Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

Mobile (in)security ?

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Chargement dans…3
×

Consultez-les par la suite

1 sur 20 Publicité
Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à Mobile (in)security ? (20)

Publicité

Plus récents (20)

Publicité

Mobile (in)security ?

  1. 1. /// Mobile (in)security ? Cláudio André / ca@integrity.pt
  2. 2. 2 /// MOBILE (IN)SECURITY ? WHOAMI • Pentester at Integrity S.A. • Web applications, Mobile Applications and Infrastructure • BSc in Management Information Technology • Offensive Security Certified Professional
  3. 3. 301.3 million shipments 3 /// MOBILE (IN)SECURITY ? MOBILE EQUIPMENTS 2014Q2 http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  4. 4. 4 /// MOBILE (IN)SECURITY ? 2014Q2 MARKETSHARE 2.5% 0.5% 0.7% 84.7% 11.7% Android iOS Windows Phone BlackBerry OS Others http://www.idc.com/prodserv/smartphone-os-market-share.jsp
  5. 5. 5 /// MOBILE (IN)SECURITY ? MOBILE PLATFORMS ON ENTERPRISE BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
  6. 6. 6 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS BYOD & Mobile Security 2013 Survey Linkedin Information Security Group
  7. 7. 7 /// MOBILE (IN)SECURITY ? ENTERPRISES MAIN SECURITY CONCERNS I'm not a Hacker. Just a silly guy with a ski mask on. Don't know what I'm doing.
  8. 8. 8 /// MOBILE (IN)SECURITY ? SECURITY HORROR STORIES 2014 (SO FAR...) Ebay - 145 million users and encrypted email address. JP Morgan Chase - Customer information of 76 million households and 7 million business. Home Depot - 56 million debit and credit cards. Target - 40 million credit and debit cards. Community Health Systems - Personal data of 4.5 million patients.
  9. 9. 9 /// MOBILE (IN)SECURITY ? ATTACK VECTORS
  10. 10. 10 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Device Network Server
  11. 11. 11 /// MOBILE (IN)SECURITY ? ATTACK VECTORS • Browser • System • Phone / SMS • Apps • Malware • ... Device
  12. 12. 12 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Tech details in: http://security.claudio.pt
  13. 13. 13 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Network • Packet Sniffing • Man-In-The-Middle (MITM) • Rogue Access Point • ...
  14. 14. 14 /// MOBILE (IN)SECURITY ? ATTACK VECTORS Server • Brute Force Attacks • SQL Injections • OS Command Execution • ...
  15. 15. 15 /// MOBILE (IN)SECURITY ? A WAY TO... Mobile Device Management; Mobile Application Management; Endpoint Security Tools; Network Access Control (NAC) Endpoint Malware Protections; …..
  16. 16. 16 /// MOBILE (IN)SECURITY ? MOBILE DEVICE MANAGEMENT - Focus on the Device - Provisioning - Security Policies Enforcement - Reporting and Monitoring - Software Distribution
  17. 17. 17 /// MOBILE (IN)SECURITY ? MOBILE APPLICATION MANAGEMENT - Focus on the Applications - Same as previous but applied to the applications. - Corporate App Store (wrapping)
  18. 18. 18 /// MOBILE (IN)SECURITY ? WHICH ONE TO CHOOSE ? - Depends on your objectives - Mixed solution
  19. 19. 19 /// MOBILE (IN)SECURITY ? NOT ONLY *WARE APPROACH - Defense-In-Depth - Raise User Awareness - Secure Development Best Practises (OWASP) - Threat Modeling - Continuous Penetration Testing
  20. 20. Thank you. 20

×