Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Recommend Pen test & VA for IOS 9 & Android devices (Ver 5.x) used for reading emails & storing confidential office docs

Posted on 2016-07-14
2
Medium Priority
?
165 Views
Last Modified: 2016-08-01
To permit iPads, iPhones, Samsung & Sony to be used to be connected to corporate network for reading emails
& storing confidential office docs, what are the Pen tests & vulnerability assessments we should perform on
these devices?  Some are personal while some are BYOD.

Do recommend  scanners & tools commonly used in the industry.

Unlike fixed servers that are always in the datacentre, as users may not schedule a downtime, the scans &
VAs need to be performed when these devices connected to the corporate Wifi


Does McAfee has a version of AV for IOS Ver 9.x & Android 5.x ?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:sunhux
ID: 41711614
one more query:
how do we segregate personal & corporate data on these BYOD devices?
What's the practice in the industry?
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 41712778
For Pentest & VA on mobile device, you may consider this OWASP sharing - it covers the below
iPhone:
-Network Communication
-Privacy
-Application Data Storage
-Reverse Engineering
-URL Schemes
-Push Notification

Android:
– Attacking test based systerm
– Attacking test based application
– Attacking test based transmission link
– Attacking test based wap site
(pdf) https://www.owasp.org/images/4/40/Pentesting_Mobile_Applications.pdf

Below tools to provide automated tools to carry out penetration testing tasks
apps run scans to find open networks, locate devices on the network and determine vulnerabilities on the devices. Once vulnerabilities are discovered the Anit can run some exploits from Metasploit and ExploitDB to gain access at which point  you can then trigger various actions remotely taking a screen shot to ejecting the disc drive to prove you have control of the target machine
- Zimperium Android Network Toolkit (Anti - http://www.zantiapp.com/anti.html)
- dSploit (http://www.dsploit.net/)

To segregate personal and corporate you need to leverage the containerization and from practices, Mobile App Mgmt provider can do it but they need user to install an agent which may not be palatable to user of their personal (BYOD) phone  as compared to Enterprise managed phone.
1

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days software publishers make it possible to move all the possible applications on smartphones, tablets, smartwatches, and more. Although behind every logic and decision is a gross doubt: how do they make it possible? In this blog post, we sha…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question