 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
BYOD Bring Your Own Device
One of several gazing-into-the-crystal-ball articles at the start of the year puts BYOD center stage for 2012. CISCO’s impressive 2011 security report in effect warns that failing to embrace BYOD and social media fully could harm an organization’s prospects of taking on college grads and other youngsters.
BYOD: how to minimize risk acknowledges the value of awareness: “Education and ongoing awareness training play key roles in ensuring that a mobile device security policy is actually followed by the rank and file , whether they're using corporate-owned or personally-owned devices ... That training should address a wide range of issues, including when and how to use encryption, how to back up sensitive information and how to use anti-malware software.”
Information Week recommends five important things to do with your MDM (Mobile Data Management) system.
Apple’s Mobile Device Management (MDM) software is fine if you only need to manage iPads and iPhones, although the range of supported devices is due to be extended somewhat during 2012. Third party MDM applications are restricted in how they manage Apple devices.
Portable ICT devices
Losing a USB memory stick is one way to cheese-off the 7,500 colleagues whose personal information it contained.
Here’s a vulnerability we didn’t cover in the BYOD module: an Android application that measures small movements of the device to determine which part of the screen keyboard the user touches. It’s an interesting side-channel attack but assuming the typical tablet architecture is similar to PCs, keylogging Trojans can presumably achieve the same end by a rather simpler method - monitoring the keyboard buffer directly.
Before pilots start using tablet PCs such as iPads in the cockpit in place of their paper checklists, let’s hope they and the authorities consider the corresponding information security risks.
Helpful advice for travellers taking laptops to parts of the world where they might be searched for
information or compromised with malware. I particularly liked the idea to store data on an encrypted USB stick rather than on the machine itself, and to keep the USB stick on your person at all times, but it seems
strange not to recommend encrypting the laptop’s hard drive too.
Don’t trust USB devices given as gifts, not even those handed out at a security conference.
NIST standard SP800-124 provides guidance on securing PDAs and cellphones.
A few organizations that recognize the security issues created by USB thumb drives, hard drives, CD-RWs etc. decide to lock down the USB ports on their systems. The usual way to do this is to buy, test and install additional USB control software. A Microsoft MVP (Most Valuable Professional) has come up with a low cost solution using native Windows functionality - specifically, Group Policy. WindowsDevCenter explains how to define a policy to disable the USB storage driver. A Microsoft Knowledge Base article contains the necessary code.
Related NoticeBored links collections
Incident management, physical IT security, malware and wireless security
NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk. Please let us know about new or broken links.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Copyright © 2012 IsecT Ltd.