All of these have the potential to jailbreak or get root permissions by a Third-party application that is prohibited by the installation of a security breach. An infected BYOD connection to the corporate network is another security issue. Walking wireless eavesdroppers can steal corporate data by uploading data from BYOD to personal devices. This article will learn how to protect your enterprise assets with a security policy for a cloud-based BYOD environment.
To ensure security in a cloud-based BYOD environment, you need a complete and unambiguous security policy. This article describes the potential risks surrounding jailbreak, shared device issues, and how to protect enterprise assets by developing a security policy that is appropriate for all devices.
Overview
You can't jailbreak your BlackBerry like an iPad (and iPhone) user escapes your device. Unlike Apple, the BlackBerry allows a number of third-party applications to be used on the device. IPad users have escaped from their mobile phones to access certain types of applications, and BlackBerry users already have access to such applications. If the BlackBerry user doesn't find the Third-party software they want, they may try to jailbreak the BlackBerry Playbook, install Android and Apple software. Of course, they have to bear the risk of invalid escape equipment warranty.
There are two jailbreak methods that can break the security on the BYOD device and install a third-party application. The first approach involves user interaction with the device and does not allow remote attackers to compromise user data or device integrity. The user must have the device and have a valid user certificate for the device. At a minimum, users can make changes that require:
shares a device network to another device or computer (for example, through Myfi, an IPAD application that supports the sharing of a WiFi hotspot) as the root user, access an authorized user account on the device as the authorized developer, and change the device's default settings by entering developer mode. If the user is not an authorized developer, the developer model may compromise integrity.
The second jailbreak method involves less user interaction. A remote hacker sends a software bug that uses a Web page to get root access on all devices. This occurs only when a user accesses a dangerous page.
Nightmare scenario #1: Infected BYOD
Bob's company allows him to use personal BlackBerrys as a recognized BYOD to access SaaS applications. The company did not ask Bob if there were any other personal devices. Bob didn't even tell the company he had a iPad2, a MacBook and a laptop at home.
One day at home
Bob broke out of his own iPad2 and then installed MyWi as a WiFi hotspot for the following operations:
uses the personal Blackberry that the company allows as a wireless modem (via Bluetooth). Connect his Macbook and notebook to iPad2. Connect all personal devices to the internet via WiFi.
Bob uses his laptop to access the Web page, which contains a malicious software bug. The flaw infects all devices through an IPad unencrypted wireless connection (connected to the corporate network).
Disconnect all devices from WiFi connection to the corporate network, and Bob reconnect the infected BlackBerry and access the SaaS application as a stand-alone modem. Disconnect the device from the cloud when the application downloads the data to the BlackBerry.
The next day in the office
Bob goes back to the company to meet with C-level executives. When he opened his company's allowed BlackBerry, he found that the downloaded data and all the company information turned into useless rubbish, and it was too late, and the missing information included:
Corporate Contacts Company Calendar SaaS access information Blackberry login
Nightmare scene #2: Walking wireless eavesdroppers
Brenda is an employee at ACME, which allows her to connect her mobile devices to the corporate network. Her device is a BlackBerry, installed by many RIM preinstalled applications, as well as personal use by third-party applications. When Brenda connects her device to the corporate network, she is able to obtain applications that the company allows, including barcode scanners.
Brenda spent some time walking to a nearby store where there was a good phone reception. She scanned the barcode price tag for office supplies with her BlackBerry. If the price is correct, put the goods into the shopping basket. Go on shopping until you have bought all the things she needs.
At the time of shopping, Brenda did not realize that he had become the victim of a walking wireless wiretap (hint: a business competitor in the same store). When Brenda scanned the price tag, the walking wireless eavesdroppers used their own devices to steal sensitive data from Brenda's devices. Brenda's device did not wait for any hint that a mobile wireless wiretap was uploading company data. Brenda only noticed that her equipment was a little hotter than before.
The next day, mobile wireless eavesdroppers illegally acquired the privileges of the SaaS application and then sent a malicious data attack to the application.
Security of network shared devices
The main attributes to consider when designing a security policy for a device to connect are:
can bluetooth be turned off? What is the encryption strength of the wireless connection? What should happen after a certain number of password logon errors? Lock? or data erasure?
Other issues to be addressed include:
What applications can you (and the company) support or do not support? What enterprise servers do your company use and improve your mobile device security policies? Mobile device Management (MDM)? Can the device be escaped, get root, or be hacked?
Network Sharing strategy development
When developing a network sharing strategy, you need to understand the specific problems of each device.
rim device RIM has developed an advanced network sharing system for PlayBook and BlackBerry smartphones that can be controlled through the corporate IT department's policy set. There are two modes of PlayBook: Cellular and WiFi, or WiFi only.
You need to register your BlackBerry device with the BlackBerry Enterprise Server (BES) so it can set policy on the maximum distance between Bluetooth-enabled handsets and Playbook. If the Playbook mobile device exceeds the set distance, the network share will automatically terminate and the data on the phone will not remain on the tablet computer.
You can allow multiple employees in a company to share a Playbook, and each employee can share his BlackBerry with a tablet at different times.
When you connect your BlackBerry smartphone to Playbook, you can set up the device:
Prevents it from sharing content with Bluetooth-enabled devices. Encrypt the data that you receive and send with Bluetooth technology. Prevent wireless eavesdroppers who use GPS technology from tracking your location. Android devices take into account the Afaria Advanced Enterprise security on your Samsung Android device and Tablet PC. Administrators can: Force mobile device encryption, remote device lockout, remote application and data erasure, strong password security, and set user and application blacklist. Controls installation and uninstall of applications, Bluetooth, WiFi, webcam, and microphone. Perform a network sharing strategy, regardless of which device network shares the Android tablet. Allows the use of radio frequency identification (RFID) readers to directly read UHF Gen2 RFID to the spreadsheet on the Samsung Galaxy tablet. Apple devices in flight mode, Apple devices turn off all wireless functions and comply with aviation regulations. This prevents you from using an external keyboard to access SaaS, PaaS, or IaaS. You can't share your phone with a tablet.
Contact your administrator to register your iPad with your iO4 mobile device management (MDM) server (see Mobile Device Management for more information).
Windows® Mobile device Windows mobile devices have one or two-tier access. Devices with two-tier access have better licensing options. Once the signed application begins execution, the application license (privileged and generic) is determined by the certificate.
If the user allows unsigned applications to be executed, it can only be performed with a normal license. However, users may not be allowed to install unsigned applications on a two-tiered device for SaaS. On a PaaS-oriented double-layer device, users may be asked to request the installation of unsigned application permissions.
To connect Windows mobile devices to BSE, you need to use the BlackBerry connection technology. Windows RT and Windows 8 tablet computers are available after IPad3 is released.
Mobile Device Management
With MDM, the company is able to respond to the diverse needs of its staff for equipment and to provide security comparable to BES. The range of supported platforms has also been increased to include Apple's IOS and Google's Android. While Apple's IOS has improved, BES provides the safest environment for MDM.
There are two forms of BLACKBERRY,MDM: Server and Cloud. The cloud version provides a Blackberry Business Cloud service.
The MDM server administrator can:
Configure your mobile device settings. Query device information from the mandatory limit list and the authorized Install applications list on the mobile device. Manage devices by remote wipe, remote lockdown, and device password removal.
The MDM software is used to ensure that all users are registered and to send alerts to system administrators (and IT departments) about the following:
which user is a registered user, which is not which device has been jailbreak which device is running a licensed, prohibited, and enforced application role violation what is the penalty
To communicate with the MDM server, a small client must be installed on the device. Servers are typically connected to an LDAP directory, where they can find at least employee locations, departments, positions, and supervisors.
You can use clients to communicate with BES for Microsoft®exchange Server, Ibm®lotus®domino, and Novell GroupWise. As part of the configuration, the MDM server can provide WiFi (and VPN) settings to ensure connection security.
If you have multiple MDM domains in your enterprise that need to be managed, consider the Blackberry Mobile Fusion Studio. You can open the BlackBerry Mobile Fusion Studio in a browser or any computer. You can share administrative responsibilities with other devices that access the BlackBerry Mobile Fusion Studio Administrator.