Mobile Security

From March 19, 2012 to March 20, 2012

This workshop will introduce mobile device security, discuss its risks for your organisation and provide you with possible solutions.

After discussing threats, vulnerabilities and risks of mobile device integration, the iOS and Android device specific features and vulnerabilities will be presented along with several attack scenarios, forensic methodologies and real life case studies. Although this workshop focuses on iOS and Android, you will also get an overview of the other “mobile players” along with their associated vulnerabilities and weaknesses.

For secure enterprise integration useful mitigating controls will be shown with practical examples on how to implement them. We will demonstrate mobile device management solutions along with other possible integration strategies like container solutions or hosted management solutions. Also not only technical controls will be discussed but also e.g. how to cover mobile devices within your organisations IT security policy.

During the workshop we will discuss different deployment scenarios and also talk about things like BYOD (Bring you own device).

This willl be a practical workshop where you can test the various things in small hands-on sessions. We will provide you with some devices. Your own devices are welcome, too.

Mobile Security Agenda

Short smartphone operating system overview:

Corporate challenges:

Mobile device information security management:

Security controls for a secure integration:

Mobile device management:

Data management:

Remote access: risks & controls

App approvement:

Operations:

Mobile Device Security Policy:

Rene Graf

Rene Graf leads the “Mobile Security” team at ERNW and has performed a number of BYOD projects including pentests of container solutions and forensic analyses of devices used by CxOs.