SEC571: Mobile Device Security
One constant in the rapidly evolving mobile device market is user demand for access to corporate data. Whether corporate or employee-owned (the bring your own device or BYOD model), mobile device use creates new challenges for organizations that must safeguard sensitive data.
This course is designed to help students gain the skills necessary to implement a secure mobile device deployment. Students will examine the threats and vulnerabilities affecting mobile device deployments, understand legal issues and constraints facing organizations, and develop policies and controls to guide mobile device use. Focusing on Apple iOS, Android and BlackBerry devices, students will learn about the architectural strengths and weaknesses of each platform, identifying countermeasures and risk mitigation tactics to protect against common threats. Students learn to use a combination of policy, mobile device management (MDM) and network controls, and automated application security analysis tools to defend against common threats including mobile device malware, stolen devices, wireless attacks and rooted or jailbroken devices. Throughout the course, a combination of lecture, hands-on lab exercises and real-world experience is used to guide students through a tested model for secure mobile device use.
A Sampling of Topics
- Evaluating mobile device management (MDM) solutions
- Mitigating the threat of stolen devices
- Security analysis of iOS 7, Android 4.4, and BlackBerry 10
- Building a lab for testing mobile device controls
- Developing policies for mobile device use
- Evaluating mobile malware threats
- Rooting and Jailbreaking mobile devices
- Mobile app security analysis
Throughout the course, students will participate in hands-on lab exercises. Students must bring their own laptops to class that meet the requirements described below.
Students must bring a Windows 7, Windows Vista, or Windows XP laptop to class, preferably running natively on the system hardware. It is possible to complete the lab exercises using a virtualized Windows installation, however, this will result in reduced performance when running device emulators within the virtualized Windows host. If you are a Windows XP user, make sure you also have the .NET 3.5 framework installed, which can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=21 .
Administrative Windows Access
For several tools utilized in the course, students will be required to perform actions with administrative privileges. Students must have administrative access on their Windows host, including the ability to unload or disable security software such as anti-virus or firewall agents as necessary for the completion of lab exercises.
Students will use a virtualized MobiSec Linux VMware guest for several lab exercises. VMware Workstation or VMware Player is recommended. Note that there is no cost associated with the use of VMware Player, which can be downloaded from the VMware website.
While some students successfully use VMware Fusion for the exercises, the relative instability of VMware Fusion may introduce delays in exercise preparation, preventing the timely completion of lab exercises. VirtualBox and other virtualization tools are not supported at this time.
Several of the software components used in the course are hardware intensive, requiring more system resources than what might be required otherwise for day-to-day use of a system. Please ensure your laptop meets the following minimum hardware requirements:
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.
|Who Should Attend|
*CPE/CMU credits not offered for the SelfStudy delivery method