Mobile Device Security For Dummies®
Visit www.dummies.com/cheatsheet/mobiledevicesecurity to view this book's cheat sheet.
Table of Contents
Introduction
About This Book
Foolish Assumptions
Conventions Used in This Book
How This Book Is Organized
Part I: Living Securely in the Smart World
Part II: Implementing Enterprise Mobile Security
Part III: Securing Smart Device Access
Part IV: Securing Each Smart Device
Part V: The Part of Tens
Icons Used in This Book
Where to Go from Here
Part I: Living Securely in the Smart World
Chapter 1: What’s So Smart About a Phone, Anyway?
Exploring Different Mobile Devices
Smartphones and tablets
Laptops and netbooks
Other computing devices
Examining Operating Systems for Mobile Devices
Apple iOS
Google Android
RIM BlackBerry OS
RIM BlackBerry Tablet OS
Microsoft Windows Mobile and Windows Phone
Nokia Symbian
HP Palm webOS
MeeGo
Samsung bada
Discovering Data Connections
Applications Galore: Exploring Mobile Device Applications
E-mail and messaging
Web-based applications
Client/server applications
Standalone applications
Allowing Smartphones onto Your Network
Educating yourself on the risks
Scoping your deployment
Creating a mobile device security policy
Determining device configuration policies
Figuring out how you’ll connect devices to your network(s)
Devising an endpoint security strategy
Planning a strategy to deal with loss and theft
Seeking vendor info and requests for proposals
Implementing a pilot
Assessing and reevaluating at regular intervals
Introduction: AcmeGizmo Enterprise Smartphone Deployment Case Study
Exploring legacy smartphone deployment
Enter the smartphone explosion
Chapter 2 : Why Do I Care? The Mobile Device Threat
Recognizing the Scope of the Threat
Loss, theft, and replacement
Really off-site data storage
Free (but not necessarily nice) apps
Network access outside of your control
Understanding the Risks
Opening the door to hackers
Compromising your business communications
Endangering corporate data
Infesting enterprise systems by using location-based services
Assessing the Arsenal
To manage or not to manage
Where the need for compliance comes in
Mobile security apps start to emerge
Planning to Sustainably Keep the Threat at Bay
Establish enforceable policies
Evaluate tools without biases
Secure the location
Mobile security 101 classes
Turning mobile devices into allies
Chapter 3 : Planning for Mobile Devices in the Enterprise
Managing the New Wave of Mobile Devices
Support the cutting-edge devices
More than just e-mail
Who moved my application?
Updating your mobility policies
Adapting to the New Challenges of Mobile Devices
Protecting mobile devices from malware
Managing device policies remotely
Enforcing granular access control
Part II: Implementing Enterprise Mobile Security
Chapter 4: Creating Mobile Device Security Policies
Recognizing the Importance of Enforceable Security Policies
Understanding Device Policies
Policies for physical device protection
Policies for device backup and restore
Using Provisioning Policies to Manage Devices
Upgrade, downgrade, and software installation policies
Profile settings policies
Decommissioning policies
Creating Effective Monitoring Policies
Protecting Devices with Application Policies
Case Study: AcmeGizmo Mobile Device Security Policy
Chapter 5: Managing and Controlling Devices
Managing Your Mobile Devices
Managing devices over the air
Configuring security policies
Open Mobile Alliance Device Management
Exchange ActiveSync
Controlling Applications
Pros and cons of consumer app stores
Provisioning applications to mobile devices
Blacklisting and removing applications
Case Study: AcmeGizmo Application Control Deployment
Your password, please
Network settings
Other settings
Application provisioning
Chapter 6: Conforming to Corporate Compliance Policies
Which Devices Are Personal, and Which Are Corporate-Owned
Setting Passcodes on Mobile Devices
Encrypting the Contents of the Device
Requiring VPN on the Device
Protecting the Device from Viruses
Protecting the Device from Loss and Theft
Managing Devices at Scale
Backing Up the Contents of the Device
Monitoring and Controlling Contents of the Device
Case Study: AcmeGizmo Compliance Requirements
Operating system compliance
Password compliance
Encryption compliance
VPN and endpoint security compliance
Loss and theft protection
Part III: Securing Smart Device Access
Chapter 7: Securing Data in Transit with VPNs
Comparing IPSec VPNs and SSL VPNs
Validating User Identity for VPN Access
Authenticating VPN users
Determining a user’s role
Discriminating by Device Profile
Profiling devices and applying policies
Providing access based on device profile
Implementing custom policies
Providing Application Access
Enabling access to e-mail
Providing Web application access
Accessing full client/server applications
Providing Users an Appropriate Level of Access
Securely accessing e-mail, calendar, and contacts
Accessing web-based applications
Allowing users to leverage client/server applications
Case Study: AcmeGizmo SSL VPN Rollout for Smartphones
Employee authentication
Accessing the network with SSL VPN
Chapter 8: Connecting to Wi-Fi Networks
What’s Wi-Fi, and Why Bother?
Which Wi-Fi Networks Should Users Connect To?
Open or insecure networks
Encrypted Wi-Fi networks
VPN on a Wi-Fi network
Wi-Fi Connections from Mobile Devices
Apple iPhones, iPads, and iPods
Connecting to Wi-Fi with Android devices
BlackBerry devices
Implementing Wi-Fi Policies
Part IV: Securing Each Smart Device
Chapter 9: Device Security Component Overview
Knowing Smartphone Security Compon
ents
Understanding On-Device Anti-X Protection
Antispyware
Antivirus
Antiphishing
Antispam
Using Backup and Restore Capabilities
Adding Loss and Theft Protection
Encryption and authentication techniques
Immobilizing techniques
Recovery techniques
Controlling and Monitoring Applications
Methods to control and monitor applications
Identifying harmful applications
Enterprise Management of Mobile Devices
Device deployment
Device discovery
Device provisioning
Device monitoring
Compliance enforcement
Chapter 10 : Hacker Protection and Enforceable Encryption
Getting to Know the On-Device Security Components
Keeping Devices Safe with On-device Firewalls
Small footprint
Efficient battery usage
Dynamic adaptation to changing usage
Protecting Against Viruses
Firewalls and virus-based attacks
Virtual device antivirus solutions
Reducing Spam
Service provider assistance
Choosing an antispam solution
Global operator initiative to combat spam
Preventing Intrusion
Using Enforceable Encryption
Encrypting all outbound and inbound communication
Encrypting only enterprise traffic
Using carrier-provided voice encryption
Case Study: AcmeGizmo Endpoint Security Deployment
Endpoint security
Device encryption
Flash forward
Chapter 11: Protecting Against Loss and Theft
Taking Precautions before Loss or Theft
Educating Users about Securing Data on a Lost Phone
Protecting personal Apple iOS devices
Protecting personal Symbian devices
Protecting personal Android devices
Protecting personal Windows Mobile and Windows Phone 7 Devices
Protecting personal Blackberry devices
Exploring Enterprise-Grade Solutions for Various Platforms
Enterprise-grade solutions for Apple iOS
Enterprise-grade solutions for Symbian
Enterprise-grade solutions for Android
Enterprise-grade solutions for Windows Mobile and Windows Phone 7
Enterprise-grade solutions for Blackberry devices
Deploying Enterprise-Wide Loss and Theft Protection
Case Study: AcmeGizmo’s Lost or Stolen Device Recovery
Chapter 12: Educating Users about Backing Up Data
Backing Up Data from Smartphones
Instructing Users on Backing Up Their Devices
Backing up iPhones and iPads
Backing up Android devices
Backing up BlackBerry devices
Backing up Nokia devices
Backing up Windows Phone 7 devices
Instructing Users on Restoring Data to Their Devices
Restoring data from iPhones and iPads
Restoring data from Android devices
Restoring data from BlackBerry devices
Restoring data from Nokia devices
Restoring data from Windows Phone 7 devices
Instructing Users on Transferring Data to New Devices
Transferring data between iPhones and iPads
Transferring data between Android devices
Transferring data between BlackBerry devices
Transferring data between Nokia Symbian devices
Exploring Corporate Solutions for Backup and Restore
Case Study: AcmeGizmo Backup and Restore Use Cases
Chapter 13: Securing Mobile Applications
Understanding the Importance of a Sandbox
App Security on Various Platforms
App security on BlackBerry devices
App sandboxing on Apple iOS devices
Android operating system security
Exploring Virtualization for Mobile Devices
Accounting for Personal Devices at Work
Sandboxing Combined with On-Device Security
Part V: The Part of Tens
Chapter 14: Top Ten Online Information Sources
Tech SANS
Dark Reading
F-Secure Security Threat Summaries
Infosecurity Network
National Institute of Standards and Technology (Security Research)
Vendors’ Websites
ICSA labs
CERT
US-CERT
GSM Association
Chapter 15: Top Ten Mobile Security Vendors
AirWatch
Good Technology
Juniper Networks
Mobile Active Defense
McAfee
MobileIron
Sybase
Symantec
Tangoe
Zenprise
Cheat Sheet
Mobile Device Security For Dummies®
by Rich Campagna, Subbu Iyer, and Ashwin Krishnan
Foreword by Mark Bauhaus
Mobile Device Security For Dummies®
Published by
John Wiley & Sons, Inc.
111 River St.
Hoboken, NJ 07030-5774
www.wiley.com
Copyright © 2011 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor mentioned in this book.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services, please contact our Customer
Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.
For technical support, please visit www.wiley.com/techsupport.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Library of Congress Control Number: 2011932276
ISBN: 978-0-470-92753-3 (pbk); ISBN 978-1-118-09379-5 (ebk); ISBN 978-1-118-09380-1 (ebk); ISBN 978-1-118-09399-3 (ebk)
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
About the Authors
Rich Campagna is a Director of Product Management at Juniper Networks. His team is responsible for defining product strategy for Juniper Networks’ Junos Pulse Business Unit, including the Junos Pulse Mobile Security Suite, the SA Series SSL VPN product family, Juniper’s Unified Access Control product family, the Junos Pulse Application Acceleration product family, and the Junos Pulse client software. Rich was a co-author for Network Access Control For Dummies. Prior to joining Juniper Networks, Rich was a Sales Engineer at Sprint Corp. He received an MBA from UCLA Anderson School of Management and a BS in Electrical Engineering from Pennsylvania State University.
Subbu Iyer is a Senior Product Manager at Juniper Networks. He drives the product strategy of the Junos Pulse product line, which provides a variety of integrated network services on desktops and mobile devices, including smartphones and tablets. His prior experience includes over eight years at Cisco where he held various senior architecture and engineering roles focusing on application-aware networking, security, and WAN acceleration. He has extensive experience in software development and marketing of products in the areas of Application and Network Security, including remote and LAN access control. Subbu holds an M.S. in Computer Engineering from the University of Arizona, Tucson and an M.B.A. from the Haas School of Business, UC Berkeley.
Mobile Device Security For Dummies Page 1
