SANS: Mobile Device Security

  • Sunday, February 23, 2014 | 9:00 AM – 5:00 PM | West | Room: 3008

  • Monday, February 24, 2014 | 9:00 AM – 5:00 PM | West | Room: 3008

View all Sessions

This course is designed to teach students about the threats organizations are exposed to via the mobile devices on which they depend. This two-day hands-on class uses lecture, labs and real world experiences to educate the students about mobile security within the enterprise. The class will explore how the devices work, what implementation options are available, and how attackers are abusing the organization. The students will also examine various remediation strategies, policies, and solutions to these concerns.

Exploring mobile devices and platforms
The class will begin by exploring various types of mobile devices and how they have evolved over the last few years. This will include mobile phones, smart phones, PDAs and tablets. The focus will be on providing a foundational understanding of the industry-leading mobile device platforms; Blackberry, iPhone, Android and Windows Mobile. These platforms make up the majority of the enterprise deployments of smart phones and as such it is critical for management and technicians to understand how these platforms operate and integrate with existing IT infrastructure.

Mobile device security policy
Policy is a keystone in an organization's security and is impacted by the usage of mobile devices. The class will discuss the changes necessary to existing policies as well as new policies needed due to the implementation of mobile devices in the workplace. We will discuss both organizationally supplied and personal device usage in an enterprise setting. Organizations are faced with many challenges in maintaining compliance with federal and state laws, regulations, and industry standards. Establishing strong policies for mobile environments and the protection of information used with mobile devices is a critical step. SEC571: Mobile Device Security will examine this based on the experiences of the authors, both in building these policies and responding to incidents involving mobile devices.

The class will then explore the integration technologies that these platforms use to work within the organization's infrastructure. The class will look at the necessary changes to existing infrastructure as well as new technologies being implemented that extend the functionality of our systems. These ideas will focus not simply on what the technologies are, but the procedures we can follow to harden and monitor how this new ingress and egress is being used.

After this, the class will explore the application development landscape. Topics will cover both controlling applications installed as well as securely using these applications within the enterprise. The class will focus on third-party applications but will also cover how application development within an organization can change the usage and security posture presented.

Laptop Requirements
Throughout the course, students will participate in hands-on lab exercises. Students must bring their own laptops to class that meet the requirements described below.

Students must bring a Windows 7, Windows Vista, or Windows XP laptop to class, preferably running natively on the system hardware. Windows 8 systems are also welcome, provided students are comfortable with navigating the platform without the Start menu interface. It is possible to complete the lab exercises using a virtualized Windows installation; however, this will result in reduced performance when running device emulators within the virtualized Windows host. If you are a Windows XP user, make sure you also have the .NET 3.5 framework installed, which can be downloaded.

Administrative Windows Access
For several tools utilized in the course, students will be required to perform actions with administrative privileges. Students must have administrative access on their Windows host, including the ability to unload or disable security software such as anti-virus or firewall agents as necessary for the completion of lab exercises.

Students will use a virtualized MobiSec Linux VMware guest for several lab exercises. VMware Workstation or VMware Player is recommended. Note that there is no cost associated with the use of VMware Player, which can be downloaded from the VMware website.

While some students successfully use VMware Fusion for the exercises, the relative instability of VMware Fusion may introduce delays in exercise preparation, preventing the timely completion of lab exercises. VirtualBox and other virtualization tools are not supported at this time.

Hardware Requirements
Several of the software components used in the course are hardware intensive, requiring more system resources than what might be required otherwise for day-to-day use of a system. Please ensure your laptop meets the following minimum hardware requirements:

- Minimum 2 GB RAM, 4 GB recommended
- Ethernet (RJ45) network interface; students will not be able to complete lab exercises with systems that only have a wireless card, such as the Mac Book Air
- Core 2 Duo or comparable processor minimum
- 30 GB free hard disk space
- DVD drive (not a CD drive)
- Minimum screen resolution 1024x768, larger screen resolution will reduce scrolling in for several applications and a more pleasant end-user experience

During the course, you will install numerous tools, and make several system changes. Some students may wish to bring a clean system that is not their everyday production system, or a dedicated Windows virtual machine that meets the minimum requirements for a system, to avoid any changes that may interfere with other system software.

If you have additional questions about the laptop specifications, please contact


This document was retrieved from on Mon, 22 Jul 2019 05:49:07 -0400.