Securing Mobile Device & Protecting Data

Ace your homework & exams now with Quizwiz!

Data at Rest

It is any data stored on media (hard drives, mobile phones, USB flash drives, external drives and backups). The best way to protect data-at-rest >> Encrypt it

Data in Use

It refers to any data that resides in temporary memory. Applications retrieve stored data, process it, and may either save it back to storage or send it over the network. The application is responsible for protecting data in use. Confidentiality is primarily protected through encryption and strong access controls.

5.2.1.1 File-Level Encryption

Many OS support file and folder-level encryption. Linux systems support GNU privacy guard (gpg) -> command line tool used to encrypt and decrypt files with a password Microsoft -> Encrypting File System (EFS) Benefits of file-level encryption: • You can encrypt individual files without encrypting the entire disk Issues of file-level encryption: • Encryption can be lost if an authorized user copies encrypted files to another disk that doesn't support encryption •The solution to this is to do whole device/full disk encryption

What is MDM?

Mobile Device Management - Include technologies to manage mobile devices such as smartphones and tablets Mobile device management tools help ensure systems are up-to-date with current patches and have up-to-date antivirus installed. These tools often block devices that are not up-to-date. Goal: To ensure these devices have similar security methods in place as desktop computers

RFID

Radio-frequency identification (RFID) methods - often used for inventory controls

5.2.2.1.2 Storage Root Key

The TPM creates the storage root key when a user adds the TPM owner password and activates the TPM. TPM use this key to create and protect other encryption keys used within applications.

TPM

Trusted Platform Module - hardware chip on the computer's motherboard that stores cryptographic keys used for encryption Has a unique Rivest, Shamir, Adleman (RSA) key burned into the chip • Used for asymmetric encryption Once enable -> provides full disk encryption capabilities -> Keeps hard drives locked (or sealed) until the system completes a system verification and authentication process A Trusted Platform Module (TPM) - a hardware chip on the motherboard, included on many newer laptops It provides full disk encryption. • Includes a unique RAS asymmetric key • When a user activates TPM -> TPM creates a Storage Root Key and store other cryptographic keys

How does BitLocker use TPM?

• BitLocker uses TPM to detect tampering of any critical OS files or processes as part of a platform verification process • The drive remains locked until the platform verification and user authentication processes are complete

TPMs use 3 categories of encryption keys:

• Endorsement key • Storage root key • Application key

How does data exfiltration happen?

•Attackers take control of systems and transfer data outside an organization using malware •Malicious insiders can also transfer data

3 most common data categories

•Data at rest •Data in transit •Data in use

TPM vs HSM

•HSMs are removable or external devices •TPMs are chips embedded into the motherboard •Both provide secure encryption capabilities by storing and using RSA keys

What can a DLP do to protect data?

•Scan the text of all emails and contents of attached files •Has the ability to scan for PII •Scan the content of other traffic, such as FTP and HTTP

Data exfiltration:

•The unauthorized transfer of data outside an organization •A significant concern with data leakage

UTM

•Unified Threat Management • A UTM is a device that is a switch, router and firewall into one device

network-based DLP system

A network-based DLP system can examine and analyze network traffic. •Can detect if confidential data or PII is included in email and reduce the risk of internal users emailing sensitive data outside the organization

AUP

ACCEPTABLE USE POLICY - o Issues about BYOD should be address in the Acceptable Use Policy o It describes user's responsibilities when using an organization's IT resources

5.2.1.3 Encrypting Database Content

Another form of software-based encryption It is more common to encrypt the data held within a database instead of encrypting the entire database. -> protects sensitive data -> Use less processing power It is possible to encrypt the entire database.

6.1.2 Endpoint Protection

Another method of preventing data loss is by restricting use of hardware at the computer (endpoint). Any portable devices: • USB flash drives • External hard drives • MP3 players >> can prevent users from copying or printing sensitive data A DLP solution is more selective. It can prevent a user from copying or printing files with specific content. Ex: The DLP solution can prevent users from copying, printing or scanning any classified documents marked with a label of "Confidential."

DLP

Data Loss Prevention (DLP) techniques examine and inspect data looking for unauthorized data transmission. DLP systems can be: • Network-based -> to inspect data in motion • Storage-based -> to inspect data at rest • Endpoint-based -> to inspect data in use

Mobile device security includes:

Device encryption -> to protect the data Screen locks -> to help prevent unauthorized access Remote wipe capabilities -> to delete all data on a lost device

6.1.1 Data in Motion

Different types of content filters used in unified threat management (UTM) devices (such as web security gateways). • UTM devices -> monitor incoming data streams looking for malicious code • A Network-based DLP -> monitors outgoing data looking for sensitive data

5.2.1.2 Full Disk Encryption

Full disk encryption programs encrypt an entire disk. E.g., TrueCrypt

HSM

Hardware Security Module HSM is a security device you can add to a system to manage, generate and securely store cryptographic keys. High-performance HSMs - external devices connected to a network using TCP/IP Smaller HSMs - come as expansion cards you install within a server, or as devices you plug into computer ports HSM - a removable or external device that can generate, store and manage RSA keys used in asymmetric encryption. Many server-based applications use an HSM to protect keys.

MDM tools include:

Patch management Antivirus management Application control o Can restrict what applications can run on mobile devices o Often use application whitelists to control the applications

Primary methods of protecting the confidentiality of data

Primary methods of protecting the confidentiality of data (including data at rest and data in transit) are encryption and strong access controls.

Software-Based Encryption

Software-based encryption - can encrypt individual files and folders, entire disks, removable media, mobile devices, and databases.

5.2.2 Hardware-Based Encryption

Software-based encryption has several drawback -> • it takes extra processing power and time • It isn't useful when large quantity of data, such as the entire disk, needs to be encrypted Examples of Hardware-based Encryption Devices: • Trusted Platform Module • Hardware security module

What is the security concern for: storage segmentation?

Some mobile devices have the possibility to segment storage of data

5.2.2.1.1 Endorsement key

The manufacturer embeds an endorsement key into the TPM. This key stays with the TPM throughout its lifetime.

5.2.2.1.3 Application Keys

These keys are derived from the storage root key Applications use them to encrypt disks. Example: Microsoft BitLocker uses an application key to encrypt entire disks. If a system includes a TPM, you can use an application within the OS to enable it. E.g., Many Microsoft systems include BitLocker, which you can enable for systems that include the TPM

What is the security concern for: removable storage?

o USB thumb drives and other removable storage devices are source of data leakage and malware distribution -> security policy often restrict the use of USB thumb drives and other portable devices (e.g., ipod) o Using strong encryption of devices -> can be effective at protecting the confidentiality of the data

Off-boarding

the procedures that remove the devices from the network

On-boarding

the procedures to allow users to connect their devices to the network


Related study sets

SIMPLE INTEREST, Simple Interest

View Set

Chapter 7- Federal Tax Considerations and Retirement Plans- A.D Banker

View Set

CH. 9: DERIVATIVES -- FUTURES, OPTIONS, SWAPS

View Set

Anti-Money Laundering Certificate

View Set