DOCSLIB.ORG

Defending Mobile Devices for High Level Officials and Decision-Makers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Defending Mobile Devices for High Level Officials and Decision-Makers Authors Teemu Väisänen, Alexandria Farar, Nikolaos Pissanidis, Christian Braccini, Bernhards Blumbergs, and Enrique Diez Defending mobile devices for high level officials and decision-makers Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non‐ profit and non‐commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1. Abstract High‐level officials and decision‐makers handle and store sensitive data with their own or with their organisations’ mobile devices. The sensitive data may be owned by the person him/herself or by the organisation. These users do not always follow security policies, creating a risk of leaking this sensitive data. It is often impossible to assess all the places where data is accessed and/or stored. The purpose of this study is to find mitigation mechanisms for a number of risks resulting from the usage of such systems without obeying security policies. The study was done by analysing usage scenarios; their actors and the assets to be secured; related mobile threats; suitable mitigation mechanisms; and threats lacking good enough mitigation mechanisms. The key results of this study are a set of threat descriptions and existing mitigation mechanisms, along with proposed new mechanisms for mitigation. Results can be implemented by adding the described security controls and mitigation mechanisms to systems to improve their security. Keywords: security awareness, security policies, mobile devices, COPE, BYOD, MDM, EMM, risk analysis 1 3. Table of Contents 1. Abstract .......................................................................................................................................................... 1 2. List of Abbreviations ....................................................................................................................................... 2 3. Table of Contents ........................................................................................................................................... 4 4. Table of Figures .............................................................................................................................................. 7 5. Table of Tables ............................................................................................................................................... 8 6. Executive Summary and Recommendations .................................................................................................. 9 7. Introduction.................................................................................................................................................. 10 8. Research process (methods) ........................................................................................................................ 13 9. Usage scenarios, actors and assets to be protected .................................................................................... 14 10. Threats ......................................................................................................................................................... 15 10.1. T1: Disclosure of information .............................................................................................................. 17 10.2. T2: Unauthorised device usage ........................................................................................................... 17 10.3. T3: Unauthorised physical access into a device’s memory and storage .............................................. 19 10.4. T4: Get physical access to the device .................................................................................................. 20 10.5. T5: An unauthorised remote access to a device .................................................................................. 21 10.6. T6: Social engineering attacks ............................................................................................................. 23 10.7. T7: Network spoofing attacks .............................................................................................................. 24 10.8. T8: Lack of security patches, updates and secure distribution ............................................................ 25 10.9. T9: Jailbreaking and rooting of devices ............................................................................................... 26 10.10. T10: Personal, political and organisational reputation ........................................................................ 26 10.11. T11: Denial‐of‐Service (DoS) attacks ................................................................................................... 26 11. Risk analysis .................................................................................................................................................. 28 12. Literature Review ......................................................................................................................................... 30 12.1. Existing guidelines, checklists and lists of security controls ................................................................ 30 12.1.1. National Institute of Standards and Technology (NIST) ................................................ 30 12.1.2. SANS Institute ................................................................................................................ 30 12.1.3. European Network and Information Security Agency (ENISA) ...................................... 31 12.1.4. Finnish Communications Regulatory Authority ............................................................ 31 12.1.5. Communications‐Electronics Security Group (CESG) .................................................... 32 12.1.6. Centre for the Protection of National Infrastructure (CPNI) ......................................... 32 12.1.7. Open Web Application Security Project (OWASP) ........................................................ 33 4 12.1.8. Other guidelines and recommendations ....................................................................... 33 12.1.9. Summary of review of existing recommendations ....................................................... 34 12.2. Existing countermeasures and security controls ................................................................................. 35 12.2.1. Secure storage and data encryption ............................................................................. 35 12.2.2. Securing communication ............................................................................................... 36 12.2.3. Mobile Device Management (MDM), Enterprise Mobility Management (EMM) and Mobile Application Management (MAM) solutions...................................................................... 39 12.2.4. Securing mobile data and data loss prevention (DLP) solutions ................................... 42 12.2.5. Secure smartphones and their security controls .......................................................... 44 12.2.6. Multiple user accounts .................................................................................................. 57 12.2.7. Multi‐factor authentication products ........................................................................... 57 12.2.8. Tracking of devices ........................................................................................................ 60 12.2.9. Intrusion Detection and Prevention Systems (IDS/IPS) ................................................. 60 12.2.10. Security Information & Event Management (SIEM) .................................................. 67 12.2.11. Vulnerability Assessment Scanner (VAS) ................................................................... 70 12.2.12. Mobile Internet Security Suites ................................................................................. 73 12.2.13. Mobile firewalls ......................................................................................................... 73 12.2.14. Proxifiers .................................................................................................................... 74 12.2.15. Virtualisation ............................................................................................................. 74 12.2.16. Summary of the review of existing products ............................................................ 75 12.3. Countermeasures presented by researchers ...................................................................................... 75 12.3.1. Malware and rootkit detection ..................................................................................... 76 12.3.2. Enforcing security policies ............................................................................................. 76 12.3.3. Multi‐factor authentication ........................................................................................... 77 12.3.4. Context‐based and implicit authentication ..................................................................
Load more

Recommended publications
  • Protecting Location Privacy Fromuntrusted Wireless Service
    Protecting Location Privacy from Untrusted Wireless Service Providers Keen Sung Brian Levine Mariya Zheleva University of Massachusetts Amherst University of Massachusetts Amherst University at Albany, SUNY [email protected] [email protected] [email protected] ABSTRACT 1 INTRODUCTION Access to mobile wireless networks has become critical for day- When mobile users connect to the Internet, they authenticate to a to-day life. However, it also inherently requires that a user’s geo- cell tower, allowing service providers such as Verizon and AT&T graphic location is continuously tracked by the service provider. to store a log of the time, radio tower, and user identity [69]. As It is challenging to maintain location privacy, especially from the providers have advanced towards the current fifth generation of provider itself. To do so, a user can switch through a series of iden- cellular networks, the density of towers has grown, allowing these tifiers, and even go offline between each one, though it sacrifices logs to capture users’ location with increasing precision. Many users utility. This strategy can make it difficult for an adversary to per- are persistently connected, apprising providers of their location all form location profiling and trajectory linking attacks that match day. Connecting to a large private Wi-Fi network provides similar observed behavior to a known user. information to its administrators. And some ISPs offer cable, cellular, In this paper, we model and quantify the trade-off between utility and Wi-Fi hotspots as a unified package. and location privacy. We quantify the privacy available to a com- While fixed user identifiers are useful in supporting backend munity of users that are provided wireless service by an untrusted services such as postpaid billing, wireless providers’ misuse of provider.
    [Show full text]
  • Advanced Persistent Threats
    THREAT RESEARCH Defending Against Advanced Persistent Threats Introduction As the name “Advanced” suggests, APT (advanced persistent threat) is one of the most sophisticated and organized forms of network attacks that keep cybersecurity professionals up at night. Unlike many hit & run traditional cyberattacks, an APT is carried out over a prolonged period of time by skilled threat actors who strategize multi-staged campaigns against their targets, employing clandestine tools & techniques such as Remote Administration Tools (RAT), Toolkits, Backdoor Trojans, Social Engineering, DNS Tunneling etc. These experienced cybercriminals are mostly backed & well-funded by nation states and corporation-backed organizations to specifi cally target high value organizations with the following objectives in mind: a Theft of Intellectual Property & classifi ed data i.e. Cyber Espionage a Access to critical & sensitive communications a Access to credentials of critical systems a Sabotage or exfi ltration of databases a Theft of Personal Identifi able Information (PII) a Access to critical infrastructure to perform internal reconnaissance To achieve the above goals, APT Groups use novel techniques to obfuscate their actions and easily bypass traditional security barriers that are not advancing at the same rate as the sophisticated attack patterns of cybercriminals. To understand the evolved behavioral pattern of APT Groups in the year 2020, a review of their latest activities revealed interesting developments and a few groundbreaking events¹: a Southeast Asia
    [Show full text]
  • RSA-512 Certificates Abused in the Wild
    RSA-512 Certificates abused in the wild During recent weeks we have observed several interesting publications which have a direct relation to an investigation we worked on recently. On one hand there was a Certificate Authority being revoked by Mozilla, Microsoft and Google (Chrome), on the other hand there was the disclosure of a malware attack by Mikko Hypponen (FSecure) using a government issued certificate signed by the same Certificate Authority. That case however is not self-contained and a whole range of malicious software had been signed with valid certificates. The malicious software involved was used in targeted attacks focused on governments, political organizations and the defense industry. The big question is of course, what happened, and how did the attackers obtain access to these certificates? We will explain here in detail how the attackers have used known techniques to bypass the Microsoft Windows code signing security model. Recently Mikko Hypponen wrote a blog on the F-Secure weblog (http://www.f-secure.com/weblog/archives/00002269.html) detailing the discovery of a certificate used to sign in the wild malware. Specifically this malware was embedded in a PDF exploit and shipped in August 2011. Initially Mikko also believed the certificate was stolen, as that is very common in these days, with a large amount of malware families having support, or optional support, for stealing certificates from the infected system. Apparently someone Mikko spoke to mentioned something along the lines that it had been stolen a long time ago. During the GovCert.nl symposium Mikko mentioned the certificate again, but now he mentioned that according to the people involved with investigating the case in Malaysia it likely wasn't stolen.
    [Show full text]
  • What Every CEO Needs to Know About Cybersecurity
    What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges.
    [Show full text]
  • IDC Marketscape IDC Marketscape: Worldwide Mobile Threat Management Software 2018–2019 Vendor Assessment
    IDC MarketScape IDC MarketScape: Worldwide Mobile Threat Management Software 2018–2019 Vendor Assessment Phil Hochmuth IDC MARKETSCAPE FIGURE FIGURE 1 IDC MarketScape Worldwide Mobile Threat Management Software Vendor Assessment Source: IDC, 2018 Please see the Appendix for detailed methodology, market definition, and scoring criteria. December 2018, IDC #US44521018 IDC OPINION As mobile security and governance frameworks mature, mobile threat management (MTM) software tools are filling a major security gap many enterprises are discovering across one of their most pervasive technology deployments: smartphones and tablets used by employees. Many organizations see enterprise mobility management (EMM; technology which manages, configures, and monitors mobiles) as the beginning and end of their mobile endpoint security strategy. While many EMM platforms support security functions (compliance checking, VPN connectivity, data security/encryption, and device certificate management, etc.), most EMMs do not actively scan for mobile-related threats on devices. This is where MTM technology comes in, with its ability to address actively misbehaving or malicious apps, as well as OS and network-based attacks on devices. Driving many MTM early adoptions, and among more mature deployments, is the desire to deploy another layer of security to mobile end-user computing in addition to EMM. Among the more than two- dozen MTM customer interviews conducted for this document, 100% of these enterprises deployed their respective MTM products with an EMM platform; nearly all said that meeting existing or potential future compliance requirements was among the top 3 drivers behind their adoption of the technology. These requirements are driving much of the direction of the market from an MTM feature set and overall go-to-market strategy for MTM vendors.
    [Show full text]
  • SGP Technologies Et INNOV8 Annoncent Le Lancement En Avant-Première Mondiale Du Smartphone BLACKPHONE Dans Les Boutiques LICK
    PRESS RELEASE SGP Technologies et INNOV8 annoncent le lancement en avant-première mondiale du smartphone BLACKPHONE dans les boutiques LICK Paris (France) / Geneva (Suisse), 5 Juin 2014. Blackphone, le premier smartphone qui permet la sécurité de la vie privée des utilisateurs, sera lancé en avant-première cet été en France chez LICK, 1er réseau de boutiques 2.0 dédié aux objets connectés. SGP Technologies (Joint-Venture entre Silent Circle et Geeksphone) créateur du BLACKPHONE a choisi le groupe INNOV8, pour dévoiler le premier smartphone qui respecte la vie privée, à l’occasion de l’ouverture de LICK (Groupe INNOV8), le premier réseau de boutiques 2.0 dédié aux objets connectés, le 5 juin au Concept Store des 4 Temps à la Défense. Dès cet été, LICK sera le premier réseau de magasins autorisé à distribuer cette innovation technologique. La distribution sera ensuite ouverte à d’autres canaux en France via Extenso Telecom (Leader de la distribution de smartphones, accessoires et objets connectés en France) afin de proposer au plus grand nombre cette innovation technologique en phase avec les attentes des clients soucieux du respect de leur vie privée et de leur sécurité. "La France est connue pour être très ouverte à l’innovation. Nous sommes heureux de travailler avec le groupe INNOV8 pour lancer le Blackphone sur ce marché important en Europe et d'offrir aux utilisateurs de smartphones une solution inégalée pour la protection de leur vie privée et de leur sécurité», a déclaré Tony Bryant, VP Sales de SGP Technologies. « Nous sommes convaincus que la technologie devient un véritable style de vie.
    [Show full text]
  • Security News Digest July 25, 2017
    Security News Digest July 25, 2017 Canada will remain where it is for a long time to come, but the Canada’s Security Scene Quiz will move to the Information Security Awareness previous quizzes page at the end of July. Watch this space for the August feature! August 1st is acknowledged across the globe as World Wide Web Day! World Wide Web Day, marks the birth of the Web in August 1990 at the Europe Laboratory for Particle Physics (CERN) in Switzerland. Tim Berners-Lee and Robert Cailliau developed a prototype Web browser and introduced Hypertext Markup Language, HTML. The first ever website was published on August 6, 1991 and served up a page explaining the World Wide Web project and giving information on how users could setup a web server and how to create their own websites and web pages, as well as how they could search the web for information. The URL for the first ever web page put up on the first ever website was http://info.cern.ch/hypertext/WWW/TheProject.html The World Wide Web ('WWW' or simply the 'Web') is a global information medium which users can read and write via computers connected to the Internet. The term [web] is often mistakenly used as a synonym for the Internet itself, but the Web is a service that operates over the Internet, just as e-mail also does. The history of the Internet dates back significantly further than that of the World Wide Web. On July 21st, the Google “Doodle” honoured Canadian Marshall McLuhan! [“the Medium is the Message”] Who is Marshall McLuhan? Meet the Canadian Media Theorist Who Predicted the Internet http://nationalpost.com/news/canada/who-is-marshall-mcluhan-how-a-canadian-media-theorist-predicted-the- internet/wcm/194cb7e2-e778-4780-9aba-6eb94831fcc5 Canadian professor Marshall McLuhan rose to prominence as a media theorist while teaching at the University of Toronto in the 1960s.
    [Show full text]
  • JMP Securities Elite 80 Report (Formerly Super 70)
    Cybersecurity, Data Management & ,7 Infrastructure FEBRUARY 201 ELITE 80 THE HOTTEST PRIVATELY HELD &<%(5SECURITY, '$7$0$1$*(0(17 AND ,7,1)5$6758&785( COMPANIES &RS\ULJKWWLWLSRQJSZO6KXWWHUVWRFNFRP Erik Suppiger Patrick Walravens Michael Berg [email protected] [email protected] [email protected] (415) 835-3918 (415) 835-8943 (415)-835-3914 FOR DISCLOSURE AND FOOTNOTE INFORMATION, REFER TO JMP FACTS AND DISCLOSURES SECTION. Cybersecurity, Data Management & IT Infrastructure TABLE OF CONTENTS Executive Summary ............................................................................................................................ 4 Top Trends and Technological Changes ............................................................................................ 5 Funding Trends ................................................................................................................................ 11 Index by Venture Capital Firm .......................................................................................................... 17 Actifio ................................................................................................................................................ 22 Alert Logic ......................................................................................................................................... 23 AlgoSec ............................................................................................................................................ 24 AnchorFree ......................................................................................................................................
    [Show full text]
  • Citrix Netscaler - NITRO REST - Getting Started Guide
    Citrix NetScaler - NITRO REST - Getting Started Guide Citrix® NetScaler® 10.5 Copyright and Trademark Notice Copyright © 2014 Citrix Systems, Inc. All rights reserved. NO PART OF THIS DOCUMENT MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS OR USED TO MAKE DERIVATIVE WORK (SUCH AS TRANSLATION, TRANSFORMATION, OR ADAPTATION) WITHOUT THE EXPRESS WRITTEN PERMISSION OF CITRIX SYSTEMS, INC. ALTHOUGH THE MATERIAL PRESENTED IN THIS DOCUMENT IS BELIEVED TO BE ACCURATE, IT IS PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE ALL RESPONSIBILITY FOR THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS MANUAL. CITRIX SYSTEMS, INC. OR ITS SUPPLIERS DO NOT ASSUME ANY LIABILITY THAT MAY OCCUR DUE TO THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS DOCUMENT. In no event shall Citrix, its agents, officers, employees, licensees or affiliates be liable for any damages whatsoever (including, without limitation, damages for loss of profits, business information, loss of information) arising out of the information or statements contained in the publication, even if Citrix has been advised of the possibility of such loss or damages. INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. COMPANIES, NAMES, AND DATA USED IN EXAMPLES ARE FICTITIOUS UNLESS OTHERWISE NOTED. This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
    [Show full text]
  • Photos Copied" Box
    Our photos have never been as scattered as they are now... Do you know where your photos are? Digital Photo Roundup Checklist www.theswedishorganizer.com Online Storage Edition Let's Play Digital Photo Roundup! Congrats on making the decision to start organizing your digital photos! I know the task can seem daunting, so hopefully this handy checklist will help get your moving in the right direction. LET'S ORGANIZE! To start organizing your digital photos, you must first gather them all into one place, so that you'll be able to sort and edit your collection. Use this checklist to document your family's online storage accounts (i.e. where you have photos saved online), and whether they are copied onto your Master hub (the place where you are saving EVERYTHING). It'll make the gathering process a whole lot easier if you keep a record of what you have already copied and what is still to be done. HERE'S HOW The services in this checklist are categorized, so that you only need to print out what applies to you. If you have an account with the service listed, simply check the "Have Account" box. When you have copied all the photos, check the "Photos Copied" box. Enter your login credentials under the line between the boxes for easy retrieval. If you don't see your favorite service on the list, just add it to one of the blank lines provided after each category. Once you are done, you should find yourself with all your digital images in ONE place, and when you do, check back on the blog for tools to help you with the next step in the organizing process.
    [Show full text]
  • Gauteng Property Portfolio
    GAUTENG PROPERTY PORTFOLIO BELONG. MORNINGSIDE One-of-a-kind, secure and spacious triple-storey, corner penthouse apartment, with uninterrupted 270-degree views. Refrigerated walk-in wine room, 4 palatial bedrooms with the wooden floor theme continued, with marble covered en suite bathrooms and a state-of-the-art home cinema with top-of-the-range AV equipment. Numerous balconies, all with views, with a heated pool and steam-room on the roof. R39.5 MILLION MORNINGSIDE, Gauteng Ref# HP1139604 WAYNE VENTER 073 254 1453 Best Real Estate Agency 2015 South Africa and Africa Best Real Estate Agency Website 2015 South Africa and Africa / pamgolding.co.za pamgolding.co.za EXERCISE YOUR FREEDOM 40KM HORSE RIDING TRAILS Our ultra-progressive Equestrian Centre, together with over 40 kilometres of bridle paths, is a dream world. Whether mastering an intricate dressage movement, fine-tuning your jump approach, or enjoying an exhilarating outride canter, it is all about moments in the saddle. The accomplished South African show jumper, Johan Lotter, will be heading up this specialised unit. A standout health feature of our Equestrian Centre is an automated horse exerciser. Other premium facilities include a lunging ring, jumping shed, warm-up arena and a main arena for show jumping and dressage events. The total infrastructure includes 36 stables, feed and wash areas, tack- rooms, office, medical rooms and groom accommodation. Kids & Teens Wonderland · Sport & Recreation · Legendary Golf · Equestrian · Restaurants & Retail · Leisure · Innovative Infrastructure
    [Show full text]
  • Directions to 36 Klip Street Observatory
    Directions to 36 Klip Street Observatory JHB 26°10'29.58"S – 28° 5'12.43"E Contact number: 011 – 648 6001 From Pretoria / Durban / JHB. Int. Airport From Sandton / Bloemfontein / Soweto From Johannesburg CBD PTA : R21 south (towards JHB Int. Airport) SAN : M1 south (towards JHB CBD) M9 Rissik north Off-ramp Riviera or N1 south (towards JHB) Top off-ramp left (M16 Riviera) N3 south (towards Durban) Traffic light (T-junction) right (M31 West) R24 west (towards JHB) Traffic light left (M16 1 st Avenue) DBN : N3 north (towards JHB) BFT/Soweto : N1 north (towards JHB) R24 west (towards JHB) M1 north (towards JHB) Off-ramp 1 st Avenue JHB International Airport : Traffic light straight (M16 1 st Avenue) R24 west (towards JHB) Follow the whole of 1 st Avenue Pass Metropolitan Centre 2nd traffic light right (Queen/Friedland) (Loveday – Hoofd – Joubert) At the end there is a funny turn to the right Traffic light right (M71 Empire) Traffic light right (M11 Louis Botha) 2nd traffic light left (M11 Louis Botha) After ± 2 km at circle left (Louise) Traffic light left (Acorn) 8th traffic light right (Acorn) T-junction left (St. Peter) T-junction left (St. Peter) Immediately right (Bezuidenhout) Immediately right (Bezuidenhout) Immediately left (Eckstein) Immediately left (Eckstein) At Sacred Heart College right (Innes) At Sacred Heart College right (Innes) 2nd road left (St. Georges) 2nd road left (St. Georges) Enter Observatory Estate enclosure Enter Observatory Estate enclosure Enter Observatory Estate enclosure At circle take 3 rd exit (Bessie) 3rd
    [Show full text]