There are many methods available to reduce risks associated with mobile devices. Some methods focus on device security, while others focus on application security. If you’re planning to take the Security+ exam, you should have a basic understanding of mobile security concepts and technologies.
For example, can you answer this question?
Q. Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?
A. Asset tracking
B. Screen lock
C. Mobile device management
D. GPS tracking
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
Locating a Lost Device
The primary scenario that concerns mobile device users and administrators is loss or theft of a device. For example, if a thief steals Homer’s smartphone or tablet, Homer will have two primary concerns. He’ll want to locate the device and prevent the thief from accessing any data on the device. Several tools address both of these concerns.
The primary tool used to locate a lost device is Global Positioning System (GPS), which pinpoints its location. GPS capabilities are standard on smartphones and tablets. As an example, Apple products use iCloud features and can help you locate iPhones and iPads from any computer with Internet access. The Find My iPhone or Find My iPad feature needs to be enabled on the device before it is lost. You can then log onto the iCloud site with a web browser.
The following figure shows a screenshot of the Find My iPhone web page after locating an iPad. I expanded the map to show more states, but you can easily home in on the exact street location. With just a few clicks, you can play a sound on the iPad (to help you find it), put it into Lost mode, or erase it.
Find My iPhone
Lost mode locks it with a passcode and displays a message on the screen. If you enter your phone number, the message includes your phone number. If a Good Samaritan finds your device, she can use this phone number to call you and return your device. The Erase iPad selection sends a signal to erase all data and settings on the device. After everything is erased, it will display a custom message from you, along with your phone number. However, you won’t be able to access any features to locate the device.
It’s worthwhile mentioning that while GPS can be an effective tool to help you locate and recover a system, it can also be a vulnerability. An attacker may be able to use GPS to track the location of an individual who owns a mobile device. Because of this, many users disable GPS tracking.
The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study GuideEach of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
Device Security Concepts and Concerns
Mobile device security includes device encryption to protect the data, screen locks to help prevent unauthorized access, and remote wipe capabilities to delete all data on a lost phone. Radio-frequency identification (RFID) methods are often used for inventory control.
The following list summarizes some device security concepts and concerns:
- Screen locks. Most devices support the use of a passcode or password to lock the device. This is similar to a password-protected screen saver on desktop systems and prevents someone from easily accessing the device and the data it contains. You probably won’t keep the thief out of your mobile device for very long, but you can slow someone down. This gives you time to send a remote wipe signal before the thief accesses the data. Some devices have an additional setting that erases all the data if the incorrect passcode is entered too many times.
- Lockout. Many devices include a lockout feature, such as iPad’s Lost mode lock. It can send a signal to lock the device with a passcode, even if it didn’t originally have a passcode.
- Remote wiping. This is similar to the Erase iPad feature. It sends a remote signal to the device to wipe or erase all the data. Remote wipe capabilities are useful if the phone is lost. The owner can send a remote wipe signal to the phone to delete all the data on the phone. This also deletes any cached data, such as cached online banking passwords, and provides a complete sanitization of the device by removing all valuable data.
- Asset tracking. Mobile devices are easy to lose track of so organizations often use asset-tracking methods to reduce losses. For example, when a user is issued a mobile device, asset-tracking methods record it. Similarly, if the user leaves the company, asset-tracking methods ensure the user returns the device.
- Inventory control. Many organizations use automated methods for inventory control. For example, radio-frequency identification (RFID) methods can track the movement of devices. These are the same types of devices used in stores to prevent shoplifting. If someone exits without paying, the RFID device transmits when the shoplifter gets close to the exit door, and sounds an alarm. Organizations won’t necessarily have an alarm, but they can track the movement of devices.
Q. Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?
A. Asset tracking
B. Screen lock
C. Mobile device management
D. GPS tracking
Answer is B. A screen lock helps prevent data loss in the event of theft of a mobile device storing sensitive information.
Other security controls (not listed as answers in this question) that help prevent loss of data in this situation are account lockouts, full device encryption, and remote wipe capabilities.
Asset tracking is an inventory control method.
Mobile device management helps keep systems up to date with current patches.
Global positioning system (GPS) tracking helps locate the device.
