Sep 17, 2019
CIS 430 - Mobile Security 5 Credits
This course focuses on what is involved when wireless and mobile devices are incorporated on a network. BYOD (Bring Your Own Device) is extremely popular in the 21st century. Both employees and visitors attach a variety of devices to a network with such broad access, how does one protect the crucial elements of the network? In the case of a hospital, how does this workplace allow emergency medical equipment and visitors onto the wireless? Students will design and test their architecture against standard attacks.
Pre-requisite(s) CIS 320 min 2.0
Program Admission Required Yes Admitted Program BAS - CIS
Designed to Serve For students admitted to the BAS program in CyberSecurity and Forensics.
Active Date 2015-06-08
Grading System Decimal Grade
Class Limit 24
Contact Hours: Lecture 44 Lab 22 Worksite 0 Clinical 0 Other 0
Total Contact Hours 66
I. Overview of Mobile devices
A. Similarities and Differences with other computing devices
B. Mobile device characteristics
C. Threats and Vulnerabilities
D. Physical Security Controls
E. Use of untrusted/known insecure devices
F. Use of untrusted networks
G. Use of untrusted applications
H. Use of untrusted content
I. Interaction with other devices
II. Technologies for mobile device management
A. Common approaches to centralized mobile device management
a. messaging servers management capabilities
b. third party products
a. General policy
b. Data communication and storage
c. User and device authentication
III. Corporate mobile device policy considerations
A. Communications/data carrier
B. Acceptable Use policy
D. Feature requirement
E. Disabling of features
a. Personal vs. corporate
b. Corporate developed
c. 3rd party
d. Open market
G. Co-mixing of personal and corporate data
H. Device wiping
I. Termination of employee
J. Device theft and/or EOL
III. Mobile device security policy life cycle
N. Device Operations and Maintenance
O. Device EOL/disposal
IV. Mobile device file structures
A. Flash Storage
B. Linux Flash File Systems
a. JFFS, JFFS2, YAFFS, UBIFS, F2FS
C. Flash Transition Layer
D. iOS File System
E. Database types and locations
F. Database and XML schemes
V. Mobile device Vulnerability Assessments
A. Definition of vulnerabilities
a. Operating System
c. User knowledge and habits
d. Computer, network and cloud connections
B. Assessment Tools
C. Assessment Methods
D. Legal implications of assessing non-corporate devices
VI. Device pen-testing
D. Implications of mobile device breach
F. Addressing critical exposures
Student Learning Outcomes
Identify the characteristics of mobile devices; commonalities and differences.
Identify the most common approaches to centralized mobile device management.
Identify, compare and contrast the aspects of mobile device policies.
Discuss the mobile device security policy life cycle.
Compare and contrast various mobile device file structures.
Discuss common and current mobile device vulnerabilities.
Understand the tools and methodologies of a mobile device penetration test.
[Add to Portfolio]