Mobile Device Security Assessment

 
MobileDevice.png
 

Mobile Device Security Assessment

Identify misconfigurations, insecure policies and lack of hardening of mobile devices

Improsec delivers an independent security analysis and assessment of mobile devices, such as smartphones, tablets, handheld scanners, etc. The configuration of the devices is compared to best practice and the impact of any identified weaknesses is assessed, after which tangible recommendations are provided. Our assessment can include securing both organization-provided and personally-owned (Bring Your Own Device, BYOD) mobile devices.

Value

  • Identify misconfigurations, insecure policies, deviations from best practice and lack of hardening of mobile devices

  • Reduce attack surface of the organization

  • Recommendations to strengthen the level of security and how hardening can be applied

Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision makers

  • A technical section including detailed observations and tangible recommendations to improve the security level and hardening of the device

Method

Our methodology is based upon our experience within security testing of mobile devices and is further supported by NIST’s “Guidelines for Managing the Security of Mobile Devices in the Enterprise”. The methodology is specifically made for security analysis and assessment of mobile devices and cover areas such as:

  • Mobile Device Management (MDM) including enforcement of configurational restrictions and remote wipe capabilities

  • Authentication and authorization

  • Hardening of the operating system

  • Application sources and whitelisting of applications

  • Application permission handling

  • Data Encryption

  • Network Configuration

  • Screen lock and prevention of information leakage

The assessment is performed as a combination of configuration assessment and creative manual test actions.

Involvement

The delivery requires minimal involvement of your technical staff.


 
 

Download full description as PDF file