WEBVTT

00:00.259 --> 00:04.275
>> Enterprise mobility
security part 1.

00:04.275 --> 00:07.110
The learning objectives
for this lesson are to

00:07.110 --> 00:09.510
explain Mobile Device
Management software,

00:09.510 --> 00:11.220
to explore mobile device

00:11.220 --> 00:13.455
connectivity options
and their risks,

00:13.455 --> 00:16.605
and to learn about
WPA3 and Wi-Fi 6.

00:16.605 --> 00:18.240
Let's get started.

00:18.240 --> 00:21.990
Enterprise Mobility
Management are policies and

00:21.990 --> 00:24.150
technology tools
that allow us to

00:24.150 --> 00:27.885
centrally manage the mobile
devices on our network.

00:27.885 --> 00:30.390
It allows us to
control the way users

00:30.390 --> 00:32.760
themselves are allowed
to use the devices.

00:32.760 --> 00:35.355
For example, what apps
are allowed to be used,

00:35.355 --> 00:37.795
and overall device security.

00:37.795 --> 00:42.590
Now a subset of EMM is Mobile
Device Management or MDM.

00:42.590 --> 00:45.170
This focuses on making
sure the devices are

00:45.170 --> 00:48.335
compliant with our organizational
security policies.

00:48.335 --> 00:51.500
For example, we can institute
application controls

00:51.500 --> 00:54.710
which have an allow
list and a block list.

00:54.710 --> 00:57.320
We can require strong
password controls to ensure

00:57.320 --> 01:00.545
that users are choosing good
passwords for the devices.

01:00.545 --> 01:02.180
In a similar way, we can use

01:02.180 --> 01:04.550
multi-factor authentication
requirements to

01:04.550 --> 01:05.810
make sure that MFA

01:05.810 --> 01:07.865
is used before gaining access to

01:07.865 --> 01:11.285
any network resources from
one of these managed devices.

01:11.285 --> 01:13.865
Also, we can use
token-based access.

01:13.865 --> 01:16.385
This utilizes network
access control,

01:16.385 --> 01:19.070
and it requires that a
device provide a valid

01:19.070 --> 01:20.750
token before it's allowed to

01:20.750 --> 01:22.550
gain access to
network resources.

01:22.550 --> 01:26.000
An MDM also allows for
a patch repository.

01:26.000 --> 01:28.940
This is a centralized
management way of

01:28.940 --> 01:32.255
pushing out updates and
patches to devices.

01:32.255 --> 01:33.800
In this way, we can control how

01:33.800 --> 01:35.510
those updates are
being pushed out and

01:35.510 --> 01:37.235
schedule them to ensure that

01:37.235 --> 01:40.560
all devices are being kept
up-to-date and current.

01:41.270 --> 01:43.645
Device certificates.

01:43.645 --> 01:46.295
The first column we have
our trust certificates.

01:46.295 --> 01:48.664
These are used to
globally identify

01:48.664 --> 01:51.380
a trusted device within
a given organization.

01:51.380 --> 01:54.680
The key is, if that
certificate is ever copied,

01:54.680 --> 01:56.360
any device can use it and

01:56.360 --> 01:58.700
the certificate must be
immediately revoked.

01:58.700 --> 02:01.640
We also have user specific
certificates that

02:01.640 --> 02:04.805
utilize a more granular
control for allowing access,

02:04.805 --> 02:08.700
and also they're easier
to identify and revoke.

02:09.860 --> 02:12.295
Firmware over-the-air.

02:12.295 --> 02:15.695
Now, baseband has
updates that modify

02:15.695 --> 02:19.040
the firmware of the
radio for modems,

02:19.040 --> 02:21.890
such as our cellular
modem, Wi-Fi, Bluetooth,

02:21.890 --> 02:25.280
NFC, near-field communication,
and GPS operations.

02:25.280 --> 02:27.260
This firmware is separate from

02:27.260 --> 02:29.125
the device's own
operating system.

02:29.125 --> 02:31.860
There have been vulnerabilities
and these in the past

02:31.860 --> 02:34.990
and it's very critical that
we keep them up-to-date.

02:34.990 --> 02:38.845
Over the air, OTA updates
are delivered via

02:38.845 --> 02:40.930
the cellular network
or Wi-Fi connections

02:40.930 --> 02:44.200
to the device for these updates.

02:44.690 --> 02:48.865
Remote wipe. If a device
is ever lost or stolen,

02:48.865 --> 02:50.560
there is a way that
it can be restored to

02:50.560 --> 02:52.255
factory default and have

02:52.255 --> 02:54.235
all of the sensitive
data removed.

02:54.235 --> 02:55.870
This can be triggered,
for example,

02:55.870 --> 02:59.050
by putting the wrong password
in too many times or also

02:59.050 --> 03:00.520
we could send the command to

03:00.520 --> 03:02.530
the device
over-the-air to do so.

03:02.530 --> 03:04.420
However, there is a
way of preventing

03:04.420 --> 03:06.385
this by using a faraday bag.

03:06.385 --> 03:09.025
If you were to put your
mobile device in this bag,

03:09.025 --> 03:10.420
it would not be able to receive

03:10.420 --> 03:11.950
the command via the cellular

03:11.950 --> 03:16.910
or Wi-Fi network to
execute that remote wipe.

03:17.270 --> 03:21.195
Wi-Fi protected
Access 3 or WPA3.

03:21.195 --> 03:26.045
Now, neither web or WPA is
considered safe at all.

03:26.045 --> 03:27.905
No one should be using
either of these.

03:27.905 --> 03:32.645
WPA2 uses AES encryption
with 128 bit key.

03:32.645 --> 03:35.015
While it's stronger,
it's still vulnerable.

03:35.015 --> 03:37.070
The key to remember
about WPA2 is

03:37.070 --> 03:39.395
the vulnerability is not
in the encryption itself,

03:39.395 --> 03:42.025
but rather how that
encryption was implemented.

03:42.025 --> 03:44.270
WPA3 was designed to

03:44.270 --> 03:47.090
address some of the
weaknesses in WPA2.

03:47.090 --> 03:48.440
For example, now we have

03:48.440 --> 03:50.660
simultaneous
authentication of equals,

03:50.660 --> 03:53.240
this replaces WPA
4 way handshake

03:53.240 --> 03:54.800
with a Diffie Hellman agreement.

03:54.800 --> 03:57.080
We also have enhanced open,

03:57.080 --> 03:59.980
which is an encrypted in
open authentication method.

03:59.980 --> 04:02.390
We also upgraded the
crypto protocols in

04:02.390 --> 04:05.000
WPA3 by replacing the AES,

04:05.000 --> 04:07.775
CCMP with AES, GCMP.

04:07.775 --> 04:10.370
This allows for 192 bit key.

04:10.370 --> 04:15.090
Enterprise users are required
to use this 192 bit key.

04:15.580 --> 04:18.700
Near field
communications or NFC.

04:18.700 --> 04:20.765
This is based on a specific type

04:20.765 --> 04:23.255
of radio frequency ID or RFID,

04:23.255 --> 04:25.940
and it's included with
most modern smartphones.

04:25.940 --> 04:29.555
It can be used to read passive
RFID tags at close range,

04:29.555 --> 04:31.640
but it can also be used
to exchange information

04:31.640 --> 04:34.360
such as business cards
from device to device.

04:34.360 --> 04:36.290
NFC is not encrypted,

04:36.290 --> 04:38.150
and that's really
important to remember.

04:38.150 --> 04:39.950
But the most common use of NFC

04:39.950 --> 04:41.855
today is for
contactless payment.

04:41.855 --> 04:43.625
Examples would be Apple Pay,

04:43.625 --> 04:45.350
Google Pay, and Samsung Pay.

04:45.350 --> 04:47.330
It's vulnerable to
many other types of

04:47.330 --> 04:50.520
attacks such as men in
the middle and skimming.

04:50.720 --> 04:53.240
Bluetooth. Bluetooth is

04:53.240 --> 04:55.760
a short range wireless
communication protocol.

04:55.760 --> 04:57.020
It can be used to create your

04:57.020 --> 04:58.700
own wireless personal networks.

04:58.700 --> 05:01.010
It's often used to
connect other devices,

05:01.010 --> 05:03.200
such as keyboards,
mice, and headsets.

05:03.200 --> 05:05.330
There are several types
of attacks that are

05:05.330 --> 05:07.280
targeted towards Bluetooth,

05:07.280 --> 05:10.070
but by far the most dangerous
is the blue borne attack.

05:10.070 --> 05:11.330
Blue born allows for

05:11.330 --> 05:14.090
complete device control
by an attacker and it

05:14.090 --> 05:16.085
doesn't even require that
the attacker be paired

05:16.085 --> 05:19.350
or connected to the
victims device.

05:20.290 --> 05:23.800
Mobile device
connectivity, peripherals.

05:23.800 --> 05:26.390
Peripherals are any additional
tech that we want to

05:26.390 --> 05:28.985
connect to our mobile
devices such as speakers,

05:28.985 --> 05:31.340
keyboards, headphones,
chargers or mice.

05:31.340 --> 05:33.170
They can also be manipulated and

05:33.170 --> 05:35.825
become malicious to
that mobile device.

05:35.825 --> 05:38.600
Tethering is using
the smart device to

05:38.600 --> 05:41.839
share its data connection
with other devices.

05:41.839 --> 05:46.160
You can connect other device
to your phone via Bluetooth,

05:46.160 --> 05:48.260
Wi-Fi, or the USB cable,

05:48.260 --> 05:50.210
and then use the phones or

05:50.210 --> 05:52.430
the tablets Internet
connection via

05:52.430 --> 05:55.830
cellular and share it out
to those other devices.

05:56.830 --> 05:59.030
Instructor side note. Now,

05:59.030 --> 06:00.650
peripherals can be
very dangerous.

06:00.650 --> 06:03.860
The device and this
picture is an OMG cable.

06:03.860 --> 06:06.890
In this case, it is
Apple lightning cable.

06:06.890 --> 06:11.165
But the company also makes
USBC and USB micro cables.

06:11.165 --> 06:12.875
It's not just an Apple thing.

06:12.875 --> 06:14.645
Inside of this cable is

06:14.645 --> 06:18.120
a mini-computer that
also has Wi-Fi.

06:18.120 --> 06:22.570
You plug this into your
phone and a computer,

06:22.570 --> 06:26.050
it can actually steal
data or introduce

06:26.050 --> 06:28.405
malicious content to your phone

06:28.405 --> 06:29.940
or the computer is plugged into,

06:29.940 --> 06:31.930
and because the cable has Wi-Fi,

06:31.930 --> 06:35.530
the attacker can connect
to the cable via

06:35.530 --> 06:37.810
Wi-Fi to get access to either

06:37.810 --> 06:39.070
the computer is plugged into or

06:39.070 --> 06:40.690
the device that's plugged into.

06:40.690 --> 06:41.995
On top of all of that,

06:41.995 --> 06:47.340
it also has a key logger
in it. Device encryption.

06:47.340 --> 06:49.300
Now, mobile devices
often contain

06:49.300 --> 06:50.500
sensitive data and because

06:50.500 --> 06:52.015
of that, we've got
to protect them.

06:52.015 --> 06:53.695
Encryption allows for the data

06:53.695 --> 06:55.550
on the device to be secured.

06:55.550 --> 06:57.635
Starting with Android 9,

06:57.635 --> 07:01.045
Android has hardware support
to encrypt metadata.

07:01.045 --> 07:02.740
This covers anything that's not

07:02.740 --> 07:04.960
encrypted by the
file-based encryption.

07:04.960 --> 07:07.255
Apple iOS devices use

07:07.255 --> 07:10.750
a unique 256-bit ID
for each device.

07:10.750 --> 07:13.135
This is stored in
the hardware device.

07:13.135 --> 07:14.785
This two 56-bit ID,

07:14.785 --> 07:16.375
combined with a user's password,

07:16.375 --> 07:19.250
encrypts all the
data on the device.

07:19.880 --> 07:24.610
VPNs. We can also use VPNs
on our mobile devices.

07:24.610 --> 07:26.020
We start at the OS level,

07:26.020 --> 07:29.530
which is where everything is
connected through the VPN.

07:29.530 --> 07:31.050
It's considered always on.

07:31.050 --> 07:32.860
All data leaving and coming to

07:32.860 --> 07:35.185
the device is encrypted
over the VPN.

07:35.185 --> 07:37.480
But we also have app level VPN,

07:37.480 --> 07:40.240
which protects the data
of a specific app.

07:40.240 --> 07:43.585
Finally, there's web-based VPN,

07:43.585 --> 07:46.150
which is usually done
with inside of a browser.

07:46.150 --> 07:47.800
The common uses for this is to

07:47.800 --> 07:50.780
bypass geo-restrictions
or firewalls.

07:51.750 --> 07:54.010
Location services.

07:54.010 --> 07:57.580
This is used provide geographical
position of the device.

07:57.580 --> 07:59.920
We can use several
methods to do so.

07:59.920 --> 08:02.155
But by far, GPS is
the most common.

08:02.155 --> 08:05.785
But we can also use cellular
tower triangulation,

08:05.785 --> 08:08.230
Wi-Fi signals, and Bluetooth.

08:08.230 --> 08:11.050
Geofencing is when we
allow different levels

08:11.050 --> 08:13.585
of access based on the
device's location.

08:13.585 --> 08:15.339
Within sight of our corporation,

08:15.339 --> 08:16.960
we might give it full access,

08:16.960 --> 08:18.700
but once it leaves the building,

08:18.700 --> 08:21.980
then it's no longer allowed
to access network resources.

08:21.980 --> 08:24.570
Geotagging is adding addition or

08:24.570 --> 08:27.934
locational metadata
to files or devices,

08:27.934 --> 08:30.990
and we use this for
asset management.

08:32.230 --> 08:35.060
DNS protection. Now, by default,

08:35.060 --> 08:38.704
DNS is unencrypted, and this
allows for interception.

08:38.704 --> 08:41.420
But we can also use
custom DNS services,

08:41.420 --> 08:45.170
for example, Quad 9 or
Cloudflare or Cisco's umbrella.

08:45.170 --> 08:47.270
Using these services allow us

08:47.270 --> 08:50.209
to filter malicious
DNS requests.

08:50.209 --> 08:53.060
We also have DNS over HTTPS,

08:53.060 --> 08:55.550
and this will encrypt
the DNS traffic because

08:55.550 --> 08:58.519
it's tunneled over
HTTPS using TLS.

08:58.519 --> 09:00.650
This will encrypt
the DNS request.

09:00.650 --> 09:03.020
But it can cause this use
to organizations as they

09:03.020 --> 09:05.645
can no longer see the requests
leaving their network.

09:05.645 --> 09:09.030
It's often used by malware
to help hide itself.

09:09.250 --> 09:11.990
Let's summarize. We went

09:11.990 --> 09:13.955
over Enterprise
Mobility Management,

09:13.955 --> 09:15.560
we discussed WPA3 and

09:15.560 --> 09:18.785
Wi-Fi 6 and we went
over remote wiping.

09:18.785 --> 09:21.470
Mobile device connectivity
options and their risks.

09:21.470 --> 09:25.135
We also discussed Device
Configuration Profiles.

09:25.135 --> 09:27.695
Let's do some example questions.

09:27.695 --> 09:31.955
Question 1, this mobile
device configuration setting

09:31.955 --> 09:33.950
allows for the granting
or removing of

09:33.950 --> 09:37.680
access rise based on the
devices physical location.

09:38.120 --> 09:43.735
Geofencing. Question 2,

09:43.735 --> 09:46.670
this feature of mobile
devices allows the device to

09:46.670 --> 09:50.405
share its internet connection
with other nearby devices.

09:50.405 --> 09:54.430
Tethering. Question 3,

09:54.430 --> 09:56.300
this mobile device
security measure

09:56.300 --> 09:57.740
allows for all data on

09:57.740 --> 10:01.660
a device to be wiped under
certain defined circumstances.

10:01.660 --> 10:05.655
Remote wiping.
Finally, Question 4.

10:05.655 --> 10:08.030
This is a suite of policies
and tools designed to

10:08.030 --> 10:11.419
centralize remote management
of mobile devices.

10:11.419 --> 10:13.745
Enterprise Mobility Management.

10:13.745 --> 10:15.530
I hope this lesson
was helpful for you,

10:15.530 --> 10:17.700
and I'll see you
in the next one.