Home > Blogs > Administrative Issues Concerning Mobile Security (Part 5 of 5)

Administrative Issues Concerning Mobile Security (Part 5 of 5)

By  Jun 10, 2009

Topics: Network Security, Security

Last but not least, a bit less technical but important aspect is the administration infrastructure: security administration becomes a huge issue when thousands of mobile devices are deployed. Policy enforcement, deployment, updates, help desk, key recovery and system logging are all vital components of an enterprise system that provides "provable" security to comply with data privacy regulations.

One more thing you can do, in order to protect your device in a rigorous way, is to use tools that reinforce the security of your system under a global perspective, like SELinux (“Security Enhanced Linux”: http://www.nsa.gov/research/selinux/index.shtml) or AppArmor (http://en.opensuse.org/AppArmor) for a Linux operating system, or TrustedBSD (http://www.trustedbsd.org) for FreeBSD and Mac OSX. This is about notebooks, where you can essentially install the same software you install on desktop computers, but there is something for smaller devices too, for example a specific adaptation of SELinux for mobile devices, MicroSELinux, is mentioned here:

    http://www.mvista.com/product_features_mob.php .

A technical article on the subject is:

    http://research.nokia.com/files/NRCTR2008010.pdf .

“Last but not least”, a bit less technical but important aspect is the administration infrastructure: security administration becomes a huge issue when thousands of mobile devices are deployed. Policy enforcement, deployment, updates, help desk, key recovery and system logging are all vital components of an enterprise system that provides "provable" security to comply with data privacy regulations.

Here is a list of some more little useful precautions a security policy should include:

  • Provide specialized training to mobile device users and administrators, including simple guidelines for the physical security of devices and a reporting mechanism in case of loss or theft.
  • Promptly report a lost or stolen device: in some cases, as in the case of Carnegie Mellon’s BlackBerry service, a device can be remotely deactivated thus preventing email or other sensitive data from being exposed.
  • Disable options and applications that you don't use: reduce security risk by limiting your device to only necessary applications and services.
  • Regularly back up data.
  • Apply security updates.

Speaking in general, the article

    http://www.eetimes.com/news/design/showArticle.jhtml?articleID=211600972

is interesting too, as it mentions various technical approaches to mobile device security, like hardware approach and use of virtualization technology.

As a conclusion, here is a list of the main aspects you have to consider, as a memorandum (check list), considering that the importance and the applicability of some of them depend on the specific device you're using:

  • security policy and administration
  • hardware protection
  • access control and user authentication
  • data encryption
  • compliance to wireless networks security protocols
  • firewall and intrusion prevention
  • anti virus
  • security enforcement with SELinux or similar tools

Dealing with all topics concerning mobile security would be very long, but this simple memorandum can be useful as a starting point for deeper analysis when required. Several “pointers” to specific subjects have been given.

Logical Security regularly publishes white papers on topics vital to the security industry. Visit our CISSP Education Resources section to obtain valuable information and perspective on security practices.

Part 5 of 5 extracted from an original article written by Shon Harris entitled:

Mobile Device Security

Read Part 1 - Mobile Devices - Definition And Security Issues
Read Part 2 - Mobile Devices - Security Implications And Countermeasures
Read Part 3 - Mobile Devices - Access Control, Wireless Network Risks And Security Implementations
Read Part 4 - Mobile Devices - Viruses, Malware And Various Threats To Mobile Devices