Presentation on theme: "Ernest Staats EDMODO -- CS3392 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+"— Presentation transcript:
Ernest Staats EDMODO -- CS3392 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+ MOBILE: BRING YOUR OWN DEVICE (BYOD) NETWORK AND SECURITY ISSUES Resources
WHY THE BUZZ? MOBILE AND BYOD The rise of mobility and the marginalization of the PC Sales of smartphones and tablets skyrocket Mobile devices are faster, Cheaper can possibly be provided by students thus reducing the IT cost…. what is the impact on the network Always with you, always on, convenience Less to break or fix 1. USA Today, Moves by HP, Google further marginalize the traditional PC. Jon Swartz. 9/6/2011.
CONSUMERIZATION IMPACT Blurring of professional/School and private life One device that serves both needs How do you address the multitude of devices? iPhone, Androids, Blackberry, Windows, etc. Now multiple tablets Netbook/Ultrabooks Cloud Security implications What are consumers expectations of network speed and access
HOW WILL MOBILE/BYOD BE USED? 50% of the mobile internet traffic in the UK is for Facebook… Facebook tops Google for weekly traffic in the U.S. Generation Y and Z consider passé… some universities have stopped distributing accounts 1 in 5 couples meet online 1 in 5 divorces are blamed on Facebook Kindergartners are learning on iPads, not chalkboards
WHERE TO START -- MOBILE/BYOD Device consistency--It is usually impossible to issue each user exactly the same type of mobile device Make sure that users are aware of mobile device policies--There is a lot of potential for abuse when it comes to mobile devices Take security seriously Anti Decide whether to allow personal devices Plan to deal with lost devicesand breakage issues Periodically measure the impact of mobile devices on your network bandwidth and network resources Make sure that the IT staff is trained for mobile device support
WHAT DOES YOUR MOBILE PHONE KNOW? Text messages, even deleted ones Words in your personal dictionary Facebook contacts Tens of thousands of location pings Every website ever visited What locations you have mapped s going back a month Your photos with geolocation data attached – even if deleted How many times you have checked your Any application ever installed on your device you-more-than-you-think/237786/
GEO TAGGING August of 2010, Adam Savage, of MythBusters, took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase off to work. The image contained metadata reveling the exact geographical location the photo. Savage revealed the exact location of his home, the vehicle he drives and the time he leaves for work. Read the full story here:
META DATA IMAGES DEMO Go to Jeffrey's Exif Viewer Photo 1 photo.JPG Where was the photo taken of the Police office was the photographer on the sidewalk or somewhere else what kind of device was used to take the photo
TURN OFF GPS FUNCTION ON PHONES
ISSUES IN BYOD AND MOBILE ENVIRONMENTS Does your AUP include Mobile devices Wireless Capacity vs. Coverage Where to start when securing mobile devices Who is responsible for device security the student, parent, or school? What security do mobile devices need? What are the policy issues to be considered? How can safe and protected internet access be ensured? How network loads can be predicted and what can be done to control the network demand / load? What security tools are available for smart phones, tablet devices and so on? What can be or should be installed on student owned devices? What are other risks to be considered?
ACCEPTABLE USE POLICY IS KEY When using a mobile devices to access the Internet students are required to connect using the K-12 Public network Mobile devices need to be on vibrate Set standards of security: Pin or Password to access device Mobile devices need to be in pockets or backpacks until it is time to use them Mobile devices can only be used in class for academic/learning purposes Any activity conducted on mobile devices in class cannot be published without permission of teacher and/or students who are involved in the text/image/video/audio file Students will use appropriate mobile device etiquette by respecting the privacy of other's device numbers and using appropriate language with their mobile communication. https://schoolweb.dysart.org/EdTech/Content.aspx?conID=479 On Edmodo Acceptable Use Policies Web 20 Mobile Era.pdf
WIFI COVERAGE VS. CAPACITY Client Type # of Clients per /AP Examples Data Laptops, tablet PCs, Mobile Carts, Voice Wireless VoIP Phones, Nurse Badges Coverage or Capacity Making the best use of N Deploying High Capacity WIFI PDFs On Edmodo Coverage does not grantee access especially with mobile devices Drop your Radios strength & add more APs Directional vs. Omni antennas
HACKING IS NOW SO EASY A CHIMP CAN DO IT Software demonstrated -- Use entirely at your own risk and get Permission first Ernest is not responsible for any subsequent loss or damage whatsoever! This knowledge is intended to be used responsibly so we can provide academic environments that are secure, safe and accessible
HACKING FOR THE MASSES Anti app-- Finds open networks and shows all potential target devices. The app offers up a simple menu with commands like "Man-In-The-Middle" to eavesdrop on local devices, or even "Attack"; Put student mobile devices on a separate VLAN with strict policy's in place (ACLs
WIFI BEST PRACTICES Use a WIDS solution to monitor for rogue APs in both the 2.4 GHz and 5 GHz spectrum bands. Periodically monitor for rogue APs in both the 2.4 GHz and 5 GHz spectrum bands by using a handheld monitor in areas where there is little or no wireless coverage. Use auditing techniques on the wired network to discover intruders on the wireless network. For example, accept Dynamic Host Control Protocol (DHCP) requests only from authorized network devices.DHCP This technique will block rogue APs from receiving an IP address and alert the network manager to potential intruders. Train employees not to connect to any ad hoc WLANs.v
WIFI BEST PRACTICES II If 802.1X is deployed for the wired network, use 802.1X with EAP to provide mutual authentication of users and authentication servers. Schools should use one of the following EAP types: TLS, TTLS, PEAP or FAST. Note that EAP-TLS requires certificates on both the supplicant and the authentication server. If 802.1X is not deployed for the wired network, use IPsec or SSL (if supported by school applications) to provide mutual authentication of users and authentication servers. Authenticate guests through a captive portal webpage and monitor usage.
NETWORK MANAGEMENT Modify the default SSID to an enterprise-specific name. Use a controller-based WLAN system instead of autonomous APs. A WLAN system provides a management focal point and reduces the number of attack points in the network. Improve access to WLAN hardware using strong passwords. Change passwords periodically. Disable wireless-side management access to wireless APs and controllers. Frequently monitor vendor software updates and promptly apply patches that improve network security. Use (SNMP) v3, Secure Shell (SSH), and SSL Restrict wired-side AP/controller access to certain IP addresses, subnets or VLANs.
TABLET BEST PRACTICES · Device lock: enable native device authentication (PIN, password, pattern) · Anti-theft measures: Many tablets support remote lock or data wipe … use of tablet "find me" services can also raise privacy concerns. · Over-the-air encryption: All tablets can secure Web and with SSL/TLS, Wi-Fi with WPA2, and corporate data with mobile VPN clients.mobile VPN · Stored data protection: Hardware and mobile OS support for stored data encryption varies. · Mobile application controls: Many downloaded apps require access to sensitive data and features, understand what apps have control to what data (Block iTunes on VPN) · Anti-malware: Tablets are not shipped with on-board anti-virus, anti-spam, intrusion detection, or firewall apps. · Device management: For visibility, policy configuration, app provisioning, schools can centrally manage tablets, no matter who owns them.
BEST PRACTICE FOR SCHOOL OWNED DEVICES Enforce strong passwords for mobile device access and network access. Automatically lock out access to the mobile device after a predetermined number of incorrect passwords (typically five or more).strong passwords Perform a remote wipe (e.g., reset the device back to factory defaults) when a mobile device is lost, stolen, sold, or sent to a third party for repair. Perform a remote wipe Perform a periodic audit of security configuration and policy adherence. Ensure that mobile device settings have not been accidentally or deliberately modified. Encrypt local storage, including internal and external memory (e.g., secure digital cards).secure digital cards Enforce the use of virtual private network (VPN) connections between the mobile device and enterprise servers.virtual private network (VPN) Enforce the same wireless security policies for laptops and smartphones. Perform regular backup and recovery of confidential data stored on mobile devices. Perform centralized configuration and software upgrades "over the air" rather than relying on the user to connect the device to a laptop/PC for local synchronization.
MOBILE SECURITY MANAGEMENT User authentication: How will you authenticate users before granting access to mobile devices? Some MDMs can be integrated with enterprise directories while addressing mobile needs like network-disconnected authentication. Password policy enforcement: How many login attempts will you allow before requiring reset? Can emergency calls bypass authentication? Many MDM agents can enforce these and other password policies that go beyond OS-provided PINs. Remote device wipe: Do you need the ability to wipe clean a remote mobile device? For example, an MDM can often delete data or hard-reset a lost smartphone on next server connect or upon receipt of an SMS "kill pill." White/black lists: An MDM involved in software management may require certain business applications and ban other applications. Similarly, an MDM that controls device settings can help you disable risky interfaces and wireless options. Secure communication: How will sensitive MDM traffic (e.g., configuration changes, software packages) be protected? Some MDMs provide their own secure channels rather than relying on OS or third-party protocols.
MOBILE SOFTWARE DISTRIBUTION Software packages: How will you bundle related applications for purposes of configuration and delivery? MDMs can help you define and deploy those packages, helping to resolve platform, memory, and application dependencies. Package distribution: Do you want software to be pushed to devices (on schedule) or pulled by periodic device polls? Push can propagate updates faster but requires more frequent communication that drains handheld battery life. Mobile optimizations: Must your strategy accommodate unreliable or limited WANs? Some MDMs offer compression, incremental updates, and bandwidth management (attempting or resuming installation only over fast, low-cost links). Change control: How often will your mobile applications need patching or update? Define how deployed packages will be maintained so that changes are applied without resulting in user pain or weeks of effort to fix failed updates.
SECURITY ISSUES Inherent trust. Its MY PHONE. Portability is a benefit and a risk Controls if lost Lock/Erase? Implications of erasing personal data PIN security – secure or easy to do 1 handed What is resident in memory? Malware – whole new breed of malware and products Malicious apps Increasing How do you write secure apps? Social engineering providers – value of OOB communication Where did my app come from ? What is a trusted source?
DECISIONS Issued device (simplicity, consistency & cost) vs. What Do Users Want Multiple device protection costs more What is needed for work? Impact of Innovation and Agility on what need Look at what OSs need to support (OSX, Android, RIM, Windows Mobile, Symbian, WebOS) Asset Management issues Tracking Assuring consistency of controls Policy – issue X. If you want to use something else then these rules apply…
OTHER CONSIDERATIONS Enrollment Experience User self-enrollment – ease of use is critical. Password/PIN policy decisions Push capabilities turned on Location services always on – battery impact Jailbreak enforcement Application blacklisting? Encryption requirements
EDUCATION IMPLICATIONS What is the planned education use? Internal apps? Who develops? Security issues Use of external apps? Same issues Build apps for parents? All above How to assure Quality & Security? Anticipate high demand Ease of use and convenience will create rapid adoption eBay example
BOTTOM LINE Educate users Dont divulge personal information. Only friend real friends. Stay away from the games and surveys. If it is too good to be true, it probably is. Use common sense! Wall off apps that are unacceptable to your organization. Use software to help secure devices.
Its all about how this links to that links to some other thing… ANTI-SOCIAL NETWORKS The Pentagon is asking scientists to figure out how to detect and counter propaganda on social media networks in the aftermath of Arab uprisings driven by Twitter and Facebook
FACEBOOK CONTENT & SPYING Recently Facebook had both hardcore and gory images due to a hack… Facebook Visualizer -- Police can make profiles about a person such as where they would most likely go if they were in trouble, where they might hide, what friends they would turn to etc... Generates animated, clickable maps of the relationships between Facebook users. Features include profile summaries, export of networks to csv files, fast search utility and storage of complete html code and download time They also have products for Myspace and YouTube.
CYBERSTALKING SITES Lullar Search for a person using name or user name Spokeo Searches lots of public Records to find information about someone KnowEm Claims to check over 500 sites to see if a given user name is taken Peek You old but still full of good info about someone
SOCIAL MEDIA SEARCH ENGINES Kurrently offers the ability to search both Facebook and Twitter in real time Kurrently Whos Talkin It searches 60 social media gateways Whos Talkin Socialmention Social Media Alerts : Like Google Alerts but for social media Socialmention Your Open Book Looks at profile status updates Your Open Book
GEOLOCATION TOOLS Cree.py Great tool for geolocating/tracking Twitter/Foursquare users. Not only pulls coordinates from the posts directly, but can grab them from the EXIF data in pictures they link to.
SCRUBBING META DATA Software Jpg and PNG metadata striper BatchPurifier LITE Doc Scrubber Websites
MOBILE PHONES PARENTAL CONTROLS Product Comparison 2010
Risky Online Behaviors Sending or posting provocative images Sharing passwords with friends Embarrassing or harassing people Posting personal information Clicking on pop-ups If it is on the Internet IT IS NOT PRIVATE
FACEBOOK IMAGES _ _30740_n.jpg inurl: inurl:
- My status, photos, and posts - Family and relationships - Photos and videos Im tagged in - Birthday - Permission to comment on your posts - Contact information Share a tagged post with friends of the friend I tag Friends Only
GOLDEN RULES TO TEACH 1.Rules from real life apply: courtesy, kindness, modesty, dignity, respect for law and others, etc. 2.Dont talk/txt / MMS strangers 3.Keep personal information private (No cell # on FB) 4.Anything posted on the internet is not private and lasts forever (including photos, videos, etc.) 5.Communicate if you encounter something uncomfortable
5 GOOD PRIVACY DOWNLOADS Ghostery is a browser extension that is available for Internet Explorer, Firefox, Chrome and Safari Web Browsers Traces Eraser provides an easy way to clear your internet history, cookies, cached files and more. Adblock Plus for Chrome a Chrome add-on that makes ads disappear and offers more than 40 filters CyberGhost VPN 2011, all web traffic is routed through an anonymised web server – server iPhone Tracker is a simple Mac OS X application that maps the information that your iPhone is recording about your movements.application
PROTECT YOUR PERSONAL INFO Avoid using discount cards to pay for anything that you want to keep private Dont send messages on an unsecured Wi-Fi network Mask your identity when you search Use search tools that can disconnect your computers identifying machine number from the search Virual Machines Pick passwords carefully Chose different usernames Read more:
REACH PEOPLE WHERE THEY ARE Let every worker in the Master's vineyard, study, plan, devise methods, to reach the people where they are. We must do something out of the common course of things. We must arrest the attention. We must be deadly in earnest. We are on the very verge of times of trouble and perplexities that are scarcely dreamed of. --Ev 122, 123
GOOGLE YOURSELF / YOUR KIDS What personal information is your child placing on blogs and personal WebPages?
FIND WHAT GOOGLE KNOWS ABOUT YOU Google search strings site:myspace.com SSN site:myspace.com birthday site:myspace.com Hate my parents 31,100 hits site:facebook.com "phone number Place name in quotation marks (use variations) First (Jon) Last Legal First (Jonathan) Last First MI Last Use groups.google.com and google.com/alerts to look for your child's name in newsgroups (address, phone number and other personal information) Go to my website for a Google search tutorial
PROTECTOR BY TASER Cell-phone locking Serious collision detection Real-time GPS tracking Unsafe driving alerts Geo-fences are boundaries on a map that generate alerts when crossed. any inbound call, text, or . Anything that comes into the child's phone would actually be routed to the parent's phone." Read more: 238.html#ixzz1Mn6tKT00http://news.cnet.com/ _ html#ixzz1Mn6tKT00
FLEXISPY Top of the range spyphone Mobile Call Tapping, listen to actual phone calls Remote Listening (Room bugging) Read all incoming and outgoing SMS Read all Call logs Know the location, Location tracking SIM Change SMS Notification
MOBILE SPY Features SMS Recording Call details Not voice recording GPS Location Log summaries Works on practically all smart phones Cost $49.97 for 3 months $69.97 for 6 months $99.97 for 12 months
OPTIONS FOR IPHONE K9 Web Protection Browser Free Trusted company Blue Coat Systems, Inc. Rated 3.5 Stars on first release Updates follow quickly Safe Eyes Mobile $20.00 Trusted company InternetSafety.com Rated 3 stars Rarely Updated
MOBISTEALTH Features Works on multiple phones The features vary by make of phone SMS Logging Call recording GPS tracking Web Browser logging Pricing 12 months- Up to $200 6 months- Up to $150 3 months- Up to $100
GOOD RESOURCES Quality and current nonprofit news service for kid-tech news. Based on the premise that informal, engaged parenting is essential to kids constructive use of technology and the Net. Provides information on how media can shape your childs development and what you can do to create a media-literate household. Provides a guide to making the Internet and Technology fun, safe, and productive. Advice and information about Internet safety for parents and teachers, plus opportunities to discuss problems and share solutions.
GOOD RESOURCES GetNetWise is a public service created by Internet industry corporations and public interest groups with the goal of having Internet users be only one click away from the resources they need to make informed decisions about their and their family's use of the Internet. Created by the National Center for Missing & Exploited Children and Boys & Girls Clubs of America, the NetSmartz Workshop is an interactive, educational safety resource to teach kids and teens how to stay safer on the Internet. Kids.us is an Internet domain where affiliated sites are regularly screened and monitored so that parents and children can trust the sites to provide educational and appropriate online fun.
GOOD RESOURCES Provides family-friendly reviews of media (TV, film, music, Web sites, games, and books) and parent tips on healthy media diets for families. Run by the author of Net-mom's Internet Kids & Family Yellow Pages, a family-friendly directory to 3,500 of the best children's resources the Internet has to offer, this site highlights good sites for kids and provides safety tips for parents
COMMON CHAT TERMS POS --Parents are looking over my shoulder POTS -- Parents over the shoulder (my parents are watching; I can't really talk) P My parents are in the room. P = Parents, and 911 = emergency; in other words, either drop the subject or watch the language WTGP-- Want to go private? (move to a private chat room) a/s/l or asl - - Age/Sex/Location -- (used to ask a chatter their personal information) GGOH --Gotta get outta here OLL --Online love GTR --Got to run TNT --'Til next time LMIRL -- Let's meet in real life
SOFTWARE RECOMMENDATION SITES The Safe Side – Stranger Safety Video Darkness to Light – 7 Steps to Protecting Our Children Cyberbully Resources Google Alerts National Center for Missing and Exploited Children Son, Call Me Big Brother Download your fav apps all at once Family Watchdog – National Sex Offender Search
SOFTWARE RECOMMENDATION SITES Search for your local FBI field office A Parent's Guide to Internet Safety Kidz Privacy CyberTip Line, National Center for Missing and Exploited Children Safe Surfing with your Family, Safe Surfing Checklist Safeguards, Computer safety tips for your home and child Tips for Parents to Protect Children from Internet Predators, Guidelines for Parents Kids Rules for Online Safety Rules in Cyberspace Cyberbullying Chat Slang NetLingo
RESOURCES All resources and more at my website (bottom of page) Chat Abbreviation -PDF- Download Download Cleaning Your Windows Computer -PDF- Download Download Free Software for Home Users -PDF- Download Download How to Check Your Computers History -PDF- Download Download I-Educator -PDF- Download Download Internet Safety for Kids -PDF- Download Download Internet terms -PDF- Download Download Internet Safety Plan -PDF- Download Download Internet Safety Tips for Parents -PDF- Download Download Secure Mac step by Step -PDF- Download Download Tracking People around town -PDF- Download Download Internet Safety for Kids link list is very graphic has excellent resources for parents
BIBLIOGRAPHY 1.Tapscott, The N Generation, 1998: World Youth Report The Henry J. Kaiser Family Foundation Study, 3/05 4.Kaiser Family Foundation 5.Numsum Myspace Stats 6.Media Central The Buzz The National Youth Agency 9.The Search Agency 10. Internet Addiction by Wendi Kannenberg 11. Internet Safety for Kids 12. US News and World Report – Special Report- September 18, 'Predator's Playground? 14. Decoding MySpace