Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ernest Staats EDMODO -- CS3392 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+

Similar presentations

Presentation on theme: "Ernest Staats EDMODO -- CS3392 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+"— Presentation transcript:

1 Ernest Staats EDMODO -- CS3392 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+ MOBILE: BRING YOUR OWN DEVICE (BYOD) NETWORK AND SECURITY ISSUES Resources available @

2 WHY THE BUZZ? MOBILE AND BYOD The rise of mobility and the marginalization of the PC Sales of smartphones and tablets skyrocket Mobile devices are faster, Cheaper can possibly be provided by students thus reducing the IT cost…. what is the impact on the network Always with you, always on, convenience Less to break or fix 1. USA Today, Moves by HP, Google further marginalize the traditional PC. Jon Swartz. 9/6/2011.

3 CONSUMERIZATION IMPACT Blurring of professional/School and private life One device that serves both needs How do you address the multitude of devices? iPhone, Androids, Blackberry, Windows, etc. Now multiple tablets Netbook/Ultrabooks Cloud Security implications What are consumers expectations of network speed and access

4 HOW WILL MOBILE/BYOD BE USED? 50% of the mobile internet traffic in the UK is for Facebook… Facebook tops Google for weekly traffic in the U.S. Generation Y and Z consider email passé… some universities have stopped distributing email accounts 1 in 5 couples meet online 1 in 5 divorces are blamed on Facebook Kindergartners are learning on iPads, not chalkboards

5 SOCIAL NETWORKING STATISTICS Facebook: 600 billion page views/month MySpace: 24 billion page views/month Twitter: 4.4 billion page views/month 86% of students ages 12 to 17 who have access to the Internet use social networking sites 62% use it on a daily basis (© 2011 Cable News Network7)

6 WHERE TO START -- MOBILE/BYOD Device consistency--It is usually impossible to issue each user exactly the same type of mobile device Make sure that users are aware of mobile device policies--There is a lot of potential for abuse when it comes to mobile devices Take security seriously Anti Decide whether to allow personal devices Plan to deal with lost devicesand breakage issues Periodically measure the impact of mobile devices on your network bandwidth and network resources Make sure that the IT staff is trained for mobile device support

7 WHAT DOES YOUR MOBILE PHONE KNOW? Text messages, even deleted ones Words in your personal dictionary Facebook contacts Tens of thousands of location pings Every website ever visited What locations you have mapped Emails going back a month Your photos with geolocation data attached – even if deleted How many times you have checked your email Any application ever installed on your device you-more-than-you-think/237786/

8 GEO TAGGING August of 2010, Adam Savage, of MythBusters, took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase off to work. The image contained metadata reveling the exact geographical location the photo. Savage revealed the exact location of his home, the vehicle he drives and the time he leaves for work. Read the full story here:

9 META DATA IMAGES DEMO Go to Jeffrey's Exif Viewer Photo 1 photo.JPG Where was the photo taken of the Police office was the photographer on the sidewalk or somewhere else what kind of device was used to take the photo


11 ISSUES IN BYOD AND MOBILE ENVIRONMENTS Does your AUP include Mobile devices Wireless Capacity vs. Coverage Where to start when securing mobile devices Who is responsible for device security the student, parent, or school? What security do mobile devices need? What are the policy issues to be considered? How can safe and protected internet access be ensured? How network loads can be predicted and what can be done to control the network demand / load? What security tools are available for smart phones, tablet devices and so on? What can be or should be installed on student owned devices? What are other risks to be considered?

12 ACCEPTABLE USE POLICY IS KEY When using a mobile devices to access the Internet students are required to connect using the K-12 Public network Mobile devices need to be on vibrate Set standards of security: Pin or Password to access device Mobile devices need to be in pockets or backpacks until it is time to use them Mobile devices can only be used in class for academic/learning purposes Any activity conducted on mobile devices in class cannot be published without permission of teacher and/or students who are involved in the text/image/video/audio file Students will use appropriate mobile device etiquette by respecting the privacy of other's device numbers and using appropriate language with their mobile communication. On Edmodo Acceptable Use Policies Web 20 Mobile Era.pdf

13 WIFI COVERAGE VS. CAPACITY Client Type # of Clients per /AP Examples Data 20-30 Laptops, tablet PCs, Mobile Carts, Voice 10-15 Wireless VoIP Phones, Nurse Badges Coverage or Capacity Making the best use of 802.11 N Deploying High Capacity WIFI PDFs On Edmodo Coverage does not grantee access especially with mobile devices Drop your Radios strength & add more APs Directional vs. Omni antennas

14 HACKING IS NOW SO EASY A CHIMP CAN DO IT Software demonstrated -- Use entirely at your own risk and get Permission first Ernest is not responsible for any subsequent loss or damage whatsoever! This knowledge is intended to be used responsibly so we can provide academic environments that are secure, safe and accessible

15 HACKING FOR THE MASSES Anti app-- Finds open networks and shows all potential target devices. The app offers up a simple menu with commands like "Man-In-The-Middle" to eavesdrop on local devices, or even "Attack"; Put student mobile devices on a separate VLAN with strict policy's in place (ACLs

16 WIFI BEST PRACTICES Use a WIDS solution to monitor for rogue APs in both the 2.4 GHz and 5 GHz spectrum bands. Periodically monitor for rogue APs in both the 2.4 GHz and 5 GHz spectrum bands by using a handheld monitor in areas where there is little or no wireless coverage. Use auditing techniques on the wired network to discover intruders on the wireless network. For example, accept Dynamic Host Control Protocol (DHCP) requests only from authorized network devices.DHCP This technique will block rogue APs from receiving an IP address and alert the network manager to potential intruders. Train employees not to connect to any ad hoc WLANs.v

17 WIFI BEST PRACTICES II If 802.1X is deployed for the wired network, use 802.1X with EAP to provide mutual authentication of users and authentication servers. Schools should use one of the following EAP types: TLS, TTLS, PEAP or FAST. Note that EAP-TLS requires certificates on both the supplicant and the authentication server. If 802.1X is not deployed for the wired network, use IPsec or SSL (if supported by school applications) to provide mutual authentication of users and authentication servers. Authenticate guests through a captive portal webpage and monitor usage.

18 NETWORK MANAGEMENT Modify the default SSID to an enterprise-specific name. Use a controller-based WLAN system instead of autonomous APs. A WLAN system provides a management focal point and reduces the number of attack points in the network. Improve access to WLAN hardware using strong passwords. Change passwords periodically. Disable wireless-side management access to wireless APs and controllers. Frequently monitor vendor software updates and promptly apply patches that improve network security. Use (SNMP) v3, Secure Shell (SSH), and SSL Restrict wired-side AP/controller access to certain IP addresses, subnets or VLANs.

19 TABLET BEST PRACTICES · Device lock: enable native device authentication (PIN, password, pattern) · Anti-theft measures: Many tablets support remote lock or data wipe … use of tablet "find me" services can also raise privacy concerns. · Over-the-air encryption: All tablets can secure Web and email with SSL/TLS, Wi-Fi with WPA2, and corporate data with mobile VPN VPN · Stored data protection: Hardware and mobile OS support for stored data encryption varies. · Mobile application controls: Many downloaded apps require access to sensitive data and features, understand what apps have control to what data (Block iTunes on VPN) · Anti-malware: Tablets are not shipped with on-board anti-virus, anti-spam, intrusion detection, or firewall apps. · Device management: For visibility, policy configuration, app provisioning, schools can centrally manage tablets, no matter who owns them.

20 BEST PRACTICE FOR SCHOOL OWNED DEVICES Enforce strong passwords for mobile device access and network access. Automatically lock out access to the mobile device after a predetermined number of incorrect passwords (typically five or more).strong passwords Perform a remote wipe (e.g., reset the device back to factory defaults) when a mobile device is lost, stolen, sold, or sent to a third party for repair. Perform a remote wipe Perform a periodic audit of security configuration and policy adherence. Ensure that mobile device settings have not been accidentally or deliberately modified. Encrypt local storage, including internal and external memory (e.g., secure digital cards).secure digital cards Enforce the use of virtual private network (VPN) connections between the mobile device and enterprise servers.virtual private network (VPN) Enforce the same wireless security policies for laptops and smartphones. Perform regular backup and recovery of confidential data stored on mobile devices. Perform centralized configuration and software upgrades "over the air" rather than relying on the user to connect the device to a laptop/PC for local synchronization.

21 MOBILE SECURITY MANAGEMENT User authentication: How will you authenticate users before granting access to mobile devices? Some MDMs can be integrated with enterprise directories while addressing mobile needs like network-disconnected authentication. Password policy enforcement: How many login attempts will you allow before requiring reset? Can emergency calls bypass authentication? Many MDM agents can enforce these and other password policies that go beyond OS-provided PINs. Remote device wipe: Do you need the ability to wipe clean a remote mobile device? For example, an MDM can often delete data or hard-reset a lost smartphone on next server connect or upon receipt of an SMS "kill pill." White/black lists: An MDM involved in software management may require certain business applications and ban other applications. Similarly, an MDM that controls device settings can help you disable risky interfaces and wireless options. Secure communication: How will sensitive MDM traffic (e.g., configuration changes, software packages) be protected? Some MDMs provide their own secure channels rather than relying on OS or third-party protocols.

22 MOBILE SOFTWARE DISTRIBUTION Software packages: How will you bundle related applications for purposes of configuration and delivery? MDMs can help you define and deploy those packages, helping to resolve platform, memory, and application dependencies. Package distribution: Do you want software to be pushed to devices (on schedule) or pulled by periodic device polls? Push can propagate updates faster but requires more frequent communication that drains handheld battery life. Mobile optimizations: Must your strategy accommodate unreliable or limited WANs? Some MDMs offer compression, incremental updates, and bandwidth management (attempting or resuming installation only over fast, low-cost links). Change control: How often will your mobile applications need patching or update? Define how deployed packages will be maintained so that changes are applied without resulting in user pain or weeks of effort to fix failed updates.

23 SECURITY ISSUES Inherent trust. Its MY PHONE. Portability is a benefit and a risk Controls if lost Lock/Erase? Implications of erasing personal data PIN security – secure or easy to do 1 handed What is resident in memory? Malware – whole new breed of malware and products Malicious apps Increasing How do you write secure apps? Social engineering providers – value of OOB communication Where did my app come from ? What is a trusted source?

24 DECISIONS Issued device (simplicity, consistency & cost) vs. What Do Users Want Multiple device protection costs more What is needed for work? Impact of Innovation and Agility on what need Look at what OSs need to support (OSX, Android, RIM, Windows Mobile, Symbian, WebOS) Asset Management issues Tracking Assuring consistency of controls Policy – issue X. If you want to use something else then these rules apply…

25 OTHER CONSIDERATIONS Enrollment Experience User self-enrollment – ease of use is critical. Password/PIN policy decisions Push capabilities turned on Location services always on – battery impact Jailbreak enforcement Application blacklisting? Encryption requirements

26 EDUCATION IMPLICATIONS What is the planned education use? Internal apps? Who develops? Security issues Use of external apps? Same issues Build apps for parents? All above How to assure Quality & Security? Anticipate high demand Ease of use and convenience will create rapid adoption eBay example

27 BOTTOM LINE Educate users Dont divulge personal information. Only friend real friends. Stay away from the games and surveys. If it is too good to be true, it probably is. Use common sense! Wall off apps that are unacceptable to your organization. Use software to help secure devices.

28 Its all about how this links to that links to some other thing… ANTI-SOCIAL NETWORKS The Pentagon is asking scientists to figure out how to detect and counter propaganda on social media networks in the aftermath of Arab uprisings driven by Twitter and Facebook

29 FACEBOOK CONTENT & SPYING Recently Facebook had both hardcore and gory images due to a hack… Facebook Visualizer -- Police can make profiles about a person such as where they would most likely go if they were in trouble, where they might hide, what friends they would turn to etc... Generates animated, clickable maps of the relationships between Facebook users. Features include profile summaries, export of networks to csv files, fast search utility and storage of complete html code and download time They also have products for Myspace and YouTube.

30 CYBERSTALKING SITES Lullar Search for a person using email name or user name Spokeo Searches lots of public Records to find information about someone KnowEm Claims to check over 500 sites to see if a given user name is taken http://knowem.com Peek You old but still full of good info about someone

31 SOCIAL MEDIA SEARCH ENGINES Kurrently offers the ability to search both Facebook and Twitter in real time Kurrently Whos Talkin It searches 60 social media gateways Whos Talkin Socialmention Social Media Alerts : Like Google Alerts but for social media Socialmention Your Open Book Looks at profile status updates Your Open Book

32 GEOLOCATION TOOLS Great tool for geolocating/tracking Twitter/Foursquare users. Not only pulls coordinates from the posts directly, but can grab them from the EXIF data in pictures they link to.

33 SCRUBBING META DATA Software Jpg and PNG metadata striper BatchPurifier LITE Doc Scrubber Websites


35 Risky Online Behaviors Sending or posting provocative images Sharing passwords with friends Embarrassing or harassing people Posting personal information Clicking on pop-ups If it is on the Internet IT IS NOT PRIVATE


37 FACEBOOK IMAGES 275469_100001925656445_30740_n.jpg inurl:100001925656445 inurl:100001925656445

38 - My status, photos, and posts - Family and relationships - Photos and videos Im tagged in - Birthday - Permission to comment on your posts - Contact information Share a tagged post with friends of the friend I tag Friends Only

39 Anti-virus software Filtering programs Monitoring software Parental supervision

40 Establish rules for your childs online life


42 GOLDEN RULES TO TEACH 1.Rules from real life apply: courtesy, kindness, modesty, dignity, respect for law and others, etc. 2.Dont talk/txt / MMS strangers 3.Keep personal information private (No cell # on FB) 4.Anything posted on the internet is not private and lasts forever (including photos, videos, etc.) 5.Communicate if you encounter something uncomfortable

43 5 GOOD PRIVACY DOWNLOADS Ghostery is a browser extension that is available for Internet Explorer, Firefox, Chrome and Safari Web Browsers Traces Eraser provides an easy way to clear your internet history, cookies, cached files and more. Adblock Plus for Chrome a Chrome add-on that makes ads disappear and offers more than 40 filters CyberGhost VPN 2011, all web traffic is routed through an anonymised web server – server iPhone Tracker is a simple Mac OS X application that maps the information that your iPhone is recording about your movements.application

44 PROTECT YOUR PERSONAL INFO Avoid using discount cards to pay for anything that you want to keep private Dont send messages on an unsecured Wi-Fi network Mask your identity when you search Use search tools that can disconnect your computers identifying machine number from the search Virual Machines Pick passwords carefully Chose different usernames Read more:

45 REACH PEOPLE WHERE THEY ARE Let every worker in the Master's vineyard, study, plan, devise methods, to reach the people where they are. We must do something out of the common course of things. We must arrest the attention. We must be deadly in earnest. We are on the very verge of times of trouble and perplexities that are scarcely dreamed of. --Ev 122, 123

46 GOOGLE YOURSELF / YOUR KIDS What personal information is your child placing on blogs and personal WebPages?

47 FIND WHAT GOOGLE KNOWS ABOUT YOU Google search strings SSN birthday Hate my parents 31,100 hits "phone number Place name in quotation marks (use variations) First (Jon) Last Legal First (Jonathan) Last First MI Last Use and to look for your child's name in newsgroups (address, phone number and other personal information) Go to my website for a Google search tutorial

48 PROTECTOR BY TASER Cell-phone locking Serious collision detection Real-time GPS tracking Unsafe driving alerts Geo-fences are boundaries on a map that generate alerts when crossed. any inbound call, text, or e-mail. Anything that comes into the child's phone would actually be routed to the parent's phone." Read more: 238.html#ixzz1Mn6tKT00 238.html#ixzz1Mn6tKT00

49 FLEXISPY Top of the range spyphone Mobile Call Tapping, listen to actual phone calls Remote Listening (Room bugging) Read all incoming and outgoing SMS Read all Call logs Know the location, Location tracking SIM Change SMS Notification

50 MOBILE SPY Features SMS Recording Call details Not voice recording GPS Location Log summaries Works on practically all smart phones Cost $49.97 for 3 months $69.97 for 6 months $99.97 for 12 months

51 OPTIONS FOR IPHONE K9 Web Protection Browser Free Trusted company Blue Coat Systems, Inc. Rated 3.5 Stars on first release Updates follow quickly Safe Eyes Mobile $20.00 Trusted company Rated 3 stars Rarely Updated

52 MOBISTEALTH Features Works on multiple phones The features vary by make of phone SMS Logging Call recording GPS tracking Web Browser logging Pricing 12 months- Up to $200 6 months- Up to $150 3 months- Up to $100

53 GOOD RESOURCES Quality and current nonprofit news service for kid-tech news. Based on the premise that informal, engaged parenting is essential to kids constructive use of technology and the Net. Provides information on how media can shape your childs development and what you can do to create a media-literate household. Provides a guide to making the Internet and Technology fun, safe, and productive. Advice and information about Internet safety for parents and teachers, plus opportunities to discuss problems and share solutions.

54 GOOD RESOURCES GetNetWise is a public service created by Internet industry corporations and public interest groups with the goal of having Internet users be only one click away from the resources they need to make informed decisions about their and their family's use of the Internet. Created by the National Center for Missing & Exploited Children and Boys & Girls Clubs of America, the NetSmartz Workshop is an interactive, educational safety resource to teach kids and teens how to stay safer on the Internet. is an Internet domain where affiliated sites are regularly screened and monitored so that parents and children can trust the sites to provide educational and appropriate online fun.

55 GOOD RESOURCES Provides family-friendly reviews of media (TV, film, music, Web sites, games, and books) and parent tips on healthy media diets for families. Run by the author of Net-mom's Internet Kids & Family Yellow Pages, a family-friendly directory to 3,500 of the best children's resources the Internet has to offer, this site highlights good sites for kids and provides safety tips for parents

56 COMMON CHAT TERMS POS --Parents are looking over my shoulder POTS -- Parents over the shoulder (my parents are watching; I can't really talk) P911 -- My parents are in the room. P = Parents, and 911 = emergency; in other words, either drop the subject or watch the language WTGP-- Want to go private? (move to a private chat room) a/s/l or asl - - Age/Sex/Location -- (used to ask a chatter their personal information) GGOH --Gotta get outta here OLL --Online love GTR --Got to run TNT --'Til next time LMIRL -- Let's meet in real life

57 SOFTWARE RECOMMENDATION SITES The Safe Side – Stranger Safety Video Darkness to Light – 7 Steps to Protecting Our Children Cyberbully Resources Google Alerts National Center for Missing and Exploited Children Son, Call Me Big Brother Download your fav apps all at once Family Watchdog – National Sex Offender Search

58 SOFTWARE RECOMMENDATION SITES Search for your local FBI field office A Parent's Guide to Internet Safety Kidz Privacy CyberTip Line, National Center for Missing and Exploited Children Safe Surfing with your Family, Safe Surfing Checklist Safeguards, Computer safety tips for your home and child Tips for Parents to Protect Children from Internet Predators, Guidelines for Parents Kids Rules for Online Safety Rules in Cyberspace Cyberbullying Chat Slang NetLingo

59 RESOURCES All resources and more at my website (bottom of page) Chat Abbreviation -PDF- Download Download Cleaning Your Windows Computer -PDF- Download Download Free Software for Home Users -PDF- Download Download How to Check Your Computers History -PDF- Download Download I-Educator -PDF- Download Download Internet Safety for Kids -PDF- Download Download Internet terms -PDF- Download Download Internet Safety Plan -PDF- Download Download Internet Safety Tips for Parents -PDF- Download Download Secure Mac step by Step -PDF- Download Download Tracking People around town -PDF- Download Download Internet Safety for Kids link list is very graphic has excellent resources for parents

60 BIBLIOGRAPHY 1.Tapscott, The N Generation, 1998: 1-2. 2. World Youth Report 2005 3.The Henry J. Kaiser Family Foundation Study, 3/05 4.Kaiser Family Foundation 5.Numsum Myspace Stats 6.Media Central The Buzz 7. 8.The National Youth Agency 9.The Search Agency 10. Internet Addiction by Wendi Kannenberg 11. Internet Safety for Kids 12. US News and World Report – Special Report- September 18,2006 13. 'Predator's Playground? 14. Decoding MySpace

Download ppt "Ernest Staats EDMODO -- CS3392 Technology Director MS Information Assurance, CISSP, CEH, CWNA, Security+, MCSE, CNA, I-Net+, Network+, Server+, A+"

Similar presentations

Ads by Google