Mobile Security - Revision history

User at 02:12, 20 January 2023

2023-01-20T02:12:49Z

Show changes

User: The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

2021-02-06T17:09:07Z

The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

User at 20:49, 21 May 2020

2020-05-21T20:49:33Z

User at 20:40, 21 May 2020

2020-05-21T20:40:41Z

User at 20:38, 21 May 2020

2020-05-21T20:38:36Z

User at 20:32, 21 May 2020

2020-05-21T20:32:38Z

User at 20:13, 21 May 2020

2020-05-21T20:13:23Z

User: Created page with "'''Content Coming Soon'''"

2019-01-06T05:54:28Z

Created page with "'''Content Coming Soon'''"

New page

'''Content Coming Soon'''

@@ Line 1: / Line 1: @@
 == Definition of Mobile Security<ref>Definition - What Does Mobile Security Mean? [https://www.webopedia.com/TERM/M/mobile_security.html Webopedia]</ref> ==
-'''Mobile Security''' (also known as '''Mobile Device Security''') involves protecting both personal and business information stored on and transmitted from smartphones, tablets, laptops and other [[Mobile Device|mobile devices]]. The term mobile security is a broad one that covers everything from protecting mobile devices from [[Malware|malware]] threats to [[Risk Mitigation|reducing risks]] and securing mobile devices and their [[Data|data]] in the case of theft, unauthorized access or accidental loss of the mobile device.
+'''Mobile Security''' (also known as '''Mobile [[Device]] Security''') involves protecting both personal and [[business]] information stored on and transmitted from smartphones, tablets, laptops and other [[Mobile Device|mobile devices]]. The term mobile security is a broad one that covers everything from protecting mobile devices from [[Malware|malware]] threats to [[Risk Mitigation|reducing risks]] and securing mobile devices and their [[Data|data]] in the case of theft, unauthorized access or accidental loss of the mobile device.
-Mobile security also refers to the means by which a mobile device can authenticate users and protect or restrict access to data stored on the device through the use of passwords, personal identification numbers (PINs), pattern screen locks or more advanced forms of authentication such as fingerprint readers, eye scanners and other forms of biometric readers. Mobile security is closely related to [[Mobile Device Management (MDM)|mobile device management (MDM)]], which is a term that specifically applies to protecting mobile devices in the enterprise or business environments from loss or theft, as well as protecting the data on these devices.
+Mobile security also refers to the means by which a mobile device can authenticate users and protect or restrict access to [[data]] stored on the device through the use of passwords, personal identification numbers (PINs), pattern screen locks or more advanced forms of [[authentication]] such as fingerprint readers, eye scanners and other forms of biometric readers. Mobile security is closely related to [[Mobile Device Management (MDM)|mobile device management (MDM)]], which is a term that specifically applies to protecting mobile devices in the enterprise or business environments from loss or theft, as well as protecting the data on these devices.
@@ Line 9: / Line 9: @@
 == Security Threats on Mobile Devices<ref>Security Threats on Mobile Devices [https://study.com/academy/lesson/mobile-security-definition-types-examples.html study.com]</ref> ==
-Security threats on mobile devices come from a variety of places. For example, joining an unsafe Wi-Fi network can allow others to gain access to your device. Threats can also come in other forms:
+Security threats on mobile devices come from a variety of places. For example, joining an unsafe Wi-Fi [[network]] can allow others to gain access to your device. Threats can also come in other forms:
-*Phishing scams: Since many of us use our phones to access our email, it's highly likely you could click a malicious link and inadvertently cause a virus to spread through your device.
+*[[Phishing]] scams: Since many of us use our phones to access our email, it's highly likely you could click a malicious link and inadvertently cause a [[virus]] to spread through your device.
-*Malicious apps: Some phone manufacturers keep a pretty close eye on apps and their developers, but unprotected phones or apps downloaded from less reputable locations can be full of malicious content. Malicious software can infect all types of devices and, though rare, iPhones can be a target.
+*Malicious apps: Some phone manufacturers keep a pretty close eye on apps and their developers, but unprotected phones or apps downloaded from less reputable locations can be full of malicious content. Malicious [[software]] can infect all types of devices and, though rare, iPhones can be a [[target]].
 *Network spoofing: That Wi-Fi network you just logged onto while sitting in the grocery store parking lot? Yes, it might be a fake network designed to grab your personal information.
-*Spyware: Spyware allows hackers to break into your phone and oversee everything you do, from where you are at any given time to your credit card number to text messages you send.
+*[[Spyware]]: Spyware allows hackers to break into your phone and oversee everything you do, from where you are at any given time to your credit card number to text messages you send.
-*Bluetooth vulnerabilities: In late 2017, experts discovered that millions of devices had a vulnerability that made them susceptible to threats through Bluetooth technology that could pass from one device to another nearby relatively easily.
+*Bluetooth vulnerabilities: In late 2017, experts discovered that millions of devices had a [[vulnerability]] that made them susceptible to threats through Bluetooth technology that could pass from one device to another nearby relatively easily.
@@ Line 26: / Line 26: @@
 *Endpoint security: As [[Organization|organizations]] embrace flexible and mobile workforces, they must deploy [[Network|networks]] that allow remote access. Endpoint security solutions protect corporations by monitoring the files and processes on every mobile device that accesses a network. By constantly scanning for malicious behavior, endpoint security can identify threats early on. When they find malicious behavior, endpoint solutions quickly alert security teams, so threats are removed before they can do any damage.
 *VPN: A [[Virtual Private Network (VPN)|virtual private network]], or VPN, is an encrypted connection over the [[Internet]] from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct remote work safely.
-*Secure web gateway: Secure web gateways provide powerful, overarching cloud security. Because 70 percent of attacks are distinct to the organization, businesses need cloud security that identifies previously used attacks before they are launched. Cloud security can operate at the DNS and IP layers to defend against phishing, malware, and ransomware earlier. By integrating security with the cloud, you can identify an attack on one location and immediately prevent it at other branches.
+*Secure web gateway: Secure web gateways provide powerful, overarching cloud security. Because 70 percent of attacks are distinct to the [[organization]], businesses need cloud security that identifies previously used attacks before they are launched. Cloud security can operate at the DNS and IP layers to defend against phishing, [[malware]], and [[ransomware]] earlier. By integrating security with the cloud, you can identify an attack on one location and immediately prevent it at other branches.
 *Email security: Email is both the most important business communication tool and the leading attack vector for security breaches. In fact, according to the latest Cisco Midyear Cybersecurity Report, email is the primary tool for attackers spreading ransomware and other malware. Proper email security includes advanced threat protection capabilities that detect, block, and remediate threats faster; prevent data loss; and secure important information in transit with end-to-end encryption.
 *Cloud access security broker: Your network must secure where and how your employees work, including in the cloud. You will need a cloud access security broker (CASB), a tool that functions as a gateway between on-premises infrastructure and cloud applications (Salesforce, Dropbox, etc.). A CASB identifies malicious cloud-based applications and protects against breaches with a cloud data loss prevention (DLP) engine.
@@ Line 32: / Line 32: @@
 == Next Generation of Mobile Security<ref>Next Generation of Mobile Security [https://en.wikipedia.org/wiki/Mobile_security Wikipedia]</ref> ==
-There is expected to be four mobile environments that will make up the security framework:
+There is expected to be four mobile environments that will make up the security [[framework]]:
-*Rich operating system: In this category will fall traditional Mobile OS like Android, iOS, Symbian OS or Windows Phone. They will provide the traditional functionality and security of an OS to the applications.
+*Rich operating [[system]]: In this category will fall traditional Mobile OS like Android, iOS, Symbian OS or Windows Phone. They will provide the traditional functionality and security of an OS to the applications.
 *Secure Operating System (Secure OS): A secure kernel which will run in parallel with a fully featured Rich OS, on the same processor core. It will include drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world"). The trusted infrastructure could include interfaces like the display or keypad to regions of PCI-E address space and memories.
-*Trusted Execution Environment (TEE): Made up of hardware and software. It helps in the control of access rights and houses sensitive applications, which need to be isolated from the Rich OS. It effectively acts as a firewall between the "normal world" and "secure world".
+*Trusted Execution Environment (TEE): Made up of [[hardware]] and software. It helps in the [[control]] of access rights and houses sensitive applications, which need to be isolated from the Rich OS. It effectively acts as a [[firewall]] between the "normal world" and "secure world".
 *Secure Element (SE): The SE consists of tamper resistant hardware and associated software or separate isolated hardware. It can provide high levels of security and work in tandem with the TEE. The SE will be mandatory for hosting proximity payment applications or official electronic signatures. SE may connect, disconnect, block peripheral devices and operate separate set of hardware.
 *Security Applications (SA): Numerous security applications are available on App Stores providing services of protection from viruses and performing vulnerability assessment.
@@ Line 42: / Line 42: @@
 == Mobile Device Security Trends<ref>Mobile Device Security Trends [https://www.enterprisemobilityexchange.com/eme-security/articles/mobile-device-security Enterprise Mobility Exchange]</ref> ==
 As the world of mobility changes, enterprises are also adapting. Here are some of the latest security trends in enterprise mobility:
-*Using Cyber Liability Insurance: One of the biggest security trends in the enterprise is with cyber liability insurance. This type of insurance covers the losses that result in a data breach. In other words, in case a mobile device is hacked and the data gets compromised, all potential financial losses will be covered. Given the fact that mobile devices have a target on their back and are now the primary threat vector, enterprises need to ensure that their cyber liability insurance policies cover the mobile devices. It is imperative have this policy in order to protect against potential data breaches and leaks. When a cyber attacks occurs on a mobile device, an enterprise needs to act fast. If data is breached, all affected users must be notified. The cost of this tremendous communication burden can add up, and the company’s brand could be at risk. With the average cost of a corporate data breach nearly $4 million, it is worth exploring to have an insurance policy that covers data on enterprise devices.
+*Using Cyber [[Liability]] Insurance: One of the biggest security trends in the enterprise is with cyber liability insurance. This type of insurance covers the losses that result in a data breach. In other words, in case a mobile device is hacked and the data gets compromised, all potential financial losses will be covered. Given the fact that mobile devices have a target on their back and are now the primary threat vector, enterprises need to ensure that their cyber liability insurance policies cover the mobile devices. It is imperative have this [[policy]] in order to protect against potential data breaches and leaks. When a cyber attacks occurs on a mobile device, an enterprise needs to act fast. If data is breached, all affected users must be notified. The cost of this tremendous communication burden can add up, and the company’s [[brand]] could be at [[risk]]. With the average cost of a corporate data breach nearly $4 million, it is worth exploring to have an insurance policy that covers data on enterprise devices.
 *Avoiding Public WiFi: Public WiFi represents one of the biggest attacks vectors for all types of mobile devices. The problem is that when workers connect to public WiFi networks, the assumption is that they are safe to use. The truth is that a hacker can easily breach the device, access the network, and steal data. Some hackers are specifically targeting unsuspected users who access a public WiFi network that looks safe, but is really vulnerable to attacks. There have been cases where hackers created fake WiFi networks that seem innocent (calling them names like ‘Coffee Shop’) but, it is really just a way to trap users. The trend is to educate workers about these dangers. All employees should be aware that WiFi networks pose a significant threat, and should be avoided when accessing enterprise apps. The problem is that some employees ignore this advice and go on the public WiFi. To combat this issue, a growing trend in the enterprise is to program the devices in a way that prohibits employees from accessing public WiFi.
-*The Emergence Of IoT Device Security: Similar to cellular devices, IoT devices are also vulnerable to the same threats. IT departments recognize this issue, and are addressing it by protecting IoT devices the same way that traditional mobile devices would need it. After all, any endpoint in an enterprise needs to have the best protection. The difference is that the recent trend is to take extra steps to protect IoT devices. Some enterprises are actively removing these devices from the main network and placing them in their own isolated network, such as a virtual LAN. By segregating these devices onto a separate firewalled network, there could be fewer security incidents. In addition, some enterprises are enacting extra precautions by disabling certain functions with IoT devices. For example, if a wireless printer (which is a considered an IoT device) has faxing capabilities that it never uses, a company might shut that function down for security reasons. These steps make sense for IoT, but not for mobile devices, which usually require full network access. One security protocol that both IoT and traditional mobile devices share is encryption, which is a big trend in the industry. Many organizations are leveraging encryption to protect data.
+*The Emergence Of IoT Device Security: Similar to cellular devices, IoT devices are also vulnerable to the same threats. IT departments recognize this issue, and are addressing it by protecting IoT devices the same way that traditional mobile devices would need it. After all, any endpoint in an enterprise needs to have the best protection. The difference is that the recent trend is to take extra steps to protect IoT devices. Some enterprises are actively removing these devices from the main network and placing them in their own isolated network, such as a virtual LAN. By segregating these devices onto a separate firewalled network, there could be fewer security incidents. In addition, some enterprises are enacting extra precautions by disabling certain functions with IoT devices. For example, if a wireless printer (which is a considered an IoT device) has faxing capabilities that it never uses, a company might shut that function down for security reasons. These steps make sense for IoT, but not for mobile devices, which usually require full network access. One security protocol that both IoT and traditional mobile devices share is encryption, which is a big trend in the [[industry]]. Many organizations are leveraging encryption to protect data.

@@ Line 5: / Line 5: @@
-'''Mobile Security Concerns'''<br />
+__TOC__
@@ Line 17: / Line 15: @@
 *Spyware: Spyware allows hackers to break into your phone and oversee everything you do, from where you are at any given time to your credit card number to text messages you send.
 *Bluetooth vulnerabilities: In late 2017, experts discovered that millions of devices had a vulnerability that made them susceptible to threats through Bluetooth technology that could pass from one device to another nearby relatively easily.
@@ Line 35: / Line 38: @@
 *Secure Element (SE): The SE consists of tamper resistant hardware and associated software or separate isolated hardware. It can provide high levels of security and work in tandem with the TEE. The SE will be mandatory for hosting proximity payment applications or official electronic signatures. SE may connect, disconnect, block peripheral devices and operate separate set of hardware.
 *Security Applications (SA): Numerous security applications are available on App Stores providing services of protection from viruses and performing vulnerability assessment.

@@ Line 1: / Line 1: @@
-Definition of Mobile Security<ref>Definition - What Does Mobile Security Mean? [https://www.webopedia.com/TERM/M/mobile_security.html Webopedia]</ref>
+== Definition of Mobile Security<ref>Definition - What Does Mobile Security Mean? [https://www.webopedia.com/TERM/M/mobile_security.html Webopedia]</ref> ==
 '''Mobile Security''' (also known as '''Mobile Device Security''') involves protecting both personal and business information stored on and transmitted from smartphones, tablets, laptops and other [[Mobile Device|mobile devices]]. The term mobile security is a broad one that covers everything from protecting mobile devices from [[Malware|malware]] threats to [[Risk Mitigation|reducing risks]] and securing mobile devices and their [[Data|data]] in the case of theft, unauthorized access or accidental loss of the mobile device.
@@ Line 6: / Line 6: @@
 '''Mobile Security Concerns'''<br />
-[[File:Mobile_Security_Concerns.png|200px|Mobile Security Concerns]]<br />
+[[File:Mobile_Security_Concerns.png|400px|Mobile Security Concerns]]<br />
 source: [https://www.toolsqa.com/security-testing/security-testing-mobile/ ToolsQA]

@@ Line 3: / Line 3: @@
 Mobile security also refers to the means by which a mobile device can authenticate users and protect or restrict access to data stored on the device through the use of passwords, personal identification numbers (PINs), pattern screen locks or more advanced forms of authentication such as fingerprint readers, eye scanners and other forms of biometric readers. Mobile security is closely related to [[Mobile Device Management (MDM)|mobile device management (MDM)]], which is a term that specifically applies to protecting mobile devices in the enterprise or business environments from loss or theft, as well as protecting the data on these devices.
@@ Line 29: / Line 34: @@
 *Trusted Execution Environment (TEE): Made up of hardware and software. It helps in the control of access rights and houses sensitive applications, which need to be isolated from the Rich OS. It effectively acts as a firewall between the "normal world" and "secure world".
 *Secure Element (SE): The SE consists of tamper resistant hardware and associated software or separate isolated hardware. It can provide high levels of security and work in tandem with the TEE. The SE will be mandatory for hosting proximity payment applications or official electronic signatures. SE may connect, disconnect, block peripheral devices and operate separate set of hardware.
-Security Applications (SA)
+*Security Applications (SA): Numerous security applications are available on App Stores providing services of protection from viruses and performing vulnerability assessment.

← Older revision		Revision as of 20:32, 21 May 2020
Line 3:		Line 3:

	Mobile security also refers to the means by which a mobile device can authenticate users and protect or restrict access to data stored on the device through the use of passwords, personal identification numbers (PINs), pattern screen locks or more advanced forms of authentication such as fingerprint readers, eye scanners and other forms of biometric readers. Mobile security is closely related to [[Mobile Device Management (MDM)\|mobile device management (MDM)]], which is a term that specifically applies to protecting mobile devices in the enterprise or business environments from loss or theft, as well as protecting the data on these devices.		Mobile security also refers to the means by which a mobile device can authenticate users and protect or restrict access to data stored on the device through the use of passwords, personal identification numbers (PINs), pattern screen locks or more advanced forms of authentication such as fingerprint readers, eye scanners and other forms of biometric readers. Mobile security is closely related to [[Mobile Device Management (MDM)\|mobile device management (MDM)]], which is a term that specifically applies to protecting mobile devices in the enterprise or business environments from loss or theft, as well as protecting the data on these devices.
		+
		+
		+	== Security Threats on Mobile Devices<ref>Security Threats on Mobile Devices [https://study.com/academy/lesson/mobile-security-definition-types-examples.html study.com]</ref> ==
		+	Security threats on mobile devices come from a variety of places. For example, joining an unsafe Wi-Fi network can allow others to gain access to your device. Threats can also come in other forms:
		+	*Phishing scams: Since many of us use our phones to access our email, it's highly likely you could click a malicious link and inadvertently cause a virus to spread through your device.
		+	*Malicious apps: Some phone manufacturers keep a pretty close eye on apps and their developers, but unprotected phones or apps downloaded from less reputable locations can be full of malicious content. Malicious software can infect all types of devices and, though rare, iPhones can be a target.
		+	*Network spoofing: That Wi-Fi network you just logged onto while sitting in the grocery store parking lot? Yes, it might be a fake network designed to grab your personal information.
		+	*Spyware: Spyware allows hackers to break into your phone and oversee everything you do, from where you are at any given time to your credit card number to text messages you send.
		+	*Bluetooth vulnerabilities: In late 2017, experts discovered that millions of devices had a vulnerability that made them susceptible to threats through Bluetooth technology that could pass from one device to another nearby relatively easily.

← Older revision		Revision as of 20:13, 21 May 2020
Line 1:		Line 1:
−	'''~~Content Coming Soon~~'''	+	Definition of Mobile Security<ref>Definition - What Does Mobile Security Mean? [https://www.webopedia.com/TERM/M/mobile_security.html Webopedia]</ref>
		+	'''Mobile Security''' (also known as '''Mobile Device Security''') involves protecting both personal and business information stored on and transmitted from smartphones, tablets, laptops and other [[Mobile Device\|mobile devices]]. The term mobile security is a broad one that covers everything from protecting mobile devices from [[Malware\|malware]] threats to [[Risk Mitigation\|reducing risks]] and securing mobile devices and their [[Data\|data]] in the case of theft, unauthorized access or accidental loss of the mobile device.
		+
		+	Mobile security also refers to the means by which a mobile device can authenticate users and protect or restrict access to data stored on the device through the use of passwords, personal identification numbers (PINs), pattern screen locks or more advanced forms of authentication such as fingerprint readers, eye scanners and other forms of biometric readers. Mobile security is closely related to [[Mobile Device Management (MDM)\|mobile device management (MDM)]], which is a term that specifically applies to protecting mobile devices in the enterprise or business environments from loss or theft, as well as protecting the data on these devices.
		+
		+
		+	== Components of Mobile Device Security<ref>Components of Mobile Device Security [https://www.cisco.com/c/en/us/solutions/small-business/resource-center/security/mobile-device-security.html#~components CISCO]</ref> ==
		+	Here are some solutions that can help keep mobile devices more secure.
		+	*Endpoint security: As [[Organization\|organizations]] embrace flexible and mobile workforces, they must deploy [[Network\|networks]] that allow remote access. Endpoint security solutions protect corporations by monitoring the files and processes on every mobile device that accesses a network. By constantly scanning for malicious behavior, endpoint security can identify threats early on. When they find malicious behavior, endpoint solutions quickly alert security teams, so threats are removed before they can do any damage.
		+	*VPN: A [[Virtual Private Network (VPN)\|virtual private network]], or VPN, is an encrypted connection over the [[Internet]] from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct remote work safely.
		+	*Secure web gateway: Secure web gateways provide powerful, overarching cloud security. Because 70 percent of attacks are distinct to the organization, businesses need cloud security that identifies previously used attacks before they are launched. Cloud security can operate at the DNS and IP layers to defend against phishing, malware, and ransomware earlier. By integrating security with the cloud, you can identify an attack on one location and immediately prevent it at other branches.
		+	*Email security: Email is both the most important business communication tool and the leading attack vector for security breaches. In fact, according to the latest Cisco Midyear Cybersecurity Report, email is the primary tool for attackers spreading ransomware and other malware. Proper email security includes advanced threat protection capabilities that detect, block, and remediate threats faster; prevent data loss; and secure important information in transit with end-to-end encryption.
		+	*Cloud access security broker: Your network must secure where and how your employees work, including in the cloud. You will need a cloud access security broker (CASB), a tool that functions as a gateway between on-premises infrastructure and cloud applications (Salesforce, Dropbox, etc.). A CASB identifies malicious cloud-based applications and protects against breaches with a cloud data loss prevention (DLP) engine.
		+
		+
		+	== Next Generation of Mobile Security<ref>Next Generation of Mobile Security [https://en.wikipedia.org/wiki/Mobile_security Wikipedia]</ref> ==
		+	There is expected to be four mobile environments that will make up the security framework:
		+	*Rich operating system: In this category will fall traditional Mobile OS like Android, iOS, Symbian OS or Windows Phone. They will provide the traditional functionality and security of an OS to the applications.
		+	*Secure Operating System (Secure OS): A secure kernel which will run in parallel with a fully featured Rich OS, on the same processor core. It will include drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world"). The trusted infrastructure could include interfaces like the display or keypad to regions of PCI-E address space and memories.
		+	*Trusted Execution Environment (TEE): Made up of hardware and software. It helps in the control of access rights and houses sensitive applications, which need to be isolated from the Rich OS. It effectively acts as a firewall between the "normal world" and "secure world".
		+	*Secure Element (SE): The SE consists of tamper resistant hardware and associated software or separate isolated hardware. It can provide high levels of security and work in tandem with the TEE. The SE will be mandatory for hosting proximity payment applications or official electronic signatures. SE may connect, disconnect, block peripheral devices and operate separate set of hardware.
		+	Security Applications (SA)
		+	Numerous security applications are available on App Stores providing services of protection from viruses and performing vulnerability assessment.