BYOD Security in a Modern Enterprise
Mobile devices have invaded the enterprise like never before. Today's workforce demands not just mobile devices, but in many cases, "Bring Your Own Device" (BYOD) support from their IT departments. Supporting the functional needs of the employees with their BYOD devices and maintaining enterprise security has become one of the biggest IT Security challenges of the 2010s.
This class starts by taking a deep and hands-on look at the problems surrounding BYOD/mobile devices on Google Android as well as Apple iOS devices (iPhone, iPad). Students will learn how to do static analysis of mobile apps to look for common security weaknesses such as: weak protection of sensitive user data stored on the mobile device, finding embedded secrets in the mobile app, exploring side-channel information leakage.
Next, students will learn how to do dynamic analysis of mobile apps to look for common security weaknesses such as: leaking information through key logs, screen shots, and other side-channels, inadequate (or no) use of SSL/TLS to encrypt sensitive data transiting through the network.
From there, the class looks at how to securely configure Android and iOS devices to maximize their security. Students will use available tools to lock down the security configuration on Android as well as iOS devices.
Lastly, the class looks at available product solutions for managing large fleets of mobile devices. Students will learn what products are available for doing central management of enterprise BYOD deployments. Product features and capabilities will be compared and contrasted, so students will be able to effectively decide which product(s) best suit their organizational needs and how to select them.
Policy implications are also discussed so that students have a realistic outlook of what to expect when deploying Mobile Management products.
What you will learn
- A realistic understanding of the risks associated with mobile devices in the enterprise
- How to statically analyze and review a mobile app's weaknesses
- How to dynamically analyze and review a mobile app's weaknesses
- How to securely configure an Android or iOS mobile device
- How to manage the security of a large enterprise fleet of Android and/or iOS devices
- Present a clear picture of the problems associated with mobile devices in the enterprise
- A threat/risk model of mobile devices
- Tools used for static and dynamic analysis of mobile apps and devices
- Static analysis of a real world iOS app
- Static analysis of a real world Android app
- Dynamic analysis of a real world iOS app
- Dynamic analysis of a real world Android app
- Building a security configuration profile for iOS apps using the iPhoneConfigurator utility
- Securing an Android device
- Overview of available Mobile Device Management products available in the market
- Feature comparison of popular MDM products
- How to best select an effective MDM product solution