2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet350/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   346   347   348   349   350   351   352   353   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Removable Storage
Many mobile devices support removable storage. Some devices support microSD cards
which can be used to expand available storage on a mobile device. However, most mobile 
phones require the removal of a back plate and sometimes removal of the battery in order 
to add or remove a storage card. Larger mobile phones, tablets, and notebook computers 
may support an easily accessible card slot on the side of the device.
Many mobile devices also support external USB storage devices, such as flash drives and 
external hard drives. These may require a special on-the-go (OTG) cable.
In addition, there are mobile storage devices that can provide Bluetooth- or Wi-Fi-based 
access to stored data through an on-board wireless interface.
Disabling Unused Features
Although enabling security features is essential for them to have any beneficial effect, it’s 
just as important to remove apps and disable features that aren’t essential to business tasks 
or common personal use. The wider the range of enabled features and installed apps, the 
greater the chance that an exploitation or software flaw will cause harm to the device and/
or the data it contains. Following common security practices, such as hardening, reduces 
the attack surface of mobile devices.
Application Security
In addition to managing the security of mobile devices, you also need to focus on the appli-
cations and functions used on those devices. Most of the software security concerns on 
desktop or notebook systems apply to mobile devices just as much as common-sense secu-
rity practices do.
Key Management
Key management is always a concern when cryptography is involved. Most of the failures 
of a cryptosystem are based on the key management rather than on the algorithms. Good 
key selection is based on the quality and availability of random numbers. Most mobile 
devices must rely locally on poor random-number-producing mechanisms or access more 
robust random number generators (RNGs) over a wireless link. Once keys are created, 
they need to be stored in such a way as to minimize exposure to loss or compromise. The 

Assess and Mitigate Vulnerabilities in Mobile Systems 
371
best option for key storage is usually removable hardware or the use of a Trusted Platform 
Module (TPM), but these are rarely available on mobile phones and tablets.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   346   347   348   349   350   351   352   353   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish