Visit www.dummies.com/cheatsheet/mobiledevicesecurity to view this book's cheat sheet.
Table of Contents
About This Book Foolish Assumptions Conventions Used in This Book How This Book Is Organized Part I: Living Securely in the Smart World Part II: Implementing Enterprise Mobile Security Part III: Securing Smart Device Access Part IV: Securing Each Smart Device Part V: The Part of Tens Icons Used in This Book Where to Go from Here
Part I: Living Securely in the Smart World Part II: Implementing Enterprise Mobile Security Part III: Securing Smart Device Access Part IV: Securing Each Smart Device Part V: The Part of Tens
Chapter 1: What’s So Smart About a Phone, Anyway? Exploring Different Mobile Devices Smartphones and tablets Laptops and netbooks Other computing devices Examining Operating Systems for Mobile Devices Apple iOS Google Android RIM BlackBerry OS RIM BlackBerry Tablet OS Microsoft Windows Mobile and Windows Phone Nokia Symbian HP Palm webOS MeeGo Samsung bada Discovering Data Connections Applications Galore: Exploring Mobile Device Applications E-mail and messaging Web-based applications Client/server applications Standalone applications Allowing Smartphones onto Your Network Educating yourself on the risks Scoping your deployment Creating a mobile device security policy Determining device configuration policies Figuring out how you’ll connect devices to your network(s) Devising an endpoint security strategy Planning a strategy to deal with loss and theft Seeking vendor info and requests for proposals Implementing a pilot Assessing and reevaluating at regular intervals Introduction: AcmeGizmo Enterprise Smartphone Deployment Case Study Exploring legacy smartphone deployment Enter the smartphone explosion Chapter 2 : Why Do I Care? The Mobile Device Threat Recognizing the Scope of the Threat Loss, theft, and replacement Really off-site data storage Free (but not necessarily nice) apps Network access outside of your control Understanding the Risks Opening the door to hackers Compromising your business communications Endangering corporate data Infesting enterprise systems by using location-based services Assessing the Arsenal To manage or not to manage Where the need for compliance comes in Mobile security apps start to emerge Planning to Sustainably Keep the Threat at Bay Establish enforceable policies Evaluate tools without biases Secure the location Mobile security 101 classes Turning mobile devices into allies Chapter 3 : Planning for Mobile Devices in the Enterprise Managing the New Wave of Mobile Devices Support the cutting-edge devices More than just e-mail Who moved my application? Updating your mobility policies Adapting to the New Challenges of Mobile Devices Protecting mobile devices from malware Managing device policies remotely Enforcing granular access control Part II: Implementing Enterprise Mobile Security Chapter 4: Creating Mobile Device Security Policies Recognizing the Importance of Enforceable Security Policies Understanding Device Policies Policies for physical device protection Policies for device backup and restore Using Provisioning Policies to Manage Devices Upgrade, downgrade, and software installation policies Profile settings policies Decommissioning policies Creating Effective Monitoring Policies Protecting Devices with Application Policies Case Study: AcmeGizmo Mobile Device Security Policy Chapter 5: Managing and Controlling Devices Managing Your Mobile Devices Managing devices over the air Configuring security policies Open Mobile Alliance Device Management Exchange ActiveSync Controlling Applications Pros and cons of consumer app stores Provisioning applications to mobile devices Blacklisting and removing applications Case Study: AcmeGizmo Application Control Deployment Your password, please Network settings Other settings Application provisioning Chapter 6: Conforming to Corporate Compliance Policies Which Devices Are Personal, and Which Are Corporate-Owned Setting Passcodes on Mobile Devices Encrypting the Contents of the Device Requiring VPN on the Device Protecting the Device from Viruses Protecting the Device from Loss and Theft Managing Devices at Scale Backing Up the Contents of the Device Monitoring and Controlling Contents of the Device Case Study: AcmeGizmo Compliance Requirements Operating system compliance Password compliance Encryption compliance VPN and endpoint security compliance Loss and theft protection Part III: Securing Smart Device Access Chapter 7: Securing Data in Transit with VPNs Comparing IPSec VPNs and SSL VPNs Validating User Identity for VPN Access Authenticating VPN users Determining a user’s role Discriminating by Device Profile Profiling devices and applying policies Providing access based on device profile Implementing custom policies Providing Application Access Enabling access to e-mail Providing Web application access Accessing full client/server applications Providing Users an Appropriate Level of Access Securely accessing e-mail, calendar, and contacts Accessing web-based applications Allowing users to leverage client/server applications Case Study: AcmeGizmo SSL VPN Rollout for Smartphones Employee authentication Accessing the network with SSL VPN Chapter 8: Connecting to Wi-Fi Networks What’s Wi-Fi, and Why Bother? Which Wi-Fi Networks Should Users Connect To? Open or insecure networks Encrypted Wi-Fi networks VPN on a Wi-Fi network Wi-Fi Connections from Mobile Devices Apple iPhones, iPads, and iPods Connecting to Wi-Fi with Android devices BlackBerry devices Implementing Wi-Fi Policies Part IV: Securing Each Smart Device Chapter 9: Device Security Component Overview Knowing Smartphone Security Components Understanding On-Device Anti-X Protection Antispyware Antivirus Antiphishing Antispam Using Backup and Restore Capabilities Adding Loss and Theft Protection Encryption and authentication techniques Immobilizing techniques Recovery techniques Controlling and Monitoring Applications Methods to control and monitor applications Identifying harmful applications Enterprise Management of Mobile Devices Device deployment Device discovery Device provisioning Device monitoring Compliance enforcement Chapter 10 : Hacker Protection and Enforceable Encryption Getting to Know the On-Device Security Components Keeping Devices Safe with On-device Firewalls Small footprint Efficient battery usage Dynamic adaptation to changing usage Protecting Against Viruses Firewalls and virus-based attacks Virtual device antivirus solutions Reducing Spam Service provider assistance Choosing an antispam solution Global operator initiative to combat spam Preventing Intrusion Using Enforceable Encryption Encrypting all outbound and inbound communication Encrypting only enterprise traffic Using carrier-provided voice encryption Case Study: AcmeGizmo Endpoint Security Deployment Endpoint security Device encryption Flash forward Chapter 11: Protecting Against Loss and Theft Taking Precautions before Loss or Theft Educating Users about Securing Data on a Lost Phone Protecting personal Apple iOS devices Protecting personal Symbian devices Protecting personal Android devices Protecting personal Windows Mobile and Windows Phone 7 Devices Protecting personal Blackberry devices Exploring Enterprise-Grade Solutions for Various Platforms Enterprise-grade solutions for Apple iOS Enterprise-grade solutions for Symbian Enterprise-grade solutions for Android Enterprise-grade solutions for Windows Mobile and Windows Phone 7 Enterprise-grade solutions for Blackberry devices Deploying Enterprise-Wide Loss and Theft Protection Case Study: AcmeGizmo’s Lost or Stolen Device Recovery Chapter 12: Educating Users about Backing Up Data Backing Up Data from Smartphones Instructing Users on Backing Up Their Devices Backing up iPhones and iPads Backing up Android devices Backing up BlackBerry devices Backing up Nokia devices Backing up Windows Phone 7 devices Instructing Users on Restoring Data to Their Devices Restoring data from iPhones and iPads Restoring data from Android devices Restoring data from BlackBerry devices Restoring data from Nokia devices Restoring data from Windows Phone 7 devices Instructing Users on Transferring Data to New Devices Transferring data between iPhones and iPads Transferring data between Android devices Transferring data between BlackBerry devices Transferring data between Nokia Symbian devices Exploring Corporate Solutions for Backup and Restore Case Study: AcmeGizmo Backup and Restore Use Cases Chapter 13: Securing Mobile Applications Understanding the Importance of a Sandbox App Security on Various Platforms App security on BlackBerry devices App sandboxing on Apple iOS devices Android operating system security Exploring Virtualization for Mobile Devices Accounting for Personal Devices at Work Sandboxing Combined with On-Device Security Part V: The Part of Tens Chapter 14: Top Ten Online Information Sources Tech SANS Dark Reading F-Secure Security Threat Summaries Infosecurity Network National Institute of Standards and Technology (Security Research) Vendors’ Websites ICSA labs CERT US-CERT GSM Association Chapter 15: Top Ten Mobile Security Vendors AirWatch Good Technology Juniper Networks Mobile Active Defense McAfee MobileIron Sybase Symantec Tangoe Zenprise Cheat Sheet
Exploring Different Mobile Devices Smartphones and tablets Laptops and netbooks Other computing devices Examining Operating Systems for Mobile Devices Apple iOS Google Android RIM BlackBerry OS RIM BlackBerry Tablet OS Microsoft Windows Mobile and Windows Phone Nokia Symbian HP Palm webOS MeeGo Samsung bada Discovering Data Connections Applications Galore: Exploring Mobile Device Applications E-mail and messaging Web-based applications Client/server applications Standalone applications Allowing Smartphones onto Your Network Educating yourself on the risks Scoping your deployment Creating a mobile device security policy Determining device configuration policies Figuring out how you’ll connect devices to your network(s) Devising an endpoint security strategy Planning a strategy to deal with loss and theft Seeking vendor info and requests for proposals Implementing a pilot Assessing and reevaluating at regular intervals Introduction: AcmeGizmo Enterprise Smartphone Deployment Case Study Exploring legacy smartphone deployment Enter the smartphone explosion
Smartphones and tablets Laptops and netbooks Other computing devices
Apple iOS Google Android RIM BlackBerry OS RIM BlackBerry Tablet OS Microsoft Windows Mobile and Windows Phone Nokia Symbian HP Palm webOS MeeGo Samsung bada
E-mail and messaging Web-based applications Client/server applications Standalone applications
Educating yourself on the risks Scoping your deployment Creating a mobile device security policy Determining device configuration policies Figuring out how you’ll connect devices to your network(s) Devising an endpoint security strategy Planning a strategy to deal with loss and theft Seeking vendor info and requests for proposals Implementing a pilot Assessing and reevaluating at regular intervals
Exploring legacy smartphone deployment Enter the smartphone explosion
Recognizing the Scope of the Threat Loss, theft, and replacement Really off-site data storage Free (but not necessarily nice) apps Network access outside of your control Understanding the Risks Opening the door to hackers Compromising your business communications Endangering corporate data Infesting enterprise systems by using location-based services Assessing the Arsenal To manage or not to manage Where the need for compliance comes in Mobile security apps start to emerge Planning to Sustainably Keep the Threat at Bay Establish enforceable policies Evaluate tools without biases Secure the location Mobile security 101 classes Turning mobile devices into allies
Loss, theft, and replacement Really off-site data storage Free (but not necessarily nice) apps Network access outside of your control
Opening the door to hackers Compromising your business communications Endangering corporate data Infesting enterprise systems by using location-based services
To manage or not to manage Where the need for compliance comes in Mobile security apps start to emerge
Establish enforceable policies Evaluate tools without biases Secure the location Mobile security 101 classes Turning mobile devices into allies
Managing the New Wave of Mobile Devices Support the cutting-edge devices More than just e-mail Who moved my application? Updating your mobility policies Adapting to the New Challenges of Mobile Devices Protecting mobile devices from malware Managing device policies remotely Enforcing granular access control
Support the cutting-edge devices More than just e-mail Who moved my application? Updating your mobility policies
Protecting mobile devices from malware Managing device policies remotely Enforcing granular access control
Chapter 4: Creating Mobile Device Security Policies Recognizing the Importance of Enforceable Security Policies Understanding Device Policies Policies for physical device protection Policies for device backup and restore Using Provisioning Policies to Manage Devices Upgrade, downgrade, and software installation policies Profile settings policies Decommissioning policies Creating Effective Monitoring Policies Protecting Devices with Application Policies Case Study: AcmeGizmo Mobile Device Security Policy Chapter 5: Managing and Controlling Devices Managing Your Mobile Devices Managing devices over the air Configuring security policies Open Mobile Alliance Device Management Exchange ActiveSync Controlling Applications Pros and cons of consumer app stores Provisioning applications to mobile devices Blacklisting and removing applications Case Study: AcmeGizmo Application Control Deployment Your password, please Network settings Other settings Application provisioning Chapter 6: Conforming to Corporate Compliance Policies Which Devices Are Personal, and Which Are Corporate-Owned Setting Passcodes on Mobile Devices Encrypting the Contents of the Device Requiring VPN on the Device Protecting the Device from Viruses Protecting the Device from Loss and Theft Managing Devices at Scale Backing Up the Contents of the Device Monitoring and Controlling Contents of the Device Case Study: AcmeGizmo Compliance Requirements Operating system compliance Password compliance Encryption compliance VPN and endpoint security compliance Loss and theft protection
Recognizing the Importance of Enforceable Security Policies Understanding Device Policies Policies for physical device protection Policies for device backup and restore Using Provisioning Policies to Manage Devices Upgrade, downgrade, and software installation policies Profile settings policies Decommissioning policies Creating Effective Monitoring Policies Protecting Devices with Application Policies Case Study: AcmeGizmo Mobile Device Security Policy
Policies for physical device protection Policies for device backup and restore
Upgrade, downgrade, and software installation policies Profile settings policies Decommissioning policies
Managing Your Mobile Devices Managing devices over the air Configuring security policies Open Mobile Alliance Device Management Exchange ActiveSync Controlling Applications Pros and cons of consumer app stores Provisioning applications to mobile devices Blacklisting and removing applications Case Study: AcmeGizmo Application Control Deployment Your password, please Network settings Other settings Application provisioning
Managing devices over the air Configuring security policies Open Mobile Alliance Device Management Exchange ActiveSync
Pros and cons of consumer app stores Provisioning applications to mobile devices Blacklisting and removing applications
Your password, please Network settings Other settings Application provisioning
Which Devices Are Personal, and Which Are Corporate-Owned Setting Passcodes on Mobile Devices Encrypting the Contents of the Device Requiring VPN on the Device Protecting the Device from Viruses Protecting the Device from Loss and Theft Managing Devices at Scale Backing Up the Contents of the Device Monitoring and Controlling Contents of the Device Case Study: AcmeGizmo Compliance Requirements Operating system compliance Password compliance Encryption compliance VPN and endpoint security compliance Loss and theft protection
Operating system compliance Password compliance Encryption compliance VPN and endpoint security compliance Loss and theft protection
Chapter 7: Securing Data in Transit with VPNs Comparing IPSec VPNs and SSL VPNs Validating User Identity for VPN Access Authenticating VPN users Determining a user’s role Discriminating by Device Profile Profiling devices and applying policies Providing access based on device profile Implementing custom policies Providing Application Access Enabling access to e-mail Providing Web application access Accessing full client/server applications Providing Users an Appropriate Level of Access Securely accessing e-mail, calendar, and contacts Accessing web-based applications Allowing users to leverage client/server applications Case Study: AcmeGizmo SSL VPN Rollout for Smartphones Employee authentication Accessing the network with SSL VPN Chapter 8: Connecting to Wi-Fi Networks What’s Wi-Fi, and Why Bother? Which Wi-Fi Networks Should Users Connect To? Open or insecure networks Encrypted Wi-Fi networks VPN on a Wi-Fi network Wi-Fi Connections from Mobile Devices Apple iPhones, iPads, and iPods Connecting to Wi-Fi with Android devices BlackBerry devices Implementing Wi-Fi Policies
Comparing IPSec VPNs and SSL VPNs Validating User Identity for VPN Access Authenticating VPN users Determining a user’s role Discriminating by Device Profile Profiling devices and applying policies Providing access based on device profile Implementing custom policies Providing Application Access Enabling access to e-mail Providing Web application access Accessing full client/server applications Providing Users an Appropriate Level of Access Securely accessing e-mail, calendar, and contacts Accessing web-based applications Allowing users to leverage client/server applications Case Study: AcmeGizmo SSL VPN Rollout for Smartphones Employee authentication Accessing the network with SSL VPN
Authenticating VPN users Determining a user’s role
Profiling devices and applying policies Providing access based on device profile Implementing custom policies
Enabling access to e-mail Providing Web application access Accessing full client/server applications
Securely accessing e-mail, calendar, and contacts Accessing web-based applications Allowing users to leverage client/server applications
Employee authentication Accessing the network with SSL VPN
What’s Wi-Fi, and Why Bother? Which Wi-Fi Networks Should Users Connect To? Open or insecure networks Encrypted Wi-Fi networks VPN on a Wi-Fi network Wi-Fi Connections from Mobile Devices Apple iPhones, iPads, and iPods Connecting to Wi-Fi with Android devices BlackBerry devices Implementing Wi-Fi Policies
Open or insecure networks Encrypted Wi-Fi networks VPN on a Wi-Fi network
Apple iPhones, iPads, and iPods Connecting to Wi-Fi with Android devices BlackBerry devices
Chapter 9: Device Security Component Overview Knowing Smartphone Security Components Understanding On-Device Anti-X Protection Antispyware Antivirus Antiphishing Antispam Using Backup and Restore Capabilities Adding Loss and Theft Protection Encryption and authentication techniques Immobilizing techniques Recovery techniques Controlling and Monitoring Applications Methods to control and monitor applications Identifying harmful applications Enterprise Management of Mobile Devices Device deployment Device discovery Device provisioning Device monitoring Compliance enforcement Chapter 10 : Hacker Protection and Enforceable Encryption Getting to Know the On-Device Security Components Keeping Devices Safe with On-device Firewalls Small footprint Efficient battery usage Dynamic adaptation to changing usage Protecting Against Viruses Firewalls and virus-based attacks Virtual device antivirus solutions Reducing Spam Service provider assistance Choosing an antispam solution Global operator initiative to combat spam Preventing Intrusion Using Enforceable Encryption Encrypting all outbound and inbound communication Encrypting only enterprise traffic Using carrier-provided voice encryption Case Study: AcmeGizmo Endpoint Security Deployment Endpoint security Device encryption Flash forward Chapter 11: Protecting Against Loss and Theft Taking Precautions before Loss or Theft Educating Users about Securing Data on a Lost Phone Protecting personal Apple iOS devices Protecting personal Symbian devices Protecting personal Android devices Protecting personal Windows Mobile and Windows Phone 7 Devices Protecting personal Blackberry devices Exploring Enterprise-Grade Solutions for Various Platforms Enterprise-grade solutions for Apple iOS Enterprise-grade solutions for Symbian Enterprise-grade solutions for Android Enterprise-grade solutions for Windows Mobile and Windows Phone 7 Enterprise-grade solutions for Blackberry devices Deploying Enterprise-Wide Loss and Theft Protection Case Study: AcmeGizmo’s Lost or Stolen Device Recovery Chapter 12: Educating Users about Backing Up Data Backing Up Data from Smartphones Instructing Users on Backing Up Their Devices Backing up iPhones and iPads Backing up Android devices Backing up BlackBerry devices Backing up Nokia devices Backing up Windows Phone 7 devices Instructing Users on Restoring Data to Their Devices Restoring data from iPhones and iPads Restoring data from Android devices Restoring data from BlackBerry devices Restoring data from Nokia devices Restoring data from Windows Phone 7 devices Instructing Users on Transferring Data to New Devices Transferring data between iPhones and iPads Transferring data between Android devices Transferring data between BlackBerry devices Transferring data between Nokia Symbian devices Exploring Corporate Solutions for Backup and Restore Case Study: AcmeGizmo Backup and Restore Use Cases Chapter 13: Securing Mobile Applications Understanding the Importance of a Sandbox App Security on Various Platforms App security on BlackBerry devices App sandboxing on Apple iOS devices Android operating system security Exploring Virtualization for Mobile Devices Accounting for Personal Devices at Work Sandboxing Combined with On-Device Security
Knowing Smartphone Security Components Understanding On-Device Anti-X Protection Antispyware Antivirus Antiphishing Antispam Using Backup and Restore Capabilities Adding Loss and Theft Protection Encryption and authentication techniques Immobilizing techniques Recovery techniques Controlling and Monitoring Applications Methods to control and monitor applications Identifying harmful applications Enterprise Management of Mobile Devices Device deployment Device discovery Device provisioning Device monitoring Compliance enforcement
Antispyware Antivirus Antiphishing Antispam
Encryption and authentication techniques Immobilizing techniques Recovery techniques
Methods to control and monitor applications Identifying harmful applications
Device deployment Device discovery Device provisioning Device monitoring Compliance enforcement
Getting to Know the On-Device Security Components Keeping Devices Safe with On-device Firewalls Small footprint Efficient battery usage Dynamic adaptation to changing usage Protecting Against Viruses Firewalls and virus-based attacks Virtual device antivirus solutions Reducing Spam Service provider assistance Choosing an antispam solution Global operator initiative to combat spam Preventing Intrusion Using Enforceable Encryption Encrypting all outbound and inbound communication Encrypting only enterprise traffic Using carrier-provided voice encryption Case Study: AcmeGizmo Endpoint Security Deployment Endpoint security Device encryption Flash forward
Small footprint Efficient battery usage Dynamic adaptation to changing usage
Firewalls and virus-based attacks Virtual device antivirus solutions
Service provider assistance Choosing an antispam solution Global operator initiative to combat spam
Encrypting all outbound and inbound communication Encrypting only enterprise traffic Using carrier-provided voice encryption
Endpoint security Device encryption Flash forward
Taking Precautions before Loss or Theft Educating Users about Securing Data on a Lost Phone Protecting personal Apple iOS devices Protecting personal Symbian devices Protecting personal Android devices Protecting personal Windows Mobile and Windows Phone 7 Devices Protecting personal Blackberry devices Exploring Enterprise-Grade Solutions for Various Platforms Enterprise-grade solutions for Apple iOS Enterprise-grade solutions for Symbian Enterprise-grade solutions for Android Enterprise-grade solutions for Windows Mobile and Windows Phone 7 Enterprise-grade solutions for Blackberry devices Deploying Enterprise-Wide Loss and Theft Protection Case Study: AcmeGizmo’s Lost or Stolen Device Recovery
Protecting personal Apple iOS devices Protecting personal Symbian devices Protecting personal Android devices Protecting personal Windows Mobile and Windows Phone 7 Devices Protecting personal Blackberry devices
Enterprise-grade solutions for Apple iOS Enterprise-grade solutions for Symbian Enterprise-grade solutions for Android Enterprise-grade solutions for Windows Mobile and Windows Phone 7 Enterprise-grade solutions for Blackberry devices
Backing Up Data from Smartphones Instructing Users on Backing Up Their Devices Backing up iPhones and iPads Backing up Android devices Backing up BlackBerry devices Backing up Nokia devices Backing up Windows Phone 7 devices Instructing Users on Restoring Data to Their Devices Restoring data from iPhones and iPads Restoring data from Android devices Restoring data from BlackBerry devices Restoring data from Nokia devices Restoring data from Windows Phone 7 devices Instructing Users on Transferring Data to New Devices Transferring data between iPhones and iPads Transferring data between Android devices Transferring data between BlackBerry devices Transferring data between Nokia Symbian devices Exploring Corporate Solutions for Backup and Restore Case Study: AcmeGizmo Backup and Restore Use Cases
Backing up iPhones and iPads Backing up Android devices Backing up BlackBerry devices Backing up Nokia devices Backing up Windows Phone 7 devices
Restoring data from iPhones and iPads Restoring data from Android devices Restoring data from BlackBerry devices Restoring data from Nokia devices Restoring data from Windows Phone 7 devices
Transferring data between iPhones and iPads Transferring data between Android devices Transferring data between BlackBerry devices Transferring data between Nokia Symbian devices
Understanding the Importance of a Sandbox App Security on Various Platforms App security on BlackBerry devices App sandboxing on Apple iOS devices Android operating system security Exploring Virtualization for Mobile Devices Accounting for Personal Devices at Work Sandboxing Combined with On-Device Security
App security on BlackBerry devices App sandboxing on Apple iOS devices Android operating system security
Chapter 14: Top Ten Online Information Sources Tech SANS Dark Reading F-Secure Security Threat Summaries Infosecurity Network National Institute of Standards and Technology (Security Research) Vendors’ Websites ICSA labs CERT US-CERT GSM Association Chapter 15: Top Ten Mobile Security Vendors AirWatch Good Technology Juniper Networks Mobile Active Defense McAfee MobileIron Sybase Symantec Tangoe Zenprise
Tech SANS Dark Reading F-Secure Security Threat Summaries Infosecurity Network National Institute of Standards and Technology (Security Research) Vendors’ Websites ICSA labs CERT US-CERT GSM Association
AirWatch Good Technology Juniper Networks Mobile Active Defense McAfee MobileIron Sybase Symantec Tangoe Zenprise