Information

Security 1
 TOPIC DISCUSSION

4 Security Applications and Devices

4.1 Software Firewalls
4.2 IDS
4.3 Pop-up Blockers
4.4 Data Loss Prevention (DLP)
4.5 Securing the BIOS
4.6 Securing Storage Devices

4.7 Disc Encryption

 TOPIC DISCUSSION

5 Mobile Device Security

5.1 Securing Wireless Devices
5.2 Mobile Malware
5.3 SIM Cloning and ID Theft
5.4 Bluetooth Attacks
5.5 Mobile Device Theft
5.6 Security of Apps

5.7 BYOD
5.8 Securing Mobile Devices
SECURITY
APPLICATIONS
AND DEVICES
Application security is the process
of making apps more secure by
finding, fixing, and enhancing the
security of apps. Much of this
happens during the development
phase, but it includes tools and
methods to protect apps once they
are deployed.
 Software Firewalls

Firewalls are one of the first lines of defense in a network. There

are different types of firewalls, and they can be either stand-
alone systems or included in other devices such as routers or
servers. You can find firewall solutions that are marketed as
hardware-only and others that are software-only. Many
firewalls, however, consist of add-in software that is available
for servers or workstations.
 IDS (Intrusion Detection System)

An IDS is software that runs on either individual workstations

or network devices to monitor and track network activity. Using
an IDS, a network administrator can configure the system to
respond just like a burglar alarm. IDS systems can be configured
to evaluate systems logs, look at suspicious network activity,
and disconnect sessions that appear to violate security settings.
 Pop-up Blockers

Pop-ups are frequently used by websites to advertise products or

features. They are therefore meant to be as eye-catching as
possible. This is achieved by making the pop-up open in a small
secondary window, which becomes the active window. To get the
maximum amount of attention, a pop-up may also feature bright
colors, animation and motion.
 Data Loss Prevention (DLP)

Data Loss Prevention (DLP) techniques examine and inspect data

looking for unauthorized data transmissions. You may also see it as
data leak prevention. A DLP system can be network-based to inspect
data in motion, storage-based to inspect data at rest, or endpoint-
based to inspect data in use. The most common is a network-based
DLP.
Securing the BIOS
 Securing Storage Devices

Data storage security involves protecting storage resources and the

data stored on them – both on-premises and in external data
centers and the cloud – from accidental or deliberate damage or
destruction and from unauthorized users and uses. It's an area that
is of critical importance to enterprises because the majority of data
breaches are ultimately caused by a failure in data storage security.
 Securing Storage Devices
How to Secure USB Drives and Other Portable Storage Devices
> Encrypt Your Data

> Use BitLocker To Go for Windows 7 and 8

> Use Encrypting File System (EFS) for Windows XP and Vista

> Use 256-bit AES Encryption for Mac

> Different Encryption Options With Third-Party Software

> Mixing Encryption Hardware and Software May Be Best Medicine

 Disc Encryption

Disk encryption prevents a disk drive, such as a hard drive in a

laptop computer or a portable USB storage device, from booting
up unless the user inputs valid authentication data.
 Securing Wireless Devices
How to Secure USB Drives and Other Portable Storage Devices

> Install a wireless intrusion detection system (WIDS) to monitor wireless

traffic.
> Move all phone lockers outside of entry points or outside the building.

> Install “perimeter entry” detectors for cell band and Wi-Fi devices.

> Install cell band & Wi-Fi detectors in strategic “interior” locations to catch
any intentional device entry or authorized devices are inadvertently left in
“wireless on” mode.
> Install detectors to verify mobile devices in lockers are turned off.

> Apply TEMPEST film to the windows. The IAD TEMPEST team may be
able to provide additional or better TEMPEST solutions.
 Mobile Malware

Mobile malware, as its name suggests is malicious software that

specifically targets the operating systems on mobile phones.
There are many types of mobile malware variants and different
methods of distribution and infection.
 SIM Cloning and ID Theft

SIM cloning is the process in which a legitimate SIM card is

duplicated. When the cloning is completed, the cloned SIM
card’s identifying information is transferred onto a separate,
secondary SIM card. The secondary card can then be used in a
different phone while having all calls and associated charges
attributed to the original SIM card. The phrase SIM clone is
often used to refer to the SIM card that has been successfully
duplicated.
 SIM Cloning and ID Theft

Identity (ID) theft happens when someone steals your personal

information to commit fraud.

The identity thief may use your information to fraudulently

apply for credit, file taxes, or get medical services. These acts
can damage your credit status, and cost you time and money to
restore your good name.
 Bluetooth Attacks
Bluetooth is best known as the wireless technology that powers
hands-free earpieces and connects your phone to audio,
navigation, and electronics through the Internet of Things (IoT).
Bluetooth connections are encrypted, but that has not stopped
researchers finding vulnerabilities allowing them to eavesdrop
on connections between phones and headsets. Bluetooth can be
used to transfer files from one device to another, so if an
attacker could access a device via the Bluetooth protocol they
could also potentially access sensitive information on that
device.
 Mobile Device Theft

With the rising use of electronic devices such as laptop computers,

tablets, cellular phones, and other personal electronics, they have
become a target of choice for thieves all over. Because these devices
make it easier to store and access information for personal and
professional use, they can also put your data at risk. Theft is a
significant threat to users of these devices, especially when using
them to access your personal information, bank accounts, or work on-
the-go.
 BYOD

Bring your own device (BYOD) refers to the trend of employees

using personal devices to connect to their organizational
networks and access work-related systems and potentially
sensitive or confidential data. Personal devices could include
smartphones, personal computers, tablets, or USB drives.
 Securing Mobile Devices

Smartphones have become such an integral part of our life that

it is hard to imagine how people used to communicate, access
and share information, and even pay bills without them. Because
of their size, we tend to forget that they are actually extremely
powerful computers and that they should be secured as such.
The below security tips will help you secure your phone and
prevent malicious programs or people from accessing it. The
more of these you implement, the safer your device will be.
 Securing Mobile Devices
Things to consider:
> Use a lock screen and enable auto-lock functionality

> Do not “root” or “jailbreak” your device.

> Avoid “rooting” your device if possible, as this can make it difficult to
regularly pull down security updates and other patches for the device.
> Ensure that any installed apps are regularly updated.
> Avoid installing unrecognized apps or apps from unknown authors.
> Install anti-malware software if available for your device.

> If a mobile device supports encryption, use it.

> Be careful when opening attachments and browsing.

 Securing Mobile Devices
Things to consider:
> Enable “remote wipe” functionality where available.

> Enable “find my device” functionality if available.

> Try not to store emails, text messages, or other content containing sensitive
information (like credit card numbers, social security numbers, passwords,
etc.) On mobile devices.
> Be mindful when connecting to unrecognized or unsecured wireless
> networks.
Do not connect to wireless networks that are unrecognized.
> Do not leave your phone/tablet unattended