Solved

Recommend Pen test & VA for IOS 9 & Android devices (Ver 5.x) used for reading emails & storing confidential office docs

Posted on 2016-07-14
2
91 Views
Last Modified: 2016-08-01
To permit iPads, iPhones, Samsung & Sony to be used to be connected to corporate network for reading emails
& storing confidential office docs, what are the Pen tests & vulnerability assessments we should perform on
these devices?  Some are personal while some are BYOD.

Do recommend  scanners & tools commonly used in the industry.

Unlike fixed servers that are always in the datacentre, as users may not schedule a downtime, the scans &
VAs need to be performed when these devices connected to the corporate Wifi


Does McAfee has a version of AV for IOS Ver 9.x & Android 5.x ?
0
Comment
Question by:sunhux
2 Comments
 

Author Comment

by:sunhux
ID: 41711614
one more query:
how do we segregate personal & corporate data on these BYOD devices?
What's the practice in the industry?
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41712778
For Pentest & VA on mobile device, you may consider this OWASP sharing - it covers the below
iPhone:
-Network Communication
-Privacy
-Application Data Storage
-Reverse Engineering
-URL Schemes
-Push Notification

Android:
– Attacking test based systerm
– Attacking test based application
– Attacking test based transmission link
– Attacking test based wap site
(pdf) https://www.owasp.org/images/4/40/Pentesting_Mobile_Applications.pdf

Below tools to provide automated tools to carry out penetration testing tasks
apps run scans to find open networks, locate devices on the network and determine vulnerabilities on the devices. Once vulnerabilities are discovered the Anit can run some exploits from Metasploit and ExploitDB to gain access at which point  you can then trigger various actions remotely taking a screen shot to ejecting the disc drive to prove you have control of the target machine
- Zimperium Android Network Toolkit (Anti - http://www.zantiapp.com/anti.html)
- dSploit (http://www.dsploit.net/)

To segregate personal and corporate you need to leverage the containerization and from practices, Mobile App Mgmt provider can do it but they need user to install an agent which may not be palatable to user of their personal (BYOD) phone  as compared to Enterprise managed phone.
1

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
iOS 10.1.1 2 47
webroot plus microsoft security essentials 2 111
Upgrade Symantec EndPoint Protection 14 13 117
Place to store Android app 19 47
Read about achieving the basic levels of HRIS security in the workplace.
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now