Mobile and Wireless Security Review
This review includes mobile devices, operating systems, applications, security controls and processes. Smartphones, tablets, laptops and wireless systems including WiFI, RFID, identity cards, smartcards and payments cards are within scope for this type of security review.
Mobile and wireless technologies can be configured incorrectly and are easily compromised. This type of review provides you with a report that identifies the real risks and provides mitigations for these risks.
We recommend a mobile and wireless security review before and during deployment of mobile and wireless devices, and a short review whenever they are upgraded or changed.
Network and infrastructure:
- Design and architecture review
- Full network scanning - establish existing wireless “footprint”
- Password security and authentication
- Wireless infrastructure security (corporate versus guest versus public)
- Network segregation and what other data can be viewed from the wireless LAN
- Security implications of mobile devices, operating systems, applications, monitoring systems and security controls and processes
- Firewalls/VLAN, and malicious code (AV) controls
- Intrusion detection testing
- Rogue access point detection
- Encryption levels - Is data encrypted, what type of encryption?
- Physical device deployment - device locations, can they be physically compromised?
Handheld mobile review includes:
- Mobile application review
- Synchronisation authentication including log-on and digital certificates
- On-device security and encryption
- Remote disable and wipe
- Software application security (iPhone and Android custom built applications)
- Patch management
- Server and transport layers (telco links, testing includes both fixed and wireless)
- Management control processes and policies
A typical review takes 2-5 days depending on complexity, device numbers (OS dependant) and network typology.
Department of Internal Affairs (All of Government Certified Services & Common Capability ICT): ICT-SRS Panel (CCPSA-SRS)
- Information Security Risk Management and Assessment
- Information Security Governance and Strategy
- Information Security Assurance
- Source Code and Application Review and Technical Testing
- ICT Forensics, Investigation and Security Incident Response
Get in touch for more information about how we can help.^ BACK TO TOP