Securing Mobile Devices | CompTIA A+ 220-1002 | 2.8

In this video you will learn about screen locks, remote wipes, locator applications, remote backup applications, failed login attempts restrictions, antivirus/anti-malware, patching/OS updates, biometric authentication, full device encryption, multi-factor authentication, authenticator applications, trusted sources vs. untrusted sources, firewalls, & policies and procedures.

Screen Locks

In general, a lock screen is an interface on a computer, smartphone, or tablet that appears upon startup. Access to all of the device’s applications are limited when it is locked, preventing unauthorized users from accessing the device’s data. When a password is entered, or the device is unlocked with biometrics, the home screen, desktop, or app launcher is displayed and usable. A screen lock can be a pattern that is drawn on the display, a PIN (passcode lock), or a password. Typically, the strongest form of a screen lock is a very strong password. Some devices like smartphones include fingerprint locks (where a user’s fingerprint is matched against a list of authorized user fingerprints) and face locks (where a user’s face is matched against a list of authorized user faces).

Remote Wipes

A remote wipe refers to a system where an administrator has the ability to remotely delete data on a hardware device or system. During a remote wipe, the deletion is triggered from a remote system endpoint. Many types of remote wipes can be set up in different ways. The remote wipe can target company specific information or erase all information on a device/system. In many cases, the remote wipe is designed to provide quick and effective solutions to security breaches or other crises.

Locator Applications

Locator applications like Find My iPhone for iOS and Android Device Manager for Android can help a user find a lost device. As long as the power is on and the geolocation is working, these apps can be operated from other phones with a similar app to help find the location of the lost device.

Remote Backup Applications

A remote, online, or managed backup service, sometimes marketed as cloud backup or backup-as-a-service, is a service that provides users with a system for the backup, storage, and recovery of computer files. With a mobile device, there are two ways to back up them up: by way of a USB connection to a desktop or laptop computer or to the cloud with a remote backup application. Apple has a free cloud backup service called iCloud that offers up to 5GB of free storage space with more space available by subscription. iTunes, which can be used for USB-based backup, enables the entire device to be backed up to a hard drive at no additional cost. Google Cloud offer Android users a free backup for email, contacts, & other information. With Android, to back up photos, music, & other content, it has to be backed up manually via USB or file sync to the cloud using by way of services such as Dropbox. For iOS and Android, other third-party cloud-based backup services are also supported such as iDrive and Carbonite.

Failed Login Attempts Restrictions

Failed login attempt restrictions prevents unauthorized users from gaining access to a mobile device. If the unauthorized user enters the incorrect PIN or passcode after a certain number of attempts, the device could either temporarily lockup for a specified amount of time before allowing the user to enter another PIN or passcode or, the device could perform a remote wipe of the hard drive after a multiple failed login attempts.

Antivirus/Anti-Malware

Antivirus/anti-malware software is a computer program used to prevent, detect, and remove malware on computers and mobile devices. Some antivirus/anti-malware third-party applications for Android devices include: McAfee’s VirusScan Mobile, AVG, Lookout, and NetQin. Due to the closed nature of the iOS environment, it is somewhat more difficult to write viruses for iOS devices. However, Apple does allow the installation of previously unavailable applications and software originally not authorized by Apple, so the installation of third-party antivirus/anti-malware mobile applications is now possible.

Patching/OS Updates

Just like for desktop and laptop computers, mobile devices need their applications & operating systems to be patched and updated as well. To manually update these devices, follow these steps:

  • Android
    • Settings > General > About Device > Software Update or
    • Settings > About Device > Software Update > Check for Updates
  • iOS
    • Settings > General > Software Update

Biometric Authentication

Biometric authentication as a form of identification and access control. Android and iOS use biometric authentication by way of built-in fingerprint readers, iris readers, or facial recognition software to gain access to these mobile devices. Microsoft also has a product called Microsoft’s Windows Hello which is a biometric authentication mechanism similar to that of Apple’s Face ID.

Full Device Encryption

Full disk encryption is a technology that protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Full device encryption encrypts information on a device and prevents access to that device unless a user knows the PIN or passcode to access the device. Android & iOS devices automatically apply full device encryption the moment the authorized user of these devices lock the device.

Multi-factor Authentication

Multi-factor authentication (MFA) is an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. Example of MFA would be using a username and password to sign into a website, then the website requiring you to enter a 6 digit code sent to your phone by way of a text message asking you to verify you are the actual authorized user of that account associated with the website.

Authenticator Applications

Authenticator apps generate a one-time code that you use to confirm that it’s you logging into a website or service. The Google Authenticator app is the most popular authenticator app. It supports options to add or remove trusted computers and devices and works with the Security Key USB device. Other authenticator apps are LastPass Authenticator, Microsoft Authenticator, and Authy.

Trusted Sources vs. Untrusted Sources

Trusted sources are simply links to trustworthy websites and applications. Google Play for Android, The Apple Store for iOS, and Microsoft Store for Windows 10 Mobile are trusted sources for downloading and installing apps on mobile devices. Downloading and installing apps outside of these stores are considered untrusted sources and to do that requires you to jailbreak the device which removes the security measures built into the device.

Firewalls

Firewalls are network security systems that monitor & control incoming and outgoing network traffic based on predetermined security rules. Android and iOS do not include firewalls for their devices by default, although there are third-party apps that a can install firewalls on Android devices to provide protection against unwanted internet traffic.

Policies and Procedures

Nowadays, more and more companies are allowing for workers to utilize their personally owned mobile devices on corporate networks. To allow for these devices to access the network, companies are implementing policies and procedures to prevent these devices from causing potential security threats to the network.

BYOD vs. Corporate-Owned Devices

BYOD (bring your own device) refers to being allowed to use one’s personally owned device on the company network, rather than being required to use an officially provided device. The benefits of a BYOD policy are:

  • Saves the organization money; employee purchases their own device
  • Employee will more than likely use their own device more often
  • Greater productivity

Potential disadvantages include:

  • Costs associated with the management & security of BYOD devices on the network
  • Some employees many simply not want to use their own devices for official business

Profile Security Requirements

Regardless of if an organization allows for the use of BYOD, corporate-owned devices, or a mixture, the company has to establish security requirements to allow for the productivity to take place while minimizing potential security risks. Setting up device security profile requirements include items such as:

  • Allowing only approved OS versions on devices
  • Implementing password & lock screen policies
  • Requiring device encryption
  • Support issues
  • Policies set up for when an employee leaves the organization as it relates to the information/data on the employee’s device