Security of mobile devices in the age of Cloud computing (1)

As a wide variety of consumer devices continue to enter the workplace, CIOs and chief information security chief face a grim test of information security. More and more users now use mobile devices to access Enterprise Services, view enterprise data, and conduct business operations. In addition, many devices are not controlled by administrators, which means that enterprise sensitive data is not subject to the enterprise's existing compliance, security and data loss Protection (DLP) policies. More complicated, today's mobile devices are not islands of information-they can connect to an ecosystem that supports cloud services and computer services. A typical smartphone can be synchronized with at least one public cloud service without being controlled by the administrator. At the same time, many users will directly connect mobile devices to the home computer, the important settings or data backup. In both cases, the important assets of an enterprise are likely to be stored in a place that is not directly regulated by the enterprise and without security. Currently, the most popular mobile device operating system has two, namely, Google Android and Apple iOS. In this white paper, we will evaluate the security modes for both operating systems. At the same time, with the popularization of mobile devices, we will also talk about their impact on enterprise information security. Mobile device security Objectives when it comes to security, the two main mobile platforms are different from the traditional desktop and server operating systems. Although both platforms are developed on the basis of existing operating systems (iOS based on Apple OS X OS, Android), each operating system designs more sophisticated security models for its core applications. The goal is to enable the mobile platform itself to have good security, so as to get rid of third-party security software dependencies. So, did Apple and Google succeed in their quest to create secure mobile platforms? To find out, we will analyze each of the two software security models and application implementations to determine whether they can withstand today's major network security threats. These security threats include attacks based on web sites and networks. This type of virus attack is usually caused by visiting a malicious Web site or an illegal web site. Malicious software. The software can be divided into three main categories: traditional computer viruses, worm viruses, trojans and viruses. Social engineering attacks. This type of attack, such as fishing, uses social engineering to lure users into revealing sensitive information or to induce users to install malware on their computers. Misuse of network available resources and services. Many of the attacks are aimed at misusing equipment-related networks, computing or identity resources for illegal purposes. Malicious and unintentional data loss. When an employee or hacker obtains sensitive information from a protected device or network, data loss is usually caused. Attacks on device data integrity. In data integrity attacks, an attacker attempts to destroy or modify data without the permission of all parties to the data. Apple iOS operating system Apple iOS OSMobile devices, such as ipods, iphones and ipads, are a simplified version of Apple OS X Mac OS. System vulnerabilities as of this writing, security researchers have found that there are about 200 different vulnerabilities in all versions of the system from the beginning of the release of iOS, but most of the vulnerabilities are not serious. Attackers can exploit most of the vulnerabilities to control a program, such as Safari, but it is not easy for them to implement an administrator-level control over the device. But some of these vulnerabilities cause serious problems, and if exploited, attackers can implement administrator-level control of the device so they can get almost all the data and services in the device. Such more serious vulnerabilities are categorized as privilege elevation vulnerabilities because attackers can exploit these vulnerabilities to improve their permissions and achieve full control of the device. According to Symantec Statistics, at the time of this writing, Apple is on average to fix the newly discovered vulnerabilities every 12 days. 1 2 3 next page >> view full text Navigation 1th page: On the security of mobile devices in the age of Cloud Computing (1) page 2nd: The security of mobile devices in the age of Cloud Computing (2) page 3rd: A preliminary study on the security of mobile devices in the cloud Computing Era (3) Original: A preliminary study on the safety of mobile devices in cloud computing (1) Back to network security home