Securing Mobile Devices – CompTIA A+ 220-902 – 3.5

Your mobile devices include a number of methods to keep your data safe. In this video, you’ll learn about screen locks, locator applications, remote backup, biometric authentication, and much more!

<< Previous: Workstation Security Best PracticesNext: Data Destruction and Disposal >>

One of the most fundamental security features on your mobile device is the screen lock. With the screen lock, your system is secure until you lock it through a number of different means. One way to unlock your mobile phone or your mobile device is through a fingerprint reader that’s built into the device itself. You put your finger on the device, it recognizes your fingerprint, and unlocks the system. Your mobile device might also include face recognition. That way, when your face is near the device it knows that it’s you, and it can unlock the device normally. You might also use a swipe feature, where there’s a predefined pattern that you would follow on the front of your phone, and by following this pattern, you can unlock the phone.

A passcode is a traditional way to lock your mobile device. You can either use a personal identification number, or use a more complex password.

With all of these different unlocking techniques, you have the option to enable additional protection for failed attempts. On iOS, you could have the device erase everything on the phone after there have been 10 failed attempts to the device. In Android, it will lock the device and require your Google login to regain access to the system. And the Windows Phone will simply delay the next attempt or require a factory reset to get back into your mobile device.

Today’s modern mobile devices can use a GPS to give you a very precise location of where your mobile device might be. Many mobile devices can also use a Wi-Fi network or your wireless provider’s network to help locate where your device is as well. It will put a location on a map and show you exactly where your device happens to be, and you’re even able to control this device from this interface. You could make it play a sound or display a message on the screen. And if you still don’t have access to this device, you can choose remotely to wipe and erase everything that happens to be on that mobile device.

Since these devices are so mobile and occasionally might get out of our control, it’s always nice to have a backup– that way, if you do wipe the mobile device, you can always recover all of that information from your backup. These days, it’s very common to backup our data to the cloud since we’re always moving and always mobile with these devices. This is a constant process– there’s no button that you have to push– it is constantly updating and keeping all of your information synchronized to the cloud. This allows you to back up without plugging in any particular cables. It simply uses the networks that you’re connected to normally with this mobile device, and then, if you do need to recover this information, you simply click one button, it restores everything from the cloud, and your system is back to the way it was before you lost all the data.

Malicious software is not just something that we have to worry about on our desktop computers. We also have to be concerned about it on our mobile devices, as well. If you’re running Apple’s iOS, it’s a very closed environment and it’s very tightly regulated as to what applications can be installed onto those devices. If malware needs to get into an Apple iOS device, then it needs to find some type of vulnerability in the phone and the operating system itself.

On Android, you’re able to install applications from anywhere. It’s a much more open environment, so it tends to be a little bit easier for the malware to find its way onto that particular device. Windows Phone is a closed environment– very similar to iOS– where there are not a lot of options for sideloading or installing applications from third-party locations.

With all of these operating systems, all of the applications run in a sandbox. This means the application is only going to have access to the information it needs, and no application is going to have complete access to everything that’s on your mobile device.

Just like your desktop computers, your mobile devices also need to be updated so they’re always running the latest software. These might be device patches that could include security updates for your system. Or these might be operating system updates that provide new features or provide you with additional stability when you’re using the device. In either case, you need to make sure you always stay up to date with all of these patches so that your system remains as safe as possible.

Using biometrics as a form of authentication to our mobile device just makes sense. We’re always with our devices, and using part of ourselves becomes a natural way to authenticate to these mobile devices. It’s very common to use this multi-factor authentication with something that we are. For instance, it might be a fingerprint. It might be a face recognition. Or you could even, ultimately, see us using an iris or some other part of our body as a way to authenticate to our mobile device. We’re really just at the very beginnings of figuring out the best way to use biometrics with our mobile devices, and we’ll certainly see this particular part of authentication evolve as the years go on.

Another common authentication factor is something like an authenticator application. This is one that is using a pseudo-random number that’s changing every 30 seconds or every 60 seconds, and you’re usually logging on with a username, a password, and the code that’s appearing on this token generator. Some token generators are physical devices. They might be on a key ring and you’re hitting a button to display what the latest code happens to be. But, since we have our phones with us all the time, we might have this authenticator built into an application on our phone so that if we have our phone, we’re able to authenticate with this additional factor.

Since our mobile devices contain so much personal information, we want to be sure the data stays protected. One way to do that is to encrypt everything on the device. In iOS version 8 in later, everything on the device is automatically encrypted, and it’s based on the passcode you assign to the device. If this is an Android device, you can turn on full device encryption. And for Windows Phone 8 and 8.1, full device encryption is something that’s only enabled through Exchange ActiveSync. This is something that can also be turned on if you’re in an environment where they’re managing all of these remote devices with a mobile device manager.

Full device encryption is something that’s constantly changing on these mobile devices, so you should check in with your mobile operating system and see what options might be available for you.

Once malware gets onto a mobile device, it can cause a lot of problems for the operation of your device, and it may even have access to certain amount of data. For that reason, you need to know what sources might be trusted to install an application from, and which may be untrusted. With Apple’s iOS, all of the applications are installed directly from the App Store. That means Apple is able to curate all the applications and make sure they’re not only usable, but also secure, as well.

With Android, you can install applications from Google Play, which is a relatively trusted location, or you can install applications from third-party sites, and this is where an untrusted application may get installed onto your system. If you’re running Windows Phone, the applications are curated by Microsoft, which, of course, is a trusted source. And if you’re running in an enterprise, you may have the option to sideload some applications. But since those applications are coming from your environment, you could also trust those, as well.

We’re accustomed to having firewalls on our desktop devices, but we don’t generally see firewalls running on a mobile device. Most activity is outbound, and there’s very few services running on a mobile device that can be accessed from the outside. There are some mobile firewall applications available– most of them available on Android– but none of them seem to be widely used. In an enterprise environment, a mobile device manager can allow or disallow certain functions or applications from running on a mobile device. If you were to add a firewall to this mobile device as well, you could also limit what type of traffic would be allowed into and out of the network connection.

When you’re using your mobile device at work, there needs to be a clear delineation from what is work, and what is personal. Often, your organization is not going to buy you the mobile device, but instead allow you to use your own mobile phone for business use. You’ll often see this referred to as BYOD for bring your own device.

Even though this is your device, it’s going to contain information and data from your organization, so there still needs to be some type of administration and management by the organization. This is commonly done with an MDM, or a mobile device manager. Usually policies will be set on that mobile device manager that can limit what applications you can run, what type of data is stored on the device, perhaps the camera may be enabled or disabled, depending on the policies and the procedures for your organization. With certain mobile device managers, you can partition, or section off, part of the mobile device to be used for business purposes and then leave the rest of the mobile device open and available for personal use.

And it’s very common, with mobile device managers and through normal policies and procedures, to require that everyone uses locks on their phone and requires a personal identification number to gain access back in to this very important resource.