Más contenido relacionado La actualidad más candente (20) Similar a Locking down risks from unlocked devices (20) Locking down risks from unlocked devices 1. Locking Down the Risks
from Unlocked Devices
Presented by:
Troy Fulton
Director, Product Marketing
Wednesday, February 20, 2013
© 2013 Tangoe, Inc.
Thursday, February 21, 2013
2. Today‟s Speaker
Troy Fulton
Director, MDM Product Marketing
• 20+ years in high-tech and communications devices
• Senior product marketing and management positions
with global corporations including Motorola Mobility,
Nokia, and Compaq
• MBA from The College of William and Mary; BA from
Boston College
© 2013 Tangoe, Inc.
2
4. Definitions: Unlocking
• Enables a device to work on a wireless carrier other than the one device
was purchased from
•
If an AT&T iPhone were unlocked, it could be used on T-Mobile USA's network
• In October, the U.S. Library of Congress invalidated a copyright
exemption in the Digital Millennium Copyright Act for unlocking
cell phones
• Unlocking a device is potentially illegal, unless authorized
by a carrier
• Civil fines range from $200 to $2,500 per unlock
• Criminal penalties up to $500,000 and five years in jail.
• http://bits.blogs.nytimes.com/2013/01/25/cellphone-unlock-dmca/
• Unauthorized unlocking requires the device to be jailbroken
© 2013 Tangoe, Inc.
4
5. Definitions: Jailbreak
• Pertains to iOS devices
• Allows applications not approved by Apple to be downloaded from any
source
• Removes the security controls which prevent access to data on a device by
unauthorized people and applications
• Process of removing the sandbox protections that Apple places in its iOS
products
• Enables users to access files they normally wouldn't be permitted to, which
opens up all sorts of possibilities for customizing an iOS system
• Many technically inclined users loathe being
locked into a sandboxed device
© 2013 Tangoe, Inc.
5
6. Definitions: Root
• Pertains to Android devices
• Android, unlike Apple, is an open source operating system
• Android out of the box allows users to install 3rd party apps (also known as
sideloading)
• User can install themes
• Allows the install of applications directly from SD card or internal memory of
device
• Everything IOS users hope to accomplish with jailbreaking is basic functionality
within Android
• Rooting overcomes limitations carriers and OEMS put
on devices (skins, etc.)
• COMPLETELY remove and replace the entire
operating system of the device
© 2013 Tangoe, Inc.
6
7. What Has Been Reported to be Illegal
• Unlocking without carrier permission
• A common example….
• Use device as an Internet hotspot
• Switch to a local carrier when traveling overseas to avoid roaming charges
• In Europe, unlocked phones function as you might expect.
• You buy a phone and obtain a SIM card from the network you have chosen, and the phone
registers on that network
• Want to change networks? Get a different SIM and swap it out
• Why does this work?
•
Network operators share the same three portions of the spectrum and support GSM
(3G) and LTE (4G).
• In the U.S. carriers enable different features on their smartphones
• Support differentiated mobile experiences
• Support competing 3G and 4G wireless communication
standards at different spectrum frequencies
© 2013 Tangoe, Inc.
7
8. Key Takeaways: Unlocking
• New carrier = non-optimized usage rates
• Unlocking can also interfere with your phone‟s settings
• Features previously enabled will not likely function
• Phone warranty voided
• Jailbreaking attracts malware and decrypts data
• This law does not eliminate the practice of unlocking phones
• Does not prevent unlocked phones from entering corporate networks
• Organization may be held liable for an employee‟s unlocked device
© 2013 Tangoe, Inc.
8
9. Key Takeaways: Jailbreak vs. Rooted
• Sandbox protection for apps is removed
• Every app can get to everything
• iOS and Android apps designed not to share data
• Jailbreaking decrypts data on the device
• Bypasses device password
• Android app developers can store data in cipher text (optional)
•
If not, encrypted device data may be stored in plain text if you PC synch
• Jailbroken vs. rooted
• iOS: apps must utilize the Data Protection APIs to maintain encryption
•
Password protection enables data encryption
•
NSS Labs: possible to jailbreak an iOS device and completely bypass the passcode
•
Jailbroken phones are more vulnerable to malware
• Android: device password enables full file system encryption
•
Modifying the bootloader or OS is not sufficient to access data without the password
•
Rooting decrypts all data. Google recommends an OEM hardware solution
© 2013 Tangoe, Inc.
9
10. Risks and Mitigation
• Device is lost or stolen
• Exposed data…all of it
• SMS/iMessage texts
• Address book, calendar, email….
• VPN
• Secure communication but is the device secure?
• Access to enterprise resources
• Need mobile anti-virus
• Mitigate risks
• Monitor with automatic policy response
•
Carrier and application
• Mobile content management
• Containerization
• ABQ
© 2013 Tangoe, Inc.
10
11. Secure Mobile Content Management
• Enforce security for
device-based
Corporate
Document
Stores
access
• Manage distribution
authority
• Enforce DLP via
cut/paste features
• Manage document
Native, 3rd
Party
Editing
Tools
Mobile
Content
Management
version control &
redundancy
Device
Continuum
© 2013 Tangoe, Inc.
Simple,
Private
File
Sharing
12. Mobile Device Containerization
Tap to access Divide
•
•
•
Enter passcode
Get to work!
•
•
•
Personal phone, SMS and web
Choice of device, services
Freedom & privacy
Data security
Enterprise apps & services
Easy to manage and control
• Separate corporate data from personal data
• Allow „personal data‟ to co-exist
• Provide controls over corporate data
© 2013 Tangoe, Inc.
12
13. Secure Network Access: THE BYOD Solution
• Real-time detection and enforcement
• Detect and quarantine unknown devices
• Self-Service Device Enrollment Modules
• Guest Access Management
• Non-Browser Device Registration
• MDM Policy Enforcement
• MDM Self-Registration process integrated with NAC-based Policy
Enforcement
• NAC-based MDM Policy Enforcement and Remediation Messaging
13
© 2013 Tangoe, Inc.
14. Summary
• Terms and conditions should clearly describe the penalties for unlocking
• Know your environment
• SANS Institute IT Survey: 9% are “fully aware” of all mobile devices on their network
• Lifecycle of smartphones and tablets is very short: 12 – 18 months
• Do not be fooled…if no controls, there is sensitive data on the device
• Make (sustainable) decisions
• If you do not define policy, employees will
• Never store confidential corporate data on an unencrypted device
• No corporate business through the use of personal accounts
• Prohibit sending emails from your corporate address to private email accounts
• Lock down any device assigned to an employee, including remote wipe
• Secure communication to the device
• Block device access to ActiveSync for non-compliance
• Have a recycling program
© 2013 Tangoe, Inc.
14
15. Questions and Contacts
Troy Fulton
Director, Product Marketing
Troy.Fulton@tangoe.com
Tangoe
203.859.9300
info@tangoe.com
www.tangoe.com
© 2013 Tangoe, Inc.
15