Initial Core 2 study project
This commit is contained in:
commit
10de90430c
120 changed files with 12696 additions and 0 deletions
232
notes/SEC-8-mobile-device-security.md
Normal file
232
notes/SEC-8-mobile-device-security.md
Normal file
|
|
@ -0,0 +1,232 @@
|
|||
# SEC-8: Mobile Device Security
|
||||
|
||||
Status: not started
|
||||
|
||||
Domain:
|
||||
- 2.0 Security
|
||||
|
||||
Objective alignment:
|
||||
- 2.8 Mobile device security
|
||||
|
||||
## What You Need To Know
|
||||
|
||||
Mobile devices are easy to lose, easy to steal, and often already signed in to email, files, password resets, cloud storage, and work apps.
|
||||
|
||||
The exam wants you to know how to protect:
|
||||
- The device
|
||||
- The data on the device
|
||||
- The user account connected to the device
|
||||
- The company network if the phone is used for work
|
||||
|
||||
## Memory Trick
|
||||
|
||||
Use **L-E-A-S-H**:
|
||||
|
||||
- **L**ock the screen
|
||||
- **E**ncrypt the device
|
||||
- **A**pply updates and app controls
|
||||
- **S**ecure with MDM/BYOD policy
|
||||
- **H**ave backup, location, and remote wipe ready
|
||||
|
||||
Shortcut:
|
||||
- **Lost phone = lock, locate, backup, wipe if needed.**
|
||||
|
||||
## Screen Locks
|
||||
|
||||
Common unlock methods:
|
||||
- PIN
|
||||
- Password
|
||||
- Pattern
|
||||
- Fingerprint
|
||||
- Face recognition
|
||||
- Swipe
|
||||
|
||||
Exam priority:
|
||||
- A plain swipe is weak because it does not really authenticate the user.
|
||||
- PIN, password, fingerprint, and face unlock are stronger choices.
|
||||
- Biometrics are convenient, but the device still needs a PIN/password fallback.
|
||||
|
||||
Failed login controls:
|
||||
- Devices can delay login attempts after repeated failures.
|
||||
- Some environments can erase or wipe the device after too many failed attempts.
|
||||
- This protects stolen devices from repeated guessing attempts.
|
||||
|
||||
## Encryption
|
||||
|
||||
Full device encryption protects stored data if the device is lost or stolen.
|
||||
|
||||
What to remember:
|
||||
- Modern iOS devices use strong built-in encryption when a passcode is configured.
|
||||
- Modern Android devices commonly support file-based or full-device encryption.
|
||||
- Encryption is strongest when paired with a real lock method, not swipe-only access.
|
||||
|
||||
Exam clue:
|
||||
- If the question says the phone was stolen and contains sensitive data, think encryption and remote wipe.
|
||||
|
||||
## MDM and Configuration Profiles
|
||||
|
||||
Mobile Device Management, or MDM, lets an organization centrally manage phones and tablets.
|
||||
|
||||
Common MDM actions:
|
||||
- Require a passcode
|
||||
- Require encryption
|
||||
- Push Wi-Fi, VPN, or email settings
|
||||
- Install or restrict apps
|
||||
- Block camera, copy/paste, or cloud sync in some environments
|
||||
- Enforce OS update requirements
|
||||
- Locate, lock, or wipe a managed device
|
||||
|
||||
Common tools and terms:
|
||||
- Microsoft Intune
|
||||
- Apple Configurator
|
||||
- Apple configuration profiles
|
||||
- Android Enterprise
|
||||
|
||||
BYOD means Bring Your Own Device.
|
||||
|
||||
BYOD policy questions usually care about:
|
||||
- Who owns the device
|
||||
- What company data is allowed
|
||||
- Whether the company can wipe only work data or the entire device
|
||||
- Minimum OS version
|
||||
- Screen lock requirements
|
||||
- What happens when employment ends
|
||||
|
||||
## Updates and Patching
|
||||
|
||||
Mobile updates include:
|
||||
- Operating system updates
|
||||
- Security patches
|
||||
- App updates
|
||||
|
||||
Why they matter:
|
||||
- Updates fix vulnerabilities.
|
||||
- App updates can fix security bugs in messaging, browsers, email, banking, and work apps.
|
||||
|
||||
Exam clue:
|
||||
- If the question says a device is missing critical security fixes, update the OS or app.
|
||||
|
||||
## Anti-Malware
|
||||
|
||||
iOS:
|
||||
- More closed app ecosystem.
|
||||
- Apps are more isolated.
|
||||
- Traditional antivirus is less common.
|
||||
|
||||
Android:
|
||||
- More open ecosystem.
|
||||
- Third-party app sources increase risk.
|
||||
- Anti-malware tools are more common, especially in business environments.
|
||||
|
||||
Best protection:
|
||||
- Use official app stores.
|
||||
- Keep the OS updated.
|
||||
- Avoid sideloading unknown apps.
|
||||
- Use MDM controls when the device handles company data.
|
||||
|
||||
## Content Filtering
|
||||
|
||||
Content filtering limits access to unsafe or inappropriate content.
|
||||
|
||||
Examples:
|
||||
- Web filtering
|
||||
- App restrictions
|
||||
- Parental controls
|
||||
- Enterprise browsing controls
|
||||
|
||||
Exam clue:
|
||||
- If the goal is to block categories of websites or unsafe browsing, think content filtering.
|
||||
|
||||
## Locator, Remote Lock, Remote Wipe, and Backup
|
||||
|
||||
Locator services:
|
||||
- Help find a lost device.
|
||||
- Examples: Find My on iPhone, Find My Device on Android.
|
||||
|
||||
Remote lock:
|
||||
- Locks the phone so someone else cannot use it.
|
||||
|
||||
Remote message or sound:
|
||||
- Helps recover a misplaced phone.
|
||||
|
||||
Remote wipe:
|
||||
- Erases data when the device is unlikely to be recovered.
|
||||
- Use carefully because it removes data from the device.
|
||||
|
||||
Remote backup:
|
||||
- Stores device data in cloud backup.
|
||||
- Makes replacement and recovery easier.
|
||||
|
||||
Exam order for a lost phone:
|
||||
1. Locate or lock if recovery is likely.
|
||||
2. Confirm backup status if possible.
|
||||
3. Wipe if data risk is high or recovery is unlikely.
|
||||
|
||||
## Mobile Firewalls
|
||||
|
||||
Mobile firewall apps are less common than desktop firewalls.
|
||||
|
||||
On mobile devices, network control is often handled by:
|
||||
- MDM
|
||||
- VPN apps
|
||||
- Per-app network rules
|
||||
- Enterprise security suites
|
||||
|
||||
Exam clue:
|
||||
- If the question says only approved apps should access company data or network resources, think MDM, VPN, or app access control.
|
||||
|
||||
## Commands To Enter
|
||||
|
||||
This objective is mostly settings-based, so there are not many normal command-line tools for a locked-down phone. Use these commands only to open account/device-security pages from a computer browser.
|
||||
|
||||
Windows:
|
||||
|
||||
```powershell
|
||||
start https://account.microsoft.com/devices
|
||||
```
|
||||
|
||||
What it does:
|
||||
- Opens the Microsoft devices page for the signed-in account in your default browser.
|
||||
- Use it only to inspect registered devices.
|
||||
|
||||
```powershell
|
||||
start https://myaccount.google.com/security
|
||||
```
|
||||
|
||||
What it does:
|
||||
- Opens the Google account security page.
|
||||
- Use it to inspect signed-in devices, security alerts, and recovery options.
|
||||
|
||||
macOS:
|
||||
|
||||
```bash
|
||||
open https://appleid.apple.com
|
||||
```
|
||||
|
||||
What it does:
|
||||
- Opens the Apple ID account page in the default browser.
|
||||
- Use it to review trusted devices and account security settings.
|
||||
|
||||
Linux:
|
||||
|
||||
```bash
|
||||
xdg-open https://myaccount.google.com/security
|
||||
```
|
||||
|
||||
What it does:
|
||||
- Opens the Google account security page in the default browser.
|
||||
- Use it to inspect account security if the command is available on your Linux system.
|
||||
|
||||
Do not erase, wipe, unenroll, reset, or remove a device from an account during this section.
|
||||
|
||||
## Quick Checks
|
||||
|
||||
You should be able to answer:
|
||||
- What protects mobile data at rest?
|
||||
- What is weak about swipe-only unlock?
|
||||
- What does MDM enforce?
|
||||
- Why does BYOD need a policy?
|
||||
- When would remote wipe be appropriate?
|
||||
- Why are OS and app updates security controls?
|
||||
- Why is Android anti-malware more common than iOS anti-malware?
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue