roadmap, the tradeoffs and compromises associated with each have become clearer. This paper will elaborate on these points and provide the reader with guidance on recommended solutions. Mobile Operating System Transition – Insights and Considerations | www.honeywellaidc.com 2 Table of contents 3 Mobile Operating System History 4 Legacy Operating Systems 5 Android Enterprise Evolution 6 How Honeywell Helps 8 Android Lifecycle Management 10 Conclusion and Recommendations Mobile Operating System Transition – Insights and Considerations | www.honeywellaidc.com 3 Mobile Operating System History For the open source Android operating system, Google OEMs and third parties began developing extensions that enabled device management capabilities, provided more control over user actions, and added support for Ten years ago, operating systems for mobile devices in the enterprise space were provided by Microsoft. Windows CE and Windows Mobile (later Windows Embedded Handheld) offered industrial Wi-Fi features and capabilities needed for enterprise deployment, while a robust ecosystem of networks and developer tools and third-party offerings allowed customers to create the solution needed barcode scanning to effectively operate and manage their businesses. Apple had only recently shown the first capabilities. iPhone®. Google acquired Android™ a few years earlier and had yet to see a phone come to market. Other options available at that time were largely focused around the white collar professional user and proved largely unsuitable for the unique needs of the purpose-built enterprise environment.
    [Show full text]
  • The Application of Personal Digital Assistants As Mobile Computing Device on Construction Site
    The Application of Personal Digital Assistants as Mobile Computing Device on Construction Site Kenji Kimoto, Kazuyoshi Endo, Satoru Iwashita and Mitsuhiro Fujiwara Konoike Construction Co., Ltd., Research Institute of Technology 1-20-1 Sakura, Tsukuba-Science City, IBARAKI 305-0003, Japan. {kimoto_kj, Iwashita_st, fujiwara_mh}@konoike.co.jp . Kogakuin University, Department of Architecture, 1-24-2 Nishishinjuku, Shinjyuku-ku, TOKYO 163-8677, Japan. [email protected] ABSTRACT: Construction managers need to access the real construction site to manage the construction project. They have recently handled various types of digital information such as drawings, specification, checklists and daily reports. They usually use sheets of paper and/or field notes. As a result, a gap in time and space between the outdoor construction site and the office, which leads to the low efficiency, occurs. This paper reports the application of PDA (Personal Digital Assistants) as mobile computing device for construction managers on construction sites. First, this paper describes the aim and the essential element of the mobile systems. This also shows the analysis of necessary functions as mobile computing device through the discussion with construction managers, and the concept of development of this computer-aided engineering system. Secondly, this paper describes the outline of below subsystems with PDA: Progress Monitoring System, Inspection System and Position Check System. Subsystems have two programs: the data input program in PDA and the output program in PC. Finally, this paper indicates the development of more refined process of construction management with the mobile computing device on construction site. • Progress Monitoring System has been built for construction managers to monitor the progress of works.
    [Show full text]
  • A Comparative Analysis of Mobile Operating Systems Rina
    International Journal of Computer Sciences and Engineering Open Access Research Paper Vol.-6, Issue-12, Dec 2018 E-ISSN: 2347-2693 A Comparative Analysis of mobile Operating Systems Rina Dept of IT, GGDSD College, Chandigarh ,India *Corresponding Author: [email protected] Available online at: www.ijcseonline.org Accepted: 09/Dec/2018, Published: 31/Dec/2018 Abstract: The paper is based on the review of several research studies carried out on different mobile operating systems. A mobile operating system (or mobile OS) is an operating system for phones, tablets, smart watches, or other mobile devices which acts as an interface between users and mobiles. The use of mobile devices in our life is ever increasing. Nowadays everyone is using mobile phones from a lay man to businessmen to fulfill their basic requirements of life. We cannot even imagine our life without mobile phones. Therefore, it becomes very difficult for the mobile industries to provide best features and easy to use interface to its customer. Due to rapid advancement of the technology, the mobile industry is also continuously growing. The paper attempts to give a comparative study of operating systems used in mobile phones on the basis of their features, user interface and many more factors. Keywords: Mobile Operating system, iOS, Android, Smartphone, Windows. I. INTRUDUCTION concludes research work with future use of mobile technology. Mobile operating system is the interface between user and mobile phones to communicate and it provides many more II. HISTORY features which is essential to run mobile devices. It manages all the resources to be used in an efficient way and provides The term smart phone was first described by the company a user friendly interface to the users.
    [Show full text]
  • Securing and Managing Wearables in the Enterprise
    White Paper: Securing and Managing Wearables in the Enterprise Streamline deployment and protect smartwatch data with Samsung Knox Configure White Paper: Securing and Managing Wearables in the Enterprise 2 Introduction: Smartwatches in the Enterprise As the wearable device market heats up, wrist-worn devices Industries as varied as healthcare, such as smartwatches are leading the pack. According to CCS Insight, forecasts for global sales of smart wearable devices finance, energy, transportation, will grow strongly over the next five years, with the global public safety, retail and hospitality market reaching nearly $30 billion by 2023.1 are deploying smartwatches for While smartwatches for fitness and activity tracking are popular, consumer demand is only part of the equation. added business value. Enterprises are also seeing business value in wearable devices. In a report by Robert Half Technology, 81 percent of CIOs surveyed expect wearable devices like smartwatches to Samsung has been working to address these concerns and become common tools in the workplace.2 has developed the tools to make its Galaxy and Galaxy Active smartwatches customizable, easily manageable and highly secure for enterprise users. This white paper will look at how these tools address key wearable security and manageability challenges, as well as considerations for smartwatch 81% deployments. of CIOs surveyed expect wearable devices like smartwatches to become common tools in the workplace. Industries as varied as healthcare, finance, energy, transportation, public safety, retail and hospitality are deploying smartwatches for added business value, such as hands-free communication for maintenance workers, task management, as well as physical monitoring of field workers in dangerous or remote locations.
    [Show full text]
  • Defense Primer: National and Defense Intelligence
    Updated December 30, 2020 Defense Primer: National and Defense Intelligence The Intelligence Community (IC) is charged with providing Intelligence Program (NIP) budget appropriations, which insight into actual or potential threats to the U.S. homeland, are a consolidation of appropriations for the ODNI; CIA; the American people, and national interests at home and general defense; and national cryptologic, reconnaissance, abroad. It does so through the production of timely and geospatial, and other specialized intelligence programs. The apolitical products and services. Intelligence products and NIP, therefore, provides funding for not only the ODNI, services result from the collection, processing, analysis, and CIA and IC elements of the Departments of Homeland evaluation of information for its significance to national Security, Energy, the Treasury, Justice and State, but also, security at the strategic, operational, and tactical levels. substantially, for the programs and activities of the Consumers of intelligence include the President, National intelligence agencies within the DOD, to include the NSA, Security Council (NSC), designated personnel in executive NGA, DIA, and NRO. branch departments and agencies, the military, Congress, and the law enforcement community. Defense intelligence comprises the intelligence organizations and capabilities of the Joint Staff, the DIA, The IC comprises 17 elements, two of which are combatant command joint intelligence centers, and the independent, and 15 of which are component organizations military services that address strategic, operational or of six separate departments of the federal government. tactical requirements supporting military strategy, planning, Many IC elements and most intelligence funding reside and operations. Defense intelligence provides products and within the Department of Defense (DOD).
    [Show full text]
  • State of Mobile Linux Juha-Matti Liukkonen, Jan 5, 2011
    State of Mobile Linux Juha-Matti Liukkonen, Jan 5, 2011 1 Contents • Why is this interesting in a Qt course? • Mobile devices vs. desktop/server systems • Android, Maemo, and MeeGo today • Designing software for mobile environments 2 Why is this interesting in a Qt course? 3 Rationale • Advances in technology make computers mobile • Low-power processors, displays, wireless network chipsets, … iSuppli, Dec 2008 • Laptops outsell desktop computers • High-end smartphones = mobile computers Nokia terminology • Need to know how to make software function well in a mobile device • Qt is big part of Symbian & Maemo/MeeGo API 4 Developing software for mobiles In desktop/server computing: • Android smartphones Java :== server C/C++ :== desktop • Eclipse, Java Qt was initially developed for desktop applications. • Symbian smartphones Mobile devices today are more powerful than the • NetBeans / Eclipse, Java ME desktops 10 years ago. • Qt Creator, C/C++ Of particular interest in this course. • Maemo / MeeGo smartphones • Qt Creator, C/C++ 5 The elephant in the room • In 2007, Apple change the mobile world with the iPhone • Touch user interface, excellent developer tools, seamless services integration, … • Modern operating system, shared with iPod and Mac product lines • Caught “industry regulars” with their pants down • Nokia, Google, Samsung, et al – what choice do they have? Linux! We don’t talk about the iPhone here. 6 iPad “killed the netbook” • In 2010, Apple introduced another mobile game changer • iPad = basically, a scaled-up iPhone with a
    [Show full text]