2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	345/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 341 342 343 344 345 346 347 348 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

mobile devices
present an ever-increasing security risk as they
become more and more capable of interacting with the internet as well as corporate net-
works. When personally owned devices are allowed to enter and leave a secured facility
without limitation, oversight, or control, the potential for harm is signifi cant.
Malicious insiders can bring in malicious code from outside on various storage devices,
including mobile phones, audio players, digital cameras, memory cards, optical discs, and
Universal Serial Bus (USB) drives. These same storage devices can be used to leak or steal
internal confi dential and private data in order to disclose it to the outside world. (Where do
you think most of the content on WikiLeaks comes from?) Malicious insiders can execute
malicious code, visit dangerous websites, or intentionally perform harmful activities.
A device owned by an individual can be referenced using any of these
terms: portable device, mobile device, personal mobile device (PMD), per-
sonal electronic device or portable electronic device (PED), and personally
owned device (POD).
Mobile devices often contain sensitive data such as contacts, text messages, email, and
possibly notes and documents. Any mobile device with a camera feature can take pho-
tographs of sensitive information or locations. The loss or theft of a mobile device could
mean the compromise of personal and/or corporate secrets.
Mobile devices are common targets of hackers and malicious code. It’s important to
keep nonessential information off portable devices, run a fi rewall and antivirus product (if
available), and keep the system locked and/or encrypted (if possible).
Many mobile devices also support USB connections to perform synchronization of com-
munications and contacts with desktop and/or notebook computers as well as the transfer
of fi les, documents, music, video, and so on.
Additionally, mobile devices aren’t immune to eavesdropping. With the right type of
sophisticated equipment, most mobile phone conversations can be tapped into—not to
mention the fact that anyone within 15 feet can hear you talking. Be careful what you dis-
cuss over a mobile phone, especially when you’re in a public place.
A wide range of security features are available on mobile devices. However, support for
a feature isn’t the same thing as having a feature properly confi gured and enabled. A secu-
rity benefi t is gained only when the security function is in force. Be sure to check that all
desired security features are operating as expected on your device.

366
Chapter 9
■
Security Vulnerabilities, Threats, and Countermeasures
android
Android is a mobile device OS based on Linux, which was acquired by Google in 2005. In
2008, the first devices hosting Android were made available to the public. The Android
source code is made open source through the Apache license, but most devices also
include proprietary software. Although it’s mostly intended for use on phones and tablets,
Android is being used on a wide range of devices, including televisions, game consoles,
digital cameras, microwaves, watches, e-readers, cordless phones, and ski goggles.
The use of Android in phones and tablets allows for a wide range of user customiza-
tion: you can install both Google Play Store apps as well as apps from unknown external
sources (such as Amazon’s App Store), and many devices support the replacement of
the default version of Android with a customized or alternate version. However, when
Android is used on other devices, it can be implemented as something closer to a static
system.
Whether static or not, Android has numerous security vulnerabilities. These include
exposure to malicious apps, running scripts from malicious websites, and allowing inse-
cure data transmissions. Android devices can often be rooted (breaking their security and
access limitations) in order to grant the user full root-level access to the device’s low-level
configuration settings. Rooting increases a device’s security risk, because all running
code inherits root privileges.
Improvements are made to Android security as new updates are released. Users can
adjust numerous configuration settings to reduce vulnerabilities and risks. Also, users
may be able to install apps that add additional security features to the platform.
iOS
iOS is the mobile device OS from Apple that is available on the iPhone, iPad, and Apple
TV. iOS isn’t licensed for use on any non-Apple hardware. Thus, Apple is in full control of
the features and capabilities of iOS. However, iOS is not an example of a static environ-
ment, because users can install any of over two million apps from the Apple App Store.
Also, it’s often possible to jailbreak iOS (breaking Apple’s security and access restric-
tions), allowing users to install apps from third parties and gain greater control over low-
level settings. Jailbreaking an iOS device reduces its security and exposes the device to
potential compromise. Users can adjust device settings to increase an iOS device’s secu-
rity and install many apps that can add security features.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 341 342 343 344 345 346 347 348 ... 881