2.8 Given a scenario, apply common methods for securing mobile devices.
📘CompTIA A+ Core 2 (220-1202)
Hardening a mobile device means making it more secure against attacks, unauthorized access, or data loss. Mobile devices (like smartphones and tablets) store sensitive information, so applying these techniques is essential.
Here are the main hardening techniques:
1. Device Encryption
- What it is: Device encryption converts all data on the device into a coded form that can only be read with the correct password, PIN, or key.
- Why it’s important: If the device is lost or stolen, unauthorized users cannot access the data.
- How it works in IT environments:
- Enterprise mobile devices often use full-device encryption.
- Common standards: AES 256-bit encryption.
- In corporate IT, MDM (Mobile Device Management) tools can enforce encryption automatically.
Key exam point: Encryption protects data-at-rest on the device.
2. Screen Locks
Screen locks prevent unauthorized access by requiring a form of authentication before using the device. There are multiple types:
a. PIN Codes
- Description: A numeric code, usually 4–6 digits.
- Pros: Simple and easy to remember.
- Cons: Can be guessed if too simple (e.g., 1234).
- IT use: Many companies require complex PINs for mobile devices enrolled in corporate networks.
b. Pattern
- Description: Draw a specific pattern on a grid to unlock the device.
- Pros: Easy to use; faster than PIN.
- Cons: Smudge patterns on the screen can be a security risk.
c. Swipe
- Description: Swipe across the screen to unlock.
- Pros: Very fast and easy.
- Cons: Provides no real security. Usually not used in enterprise environments.
d. Fingerprint
- Description: Uses a fingerprint sensor to unlock the device.
- Pros: Secure, fast, convenient.
- Cons: Requires compatible hardware; may fail if fingers are wet or dirty.
- IT use: Often used alongside PINs in corporate devices.
e. Facial Recognition
- Description: Unlocks device by recognizing the user’s face.
- Pros: Quick and convenient.
- Cons: Some systems can be fooled by photos or 3D masks, though enterprise-grade solutions are better.
- IT use: Often used for mobile app authentication and device access.
Key exam point: Screen locks are first-line security measures for protecting mobile devices from unauthorized access.
3. Configuration Profiles
- What they are: Configuration profiles are predefined settings and rules applied to devices, often by IT admins.
- Purpose: Ensure the device is compliant with company security policies.
- Examples in IT environments:
- Enforce password complexity (e.g., PIN must be 6 digits, must include letters).
- Require device encryption.
- Restrict the installation of certain apps.
- Automatically configure Wi-Fi, VPN, or email settings.
- Enable remote wipe if the device is lost or stolen.
- How it’s applied:
- Usually deployed through Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solutions.
- IT admins can push profiles to multiple devices at once, ensuring all devices meet security standards.
Key exam point: Configuration profiles enforce security policies automatically and reduce human error.
Summary Table for Exam
| Hardening Technique | Purpose/Use | IT Context Example |
|---|---|---|
| Device Encryption | Protects data if device is lost or stolen | Full-disk encryption via MDM |
| PIN Code | Basic numeric access control | Corporate mobile devices require complex PIN |
| Pattern | Unlock with a drawn shape | Personal devices (less secure) |
| Swipe | Very simple unlock | Not used in corporate environments |
| Fingerprint | Biometric security | Used with enterprise apps or mobile devices |
| Facial Recognition | Biometric security | Used to unlock device or secure apps |
| Configuration Profiles | Automates security settings and enforces compliance | MDM pushes policies: encryption, passwords |
Exam Tips
- Know all types of screen locks and their security level.
- Understand that encryption protects data-at-rest.
- Remember that configuration profiles are managed by IT admins and help enforce policies automatically.
- Swipe-only locks are not secure and usually not acceptable in business environments.
- Fingerprint and facial recognition are biometric methods and often paired with PINs for extra security.
