2 cissp ® Official Study Guide Eighth Edition

Assess and Mitigate Vulnerabilities in Mobile Systems 
367
properly configured. Be sure to consider the security options of a new device before you 
make a purchase decision.
Full Device Encryption
Some mobile devices, including portable computers, tablets, and mobile phones, may offer 
device encryption. If most or all the storage media of a device can be encrypted, this is usu-
ally a worthwhile feature to enable. However, encryption isn’t a guarantee of protection 
for data, especially if the device is stolen while unlocked or if the system itself has a known 
backdoor attack vulnerability.
Voice encryption may be possible on mobile devices when Voice over Internet Protocol 
(VoIP) services are used. VoIP service between computer-like devices is more likely to offer 
an encryption option than VoIP connections to a traditional landline phone or typical 
mobile phone. When a voice conversation is encrypted, eavesdropping becomes worthless 
because the contents of the conversation are undecipherable.
Remote Wiping
It’s becoming common for a 
remote wipe
or 
remote sanitation
to be performed if a device 
is lost or stolen. A remote wipe lets you delete all data and possibly even configuration set-
tings from a device remotely. The wipe process can be triggered over mobile phone service 
or sometimes over any internet connection. However, a remote wipe isn’t a guarantee of 
data security. Thieves may be smart enough to prevent connections that would trigger the 
wipe function while they dump out the data. Additionally, a remote wipe is mostly a dele-
tion operation. The use of an undelete or data recovery utility can often recover data on 
a wiped device. To ensure that a remote wipe destroys data beyond recovery, the device 
should be encrypted. Thus, the undelete operation would only be recovering encrypted 
data, which the attacker would be unable to decipher.
Lockout
Lockout on a mobile device is similar to account lockout on a company workstation. When 
a user fails to provide their credentials after repeated attempts, the account or device is dis-
abled (locked out) for a period of time or until an administrator clears the lockout flag.
Mobile devices may offer a lockout feature, but it’s in use only if a screen lock has been 
configured. Otherwise, a simple screen swipe to access the device doesn’t provide sufficient 
security, because an authentication process doesn’t occur. Some devices trigger ever longer 
delays between access attempts as a greater number of authentication failures occur. Some 
devices allow for a set number of attempts (such as three) before triggering a lockout that 
lasts minutes. Other devices trigger a persistent lockout and require the use of a different 
account or master password/code to regain access to the device.

Download 19,3 Mb.

Do'stlaringiz bilan baham: