TrustGo - Android Apps Scan for Security

From an article regarding secure mobile device, I read about TrustGo Antivirus & Mobile Security, which offers a great mix of security features and tools for optimizing your device's performance.

TrustGo is an award-winning Android security apps, and it is completely free. I put both AVG and TrustGo into my Android phone. They work well so far.

TrustGo scans for harmful app.

Oop...one suspect app is found.

Uninstall it, and scanning finishes.

The following shows permissions (e.g., location track, contacts access, etc) acquired by apps. In this examples, 24 Apps on my Android phone track my location. Watch out!

There are still some other useful security tools. Enjoy!

Penetration Test for Enterprise Data Loss

An enterprise suspects leakage of confidential information to competitors, because of frequent bid loss recently. Senior management would like to have an external party (security service provider) to find out if there exist possible channels, that internal or external hackers leaking out or sniffering bid information.

What should be involved in a Penetration Test for Data Loss Prevention:

1. Define Objectives of the Penetration Test

- What area is going to be evaluated? (DLP, etc)
- What are required to be found out? (Vulnerabilities, Risks, Recommendations)

2. Define the Scope of Penetration Test (ie. The Investigation Focus)
Service provider has better to spend most effort in this part in the early phase of project.

- What are being investigated? ...data loss (DL) in this case
    (DL via email, **
     DL via removable medias,
     DL via other service (eg. Web Portal, File Server to external)
     DL via physcial access
     DL via network level attack)

- Taking DLP via Email as an example, analyse what are the possible "cause" of data loss?
   (Human Factors - e.g., user mistakes or being social engineering attack,
    Under Password Attack - e.g., brute force attack,
    Machine Remote Controlled - e.g., PC or server being controlled and email box can be easily accessed,
    Login Credential Sniffed - e.g., by sniffing on network,
    etc.)

- Not at the causes can be proved/tried in the pentest, especially when limited budget or resources are available. Should works according to priorities.  For example, enterprise would focus on "Machine Remote Controlled" and "Login Credential Sniffed", this could be because these are usually the high risk area that the service provider/enterprise has experienced.

- Service provider will plan the pentest by assuming herself as the possible internal/external hackers who steal data by  (A) "remotely control on target machine (email server in this example)" and  (B) "sniffing (email) login credential".

3. State Assumptions

State role and responsibility of service provider and enterprise and what are excluded, which could otherwise become controversy.

4. Standard and Guideline that the pentest follows

(for example)
- White Hat. Inc
- ISO 17799

5. Explain the Methodology

(as from open standard or service provider usual practice.)

6. Zero Knowledge Pentest (Step-by-step what to do)
- Targets service (Email, WebMail, Some other important related services)
- Netcraft Search Web by Domain
- DNS Whois Query
- Domain Lookup
- Traceroute
- ICMP Traffic Test
- Sifting Contents by Server and by Google
- SSL Server Certificates
- Identified Services
- Email OWA Passward Guessing
- Identified Vulnerabilities

7. Internal Vulnerability Assessment (Step-by-Step what to do)
(for example, if focus on wireless network...)
- Wireless access points
- Devices that connected to wireless network
- Vulnerabilities identified in access points and end-point devices

8. Recommendations
bla bla bla based on the foundings...  :)
~~~~~

Again, the above is not a complete security review on DL.  Instead, this exercise is a pentest against certain high risk DL areas, like possibly infected email and important servers, wireless access point, and the endpoint device that connected to access point, etc.

End Point Protection @HK$200, Good for SME

SME's IT Management should be planned in a simple manner, no complication there. This is because of the flatter personnel structure involved, as well as the very limited resources in most SME's IT Supports.

For SME IT Manager who is looking for End Point Protection (DLP, Port Control, Encryption,but no Anti-Virus), I would recommend to start straight away with GFI.

Price for ideas: (for about 200 end points in a SME)
     US$27  Perpetual + 1 year subscription per node
     US$4.5 Renewal of 1 year subscription per node

Deployment is simple. Once management console is installed, nodes connected on network would be auto-detected. On this example, 4 nodes are detected on the network. Then agent would start to be remotely installed onto each nodes. Only AMICEWON is installed in this example. Because I don't have the admin right to other nodes.
So, make sure you have admin right to each node, before you can make things happen.

What you can protect on targeted computer/notebook:

Device control and security settings:

Alert options :

(My Note) Secure Enterprise Mobility - 4 Areas to Remember

Note for myself  ~~A Secure Enterprise Mobility ~~

Consists of 4 different areas indicated in the diagram (as shared with my clients :D  )

(1) Mobile phone "Self Health"
(2) Secure communication channel from mobile device to enterprise resources
(3) Authentication, and Authorization to different allowed resurces
(4) Mobile device inventory/compliance/loss management ("Mobile device management")

Unfortunately, possible solution in the markets are not that clear-cut corresponding to different areas.

AVG:  (1)
AirWatch :   (4)
BlueCoat Mobility Security Management :     (1) (launched or not? not sure)
Check Point Mobile Access Blade :    (2), some (3) and some (4) 
Cisco Identity Service Engine :  (3)
Good Technology :      (2), (3) and (4)  (imagine: BlackBerry)
McAfee Enterprise Mobility Management :  (1) and (4)
Sophos:  (1)

I expect the above list would be significantly changed and longer 1 year later.