Security Fundamentals

Security Features in Personal Digital Devices

Mobile Devices

Experience suggests that people are more aware of security on desktops and laptops than they are with portable mobile digital devices like tablets and smart-phones. This maybe because a many of the security features on desktop and laptop computers are set by default, straight out of the box, like user authentication. One result, is that cyber-criminals are specifically targeting mobile devices as a point of weakness.

Experts also suggest that security is inadequate with mobile digital devices because of:-

  1. Inadequate technical controls that lack consistency across different devices: i.e.. it's difficult to configure security features, especially given the range of different devices with different operating systems.
  2. Consumers remain unaware of the importance of enabling security features on mobile devices.
Adding Security ...

1. Enable user authentication

Probably the first step that should be taken to improve security in mobile devices. There is the usual password authentication and idle time screen locking, where after a set time of doing nothing, the device self locks to prevent unauthorised access.

Passwords may either be the usual type of passwords or PIN number, but these are increasingly being replaced by fingerprint or face recognition which get round the endless entering of PIN's or passwords every time you use your mobile device.

Alternative Authentication
Verify Software

2. Verify the authenticity of software

Always check the source of any downloaded downloaded software. Most operating systems allow you to see who published the software along with other details. Only install, software from publishers you recognise. If in doubt, don't install it.

3. Enable two factor authentication

Two factor authentication provided a much higher level of security than a password on its own and should be used for any sensitive transactions on mobile devices. Discussed elsewhere, two factor authentication relies upon two different' factors'. Something, you know and something you have i.e. your password and a pass code sent to you at the time of the transaction.

Once both factors are entered then you are granted full access.

Two factor authentication
Mobile Antimalware

4. Install anti-malware software

For many laptops and desktops anti-malware or anti viral software is already pre-installed or 'bundled' with the computer. On mobile digital devices this has to be downloaded and installed to help protect against viruses, Trojans, spyware, ransom ware and other malicious applications.

5. Install a firewall

Install a firewall. Firewalls sit between the device and the internet and help protect the device from unauthorised connections by intercepting outgoing and incoming calls and only allow those programs to form connections based upon a set of permissions. If a program hasn't been given permission then it won't be able to form a connection.

Firewall
Remote Control

6. Enable remote disabling

Activating this feature allows the device to locked or its contents erased entirely if its lost or stolen. If the device is found or recovered then the device can be unlocked. There are also apps - find my phone - that can track your device remotely to aid recovery.

7. Enable encryption

Encrypt files stored on mobile devices and memory cards. This particularly true of sensitive data such as personal or financial information. Users can then only 'open' these files if they are in possession of the key. Some devices come with this facility, in others additional file encryption software may have to be downloaded.

Encrypted Message
Whitelisting

8. Enable 'white-listing'

White-listing is a software control where only trusted software is given permission to execute certain commands. The safe programs are added to the 'white' list. Denying permission to unknown programs is the default setting.

Any program or app not on the list are denied permission to run or denied access to resources like cameras or web browsers. Compare to 'blacklisting' where a list of forbidden programs is kept and any programs not on the list are allowed to run.

Tasks

Guess what? Create a page in your notebook titled Security Features in Personal Digital Devices.

  1. Explain why desktops and laptops are often more secure than mobile digital devices.
  2. Provide 5 precaution that users can do to make their digital devices more secure. For each precaution identify how it adds to the security of the device.
  3. Explain the difference between 'whitelisting' and 'blacklisting'.
  4. Make a list of the security features you have activated on your phone.
Secure Devices
You should be able to:-
  • Outline a number of security features available in mobile digital devices.
  • Describe in general terms how each feature adds to the security of the mobile device.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee