Solved

Recommend Pen test & VA for IOS 9 & Android devices (Ver 5.x) used for reading emails & storing confidential office docs

Posted on 2016-07-14
2
77 Views
Last Modified: 2016-08-01
To permit iPads, iPhones, Samsung & Sony to be used to be connected to corporate network for reading emails
& storing confidential office docs, what are the Pen tests & vulnerability assessments we should perform on
these devices?  Some are personal while some are BYOD.

Do recommend  scanners & tools commonly used in the industry.

Unlike fixed servers that are always in the datacentre, as users may not schedule a downtime, the scans &
VAs need to be performed when these devices connected to the corporate Wifi


Does McAfee has a version of AV for IOS Ver 9.x & Android 5.x ?
0
Comment
Question by:sunhux
2 Comments
 

Author Comment

by:sunhux
ID: 41711614
one more query:
how do we segregate personal & corporate data on these BYOD devices?
What's the practice in the industry?
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 41712778
For Pentest & VA on mobile device, you may consider this OWASP sharing - it covers the below
iPhone:
-Network Communication
-Privacy
-Application Data Storage
-Reverse Engineering
-URL Schemes
-Push Notification

Android:
– Attacking test based systerm
– Attacking test based application
– Attacking test based transmission link
– Attacking test based wap site
(pdf) https://www.owasp.org/images/4/40/Pentesting_Mobile_Applications.pdf

Below tools to provide automated tools to carry out penetration testing tasks
apps run scans to find open networks, locate devices on the network and determine vulnerabilities on the devices. Once vulnerabilities are discovered the Anit can run some exploits from Metasploit and ExploitDB to gain access at which point  you can then trigger various actions remotely taking a screen shot to ejecting the disc drive to prove you have control of the target machine
- Zimperium Android Network Toolkit (Anti - http://www.zantiapp.com/anti.html)
- dSploit (http://www.dsploit.net/)

To segregate personal and corporate you need to leverage the containerization and from practices, Mobile App Mgmt provider can do it but they need user to install an agent which may not be palatable to user of their personal (BYOD) phone  as compared to Enterprise managed phone.
1

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now