Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 184
  • Last Modified:

Recommend Pen test & VA for IOS 9 & Android devices (Ver 5.x) used for reading emails & storing confidential office docs

To permit iPads, iPhones, Samsung & Sony to be used to be connected to corporate network for reading emails
& storing confidential office docs, what are the Pen tests & vulnerability assessments we should perform on
these devices?  Some are personal while some are BYOD.

Do recommend  scanners & tools commonly used in the industry.

Unlike fixed servers that are always in the datacentre, as users may not schedule a downtime, the scans &
VAs need to be performed when these devices connected to the corporate Wifi


Does McAfee has a version of AV for IOS Ver 9.x & Android 5.x ?
0
sunhux
Asked:
sunhux
1 Solution
 
sunhuxAuthor Commented:
one more query:
how do we segregate personal & corporate data on these BYOD devices?
What's the practice in the industry?
0
 
btanExec ConsultantCommented:
For Pentest & VA on mobile device, you may consider this OWASP sharing - it covers the below
iPhone:
-Network Communication
-Privacy
-Application Data Storage
-Reverse Engineering
-URL Schemes
-Push Notification

Android:
– Attacking test based systerm
– Attacking test based application
– Attacking test based transmission link
– Attacking test based wap site
(pdf) https://www.owasp.org/images/4/40/Pentesting_Mobile_Applications.pdf

Below tools to provide automated tools to carry out penetration testing tasks
apps run scans to find open networks, locate devices on the network and determine vulnerabilities on the devices. Once vulnerabilities are discovered the Anit can run some exploits from Metasploit and ExploitDB to gain access at which point  you can then trigger various actions remotely taking a screen shot to ejecting the disc drive to prove you have control of the target machine
- Zimperium Android Network Toolkit (Anti - http://www.zantiapp.com/anti.html)
- dSploit (http://www.dsploit.net/)

To segregate personal and corporate you need to leverage the containerization and from practices, Mobile App Mgmt provider can do it but they need user to install an agent which may not be palatable to user of their personal (BYOD) phone  as compared to Enterprise managed phone.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now