Solved

Recommend Pen test & VA for IOS 9 & Android devices (Ver 5.x) used for reading emails & storing confidential office docs

Posted on 2016-07-14
2
135 Views
Last Modified: 2016-08-01
To permit iPads, iPhones, Samsung & Sony to be used to be connected to corporate network for reading emails
& storing confidential office docs, what are the Pen tests & vulnerability assessments we should perform on
these devices?  Some are personal while some are BYOD.

Do recommend  scanners & tools commonly used in the industry.

Unlike fixed servers that are always in the datacentre, as users may not schedule a downtime, the scans &
VAs need to be performed when these devices connected to the corporate Wifi


Does McAfee has a version of AV for IOS Ver 9.x & Android 5.x ?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:sunhux
ID: 41711614
one more query:
how do we segregate personal & corporate data on these BYOD devices?
What's the practice in the industry?
0
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 41712778
For Pentest & VA on mobile device, you may consider this OWASP sharing - it covers the below
iPhone:
-Network Communication
-Privacy
-Application Data Storage
-Reverse Engineering
-URL Schemes
-Push Notification

Android:
– Attacking test based systerm
– Attacking test based application
– Attacking test based transmission link
– Attacking test based wap site
(pdf) https://www.owasp.org/images/4/40/Pentesting_Mobile_Applications.pdf

Below tools to provide automated tools to carry out penetration testing tasks
apps run scans to find open networks, locate devices on the network and determine vulnerabilities on the devices. Once vulnerabilities are discovered the Anit can run some exploits from Metasploit and ExploitDB to gain access at which point  you can then trigger various actions remotely taking a screen shot to ejecting the disc drive to prove you have control of the target machine
- Zimperium Android Network Toolkit (Anti - http://www.zantiapp.com/anti.html)
- dSploit (http://www.dsploit.net/)

To segregate personal and corporate you need to leverage the containerization and from practices, Mobile App Mgmt provider can do it but they need user to install an agent which may not be palatable to user of their personal (BYOD) phone  as compared to Enterprise managed phone.
1

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question