Ask Slashdot: Managing Encrypted Android Devices In State and Local Gov't? 138
An anonymous reader writes "I am a systems administrator for a mid size state agency. We currently offer Blackberries to our staff, but we are migrating to Android devices in the near future. Since phones have sensative data (email, documents, etc.), what is a good choice for encrypting that data? Options abound, like OS-level encryption from Motorola and Samsung, 3rd party apps from GoTrusted and even a LUKS port for Android. Does anyone have experience managing encrypted Android devices? What are the important features I should be looking at? Many thanks in advance." (And, for that matter, are there good options for doing the same with iPhones? Other options to consider?)
state agency will take the best deal not the best (Score:1, Offtopic)
state agency will take the best deal not the best for IT.
Re: (Score:3)
Re: (Score:2)
It's not a federal agency. OP said it was a "mid-sized state agency".
Re: (Score:2)
well take the security software that locks stuff down to much and is a pain to work with.
Re: (Score:2)
No, the US government actually takes computer security pretty damn seriously.
Well, they'd better hope the bad guys don't buy the same hardware that the MET police in Europe, and in the US, the Michigan State Police, are using to "slurp" all the data from smartphones, even when protected/encrypted.
http://grownupgeek.com/police-now-slurp-cell-phone-data-minutes [grownupgeek.com]
Strat
Re: (Score:2)
Not always. Some states do worry about technical merit.
Re: (Score:3, Insightful)
Don't encrypt (Score:5, Insightful)
If the state isn't doing anything wrong, it doesn't have anything to hide.
Re: (Score:1)
Re: (Score:2)
I wish I had Mod points for this one.
Re:Don't encrypt (Score:5, Insightful)
I encrypt the disks on my computers not to hide anything, I will gladly decrypt my disk for the FBI if they ever asked, but to prevent outside tampering. Without encryption, an adversary can just load up a linux live cd and tamper with anything they want with root access. By encrypting the entire disk I can prevent that sort of tampering. They can still boot a live cd, but they can't tamper with the installed operating system or the data.
Besides, there is a metric ton of personal information on any smart phone. How would you like Joe the Laptop Thief to get access to your Google account, or possibly even login information for your online banking?
Re: (Score:1)
No, the OP is using an argument that the government often uses against it's citizens to gain access to encrypted/private information. He is pointing out the irony by humorously turning the statement back at the government. You can be for government and still see that there needs to be limits on privacy invasion.
Re: (Score:3)
> he could be fracking parks and recreations
Gee thanks. It'll take a long time to get that mental image out of my head.
Re:Don't encrypt (Score:4, Funny)
> he could be fracking parks and recreations
Gee thanks. It'll take a long time to get that mental image out of my head.
No doubt, they should not allow exploration for natural gas deposits inside of parks.
Re: (Score:2)
Have no doubt: they are.
Re: (Score:2)
Re:Don't encrypt (Score:5, Insightful)
I encrypt because I do have things to hide. I'm a normal person. Everyone has things they want to keep private. You wouldn't be happy getting your bank statements on the back of a postcard, would you?
Hiding stuff is normal. Everyone needs privacy. There is nothing wrong with it.
Re:Don't encrypt (Score:4, Insightful)
Sorry, but no, not everything the government has should be open for anyone to obtain and peruse. Take this [computerweekly.com] as an example, or several other blunders made by the UK government or its contractors. This [btlj.org] has some data and discussion on the US. Personally, I'm more concerned with the general lack of responsibility for these kind of breaches in both the public and the private sector.
Don't get me wrong, I agree with your ideal. But ideals can rarely if ever become reality. And they're not always the blessing that they would seem to be.
Re: (Score:2)
Me thinks the AC was making a sarcastic statement based on the fact many government agents or people speaking about government agents investigating a person will often say: "if you aren't doing anything wrong, you have nothing to hide." Which obviously is wrong.
Re:Don't encrypt (Score:5, Insightful)
Re: (Score:2)
Federal regulation require full disk encryption for any portable disk containing PII. HIPPA (medical) information has even stronger requirements than PII. I assume many state and local government have similar requirements (and should have).
BTW, I think the Anonymous Coward who posted the initial comment was expecting a rating of "Funny". At least it looked tongue in cheek to me.
Re: (Score:2)
Should SSN's be flying around unencrypted?
Slightly tangential, but: an SSN (or whichever national equivalent) should be less dangerous to publish than, say, your name and address. It baffles me that it needs to be kept secret in the U.S., furthermore I trust that slashdotters know the difference between identification and authentification. Who where the geniuses that decided that a valid SSN is authentication, and suffices to seriously compromise your personal security? The question is not in jest, quoth the Wiki: ... because it is assumed that no [wikipedia.org]
Re:Don't encrypt (Score:4, Funny)
s/authentification/authentication/g. I'm ashamed, and shall go to bed after finishing my beer :)
Re: (Score:2)
If the state isn't doing anything wrong, it doesn't have anything to hide.
Your medical records, for example?
iPhone (Score:4, Informative)
Re:iPhone (Score:5, Informative)
Re:iPhone (Score:4, Insightful)
Nice propeller spinning but forget all that crap and lets get real.
If you want to enforce privacy of information you do two simple things.
YOU DON"T F*CKING ALLOW IT TO WALK OUT THE FRONT DOOR.
YOU DON"T ALLOW IT TO BE MOVED TO DEVICES OUTSIDE OF YOUR DIRECT CONTROL.
So just say no to BYOD, let em screech and bitch all they want. Tell em straight up, if your can't work without your precious iPad then go find an employer who doesn't need to deal with laws enforcing privacy. And good luck with that in this crappy economy. Just say no to portable devices, period, unless there is a truly compelling need. Data collection and off site archiving come to mind.
Otherwise admit you really don't care about privacy at all and get on with it and, again, you don't need to spend a lot of money on tech that won't actually work when it comes to crunch time with end user idiots.
Re: (Score:3)
While I agree that BYOD is a nightmare security wise, you seem to be unaware that technology cannot really protect against insiders. So let me add:
YOU DON'T ALLOW ANYBODY TO WORK WITH IT OR LOOK AT IT.
That is where the "lock everything down" approach fails and things like data leakage prevention look just as ridiculous as they are.
Re: (Score:1)
> YOU DON'T ALLOW ANYBODY TO WORK WITH IT OR LOOK AT IT.
No, you have to assume your own people are somewhat safe, at least at the level of access you grant each one. Although you also have audit trails of who accesses/changes what to keep everyone honest.
But the second it leaves the front door you aren't trusting the user anymore, you are trusting the user to be able to retain possession in a hostile environment. Or you are trusting them to actually use the secure features correctly. Do you deal with
Re: (Score:3, Insightful)
BYOD is here to stay whether you want to support it or not.
Re: (Score:2)
Translation: Security/privacy is just a joke. We will waste a little tax money on security theater and fattening up a preferred vendor but we really don't care. Give me the shiny toy.
Re: (Score:3)
When a C-level executive says they want something, do you really think a rank-and-file IT worker, or even the IT manager, is going to get to tell them "no"?
Re: (Score:2)
When a C-level executive says they want something, do you really think a rank-and-file IT worker, or even the IT manager, is going to get to tell them "no"?
Presumably the company employs the IT worker for his skills and knowledge in this particular field, while the requirements of a C-level exec probably and rightfully involves more admin skills than technical ones. The task of the IT-worker is to inform them of why this is a bad idea. Explain the risks, document that you've done so, and if they still demand it and the shit hits the fan you're in the clear, at least if you live in a civilised country (as opposed to for instance Ecuador, where you'd still be su
Re: (Score:3)
The problem I see with the above is that, if this hypothetical IT worker does the necessary ass-covering and the executive gets to use whatever devices he wants, and then there's a breach, on whom is the axe going to fall? The IT guy. Shit rolls downhill, always.
"I want to use this device."
"That device isn't secure. You should use this other one instead, which complies with our security policies."
"Nah, I'll use the one I've already got."
"Okay, but I'm going to note in our records that you were warned."
Three
Re: (Score:2, Interesting)
I changed jobs last year. I used to work on government contracts and we weren't even allowed to take thumb drives or laptops out of the building. Wasteful and inefficient for very little security returns (with nothing in place to keep me from just forwarding the stuff to my gmail account, and then working on it from home, something everyone did, btw).
Now I work in a place that is BYOD. We have NO security problems like the old place. Not because BYOD is more secure, but because when you surround yourself wi
Re: (Score:2)
> just forwarding the stuff to my gmail account
Translation: I didn't give a shit about security and worked around it for my convience. I didn't give two rats asses if I passed private information through totally unsecured servers at Google and anyone at Google with legit (or not) access to the servers with that data on them. I passed information I was obligated to protect the privacy of right through who knows how many unsecured pathways between work, google and home. I managed to leave before getting
Re: (Score:3)
Better translation: our IT policies were stupid and overly restrictive and nobody could get any work done so EVERYBODY had a work around. You can't fire everyone, but starting with the idiot IT policy makers would have been a good first start.
Re: (Score:3)
just forwarding the stuff to my gmail account
Translation: I didn't give a shit about security and worked around it for my convience.
That's the rub. Security will always be traded for convenience. Some employees have a very real need to be able to work with confidential stuff on the go, but for most it's just "I want to have my email just appear on my iPhone instead of having to turn on my PC and log in to that VPN shit".
A dedicated and knowledgeable attacker *will* get passwords (almost) no matter what you do to prevent it, but it's easier when you have easily stealable access points in the wild. Of course, an offer of a bit of money to
Re:iPhone (Score:5, Insightful)
The obstructionism is well intentioned, but we have an obligation to try to support the needs of the business. Staff are more mobile, and the business is benefiting by having people more connected and better able to make decisions, even when they aren't sitting in front of a PC. So, let's make it secure.
Re: (Score:1)
This isn't a tech problem. Therefore it can't be solved with tech. You don't allow information that you are obligated to protect the privacy of leave your control. Doesn't matter if it is android, a laptop or a briefcase full of files. The other option is roll the dice and hope you aren't there when the press show up to cover the breach. Choose. And if your boss insists you do it anyway make the sum-bitch put the order in writing so your butt is covered when the poop hits the fan. Because sooner or l
Re: (Score:2)
This isn't a tech problem. Therefore it can't be solved with tech. You don't allow information that you are obligated to protect the privacy of leave your control. Doesn't matter if it is android, a laptop or a briefcase full of files. The other option is roll the dice and hope you aren't there when the press show up to cover the breach. Choose. And if your boss insists you do it anyway make the sum-bitch put the order in writing so your butt is covered when the poop hits the fan. Because sooner or later... BOOM!
Then my point still stands. You don't have any potentially sensitive data connected to the internet, right? Because any vulnerability you can come up with against a screen-locked, encrypted, remote wipeable device, I can come up with something relatively comparable against you're internet attached network. Yep, I walk around with my phone, potentially left or stolen in public. You leave your network attached to the public 24x7x365. And if you don't do that, there is a building that's potentially breachable.
Re: (Score:2)
Our job, as IT professionals, is to come up with solutions. On the same bent, I suppose you'd also cut the link to the Internet.
So, chew on this: where I live, collaboration between companies competing for a government contract is illegal. Suppose two companies, X and Y, compete. You are a criminal, and you knock the CEO of X over the head and steal his (not screen-locked at the time) phone. At this point you could offer Y an insight in the strategy of X (for instance their lowest limit) in exchange for money. Or you could blackmail the CEO of Y which any illicit info you can access. Or blackmail him to not share all his secrets wit
Re: (Score:2)
It also depends on the type and volume of t
Re: (Score:2)
Re: (Score:2)
If you want to enforce privacy of information you do two simple things.
YOU DON"T F*CKING ALLOW IT TO WALK OUT THE FRONT DOOR.
That doesn't solve the needs of the EMT who arrives to find you on the floor and responsive. You'll have privacy a-plenty when you're dead.
Mobile access to confidential information is not a problem you can simply wish away. There are two many situations in which it is useful, too many situations in which it is vital.
Wrong: iPhone is encrypted by default... (Score:3)
And in fact its non-disableable. The remote wipe is, in fact, "kill key store".
Apple's propaganda, err, whitepaper on the subject [slashdot.org]
Err, proper propaganda link... (Score:3)
Proper propaganda link [apple.com], silly me, forgot the http
Re: (Score:1)
Any remote p0wn jailbreaks get squished very quickly by Apple. They really really don't like p0wn the phone attacks.
This is in strong contrast to Android, which has a great security model, but that security model is trivially bypassed when a user says "OK" to an incomprehensible permissions list provided by a random application that displays cartoon kitties or tells you what color of nail polish works best.
Airwatch checks for jailbroken devices (Score:3)
Re:iPhone (Score:5, Informative)
Considering that any meaningful encryption (I will assume you want some sort of volume group/full disk encryption) will require root access and probably a custom kernel module, you will need android.
iOS devices have AES 256 encryption baked right into the hardware inside the DMA path between flash storage and the main system memory. It's always enabled, and can't be disabled by users, administrators, or anyone else [apple.com]. No custom kernel modules required -- XNU already has built-in AES 256 support, and the platform already implements it for each and every device.
Yaz
Re:BlackBerry = Security (Score:4, Interesting)
Re: (Score:1)
Android Supports encription (Score:1)
http://support.google.com/ics/nexus/bin/answer.py?hl=en&answer=2381815
Use Apple. (Score:4, Funny)
Their phones don't offer any enterprise-level collaboration features whatsoever. No features, no security risk!
Actually they do (Score:2)
Read the Government/Secure deployment guide, which Apple wrote for this exact purpose.
iPhones do hardware encrypted disk, passcoding, ActiveSync, and support MDM (mobile device management) servers to enforce policy.
Android's support for these things is much more... fragmented. I think iPhones would be the better option here.
Re: (Score:2)
Settings -> Security:
- Encrypt device
- Encrypt SD Card
If they're going to have Active Sync... (Score:4, Informative)
Sandbox Application (Score:4, Interesting)
Re: (Score:2)
Yeah. "Sandbox" apps like this will be received better by employees. If you try OS-level encryption with policy enforcements (such as Exchange policy enforcements), users will find ways to bypass the policy enforcements that get in the way of "normal personal operations" and this will also kill the security of the things you want to keep secure.
Sandboxes like Good for Enterprise don't annoy users when they are engaged in personal use, so they are far less likely to disable security measures.
Seperation of use (Score:2)
Id prefer to have 2 devices over the 'boss' having access to mine, in ANY manner. ( even active sync which gives them far too much control over MY device )
Re: (Score:3)
Stay away from that trash. I recently attended a presentation on "Good for Enterprise" intended for professionals and it was just pathetic. Some friends, who are not security experts, began poking holes in the statements made in real-time, because the fatal flaws were obvious even to them.
Re: (Score:2)
Droid Encryption (Score:1)
We use Google Apps builtin in encryption and mobile device management. http://support.google.com/a/bin/answer.py?hl=en&answer=1734200 Works great. Free too.
Re: (Score:2)
That is exactly my suggestion, although I'd not bother with Good and just use Nitrodesk's Touchdown.
This allows IT to keep all their Exchange data separated from the data of the phone. This also benefits the user because a remote wipe only will destroy that app's data, and not erase the phone.
Touchdown is not perfect -- it has some user interface quirks, and only works with one Exchange account, but it does a decent job.
Another good Exchange program is RoadSync. I use this so I can get functionality that
Re: (Score:2)
Not crap (Score:1)
Blackberry was your best bet for security. All the others are spyable from the US government by their own admission. Blackberry was the one carried by all those in the know, outside of the us. They had stopped the production of the old style berries at the request of some-one not listed. But the house of saud wass involved about 5 years ago.
All of the current units, the programing can be hacked, reported by the security magazines, for the last three years. Dont trust a one of them. If your company-state-go
You have no security. (Score:4, Insightful)
Assume that your carrier, cloud provider, and handset manufacturer all have access to everything on the phone.
With Blackberry, you could run your own server, and nothing in the public infrastructure had access to unencrypted data. With Android, Google has a direct tap into your data. Encryption won't help when the layer that reads the keys is under the control of the provider.
there are open source solutions (Score:2)
Enterproid's Divide (Score:2)
NYC startup enterproid has a product call Divide that you should check out: http://www.divide.com/ [divide.com]
No iphone solution, but I'm sure it is next on your list.
VMware Horizon App (Score:1)
Plethora of MDM. Find your fit. (Score:1)
NSA Security Recommendations for iOS (Score:2)
Here's the NSAs recommendations for securing iOS devices: http://www.nsa.gov/ia/_files/os/applemac/Apple_iOS_5_Guide.pdf [nsa.gov]
iOS has encryption and management built-in (Score:5, Informative)
I'm a former Apple engineer, current independent consultant, so I'm not going to address the Android side. That's a lot more complicated -- I'll stick with talking about the iOS info that I know about.
That said, wow, there's a lot of snarky comments but not a lot of information posted.
iOS has full-device hardware encryption built-in on the iPhone 3GS and later, activated as soon as you set up a passcode. This top-level encryption layer is for quick device wipes, not for data protection. Each user data file is then encrypted on top of that using its own unique key, then set into a protection class by the app developer:
- Complete Protection - decrypted only when the device is unlocked; file key is removed from memory when the device is locked.
- Protected Unless Open - decrypted when the device is unlocked; if file is open when the device locks, the file stays open/decrypted.
- Protected Until First User Authentication - decrypted on first unlock, stays decrypted until reboot
- No Protection - file system encryption only; no per-file encryption key
Apple has really been on developers cases to tighten down the data protection classes for their apps on iOS.
In addition, iOS has a huge number of remote management options. Apple provides a basic management tool called Profile Manager in Lion Server, and there are third-party Mobile Device Managers (MDMs) that take the basics and go even further. You can force complex passcodes, pre-configure e-mail accounts, restrict usage of features, and so on. The enterpriseios.com site has a pretty complete listing.
One of the cool things about using iOS MDM is that all of the configuration profiles are tied to the management profile that gets installed when the device is first enrolled with the MDM. If you're in a BYOD situation and a user leaves on bad terms, the IT department can retract the management profile, which automatically retracts all of the other configuration profiles. This will delete corporate e-mail accounts, remove in-house apps (and their data!), take away VPN and 802.1X access, and so on, without erasing the person's device entirely. All of the pictures the person took are still there, not blown away as they would be after a complete device wipe.
Anyway, a few links that may help you out:
http://www.apple.com/iphone/business/integration/ [apple.com]
http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf [apple.com]
http://www.enterpriseios.com/ [enterpriseios.com]
http://consultants.apple.com/index.php [apple.com] - look for consultants with the Mobility specialization
https://help.apple.com/advancedserveradmin/mac/10.7/ [apple.com] - go into "Manage Users" --> "Profile Manager" on the right
Hope this helps.
--Paul
Re: (Score:2)
iOS MDM is pretty laughably limited, you can't even disable WiFi or Bluetooth through it, set a proxy server (other than as part of a VPN connection) or otherwise restrict web access without turning off Safari entirely. Apple being Apple, of course, if they don't offer it as a setting, you can't do it without Jailbreaking, which few companies really want to have to mess around with.
Re: (Score:2)
From what I read [about.com], using the iPhone Configuration Utility app for Enterprise users, you can disable WiFi and bluetooth in the provisioning.
Re: (Score:2)
As Yaz wrote above:
iOS devices have AES 256 encryption baked right into the hardware inside the DMA path between flash storage and the main system memory. It's always enabled, and can't be disabled by users, administrators, or anyone else [apple.com]. No custom kernel modules required -- XNU already has built-in AES 256 support, and the platform already implements it for each and every device.
Re: (Score:2)
If you're talking about unlocking the phone via the lock screen like people do, that's a no-go. There is an option to erase the device after ten failed unlock attempts, and (correct me if I'm wrong) it's turned on by default. Even though there are only 10,000 possible combinations, you'll only have the chance to try 0.1% of them before the phone self-destructs, no matter how long you wait between attempts.
If you're talking about bypassing iOS and attacking the flash chips directly, then post a link. I'm
My state phones have sensative data send to me! (Score:3)
Oh wait, was this the article about spammers hiring better copyeditors so they could steal your data more better, or was it the other one?
McAfee EMM (Score:2)
Don't know what exactly your requirements are, but you can look into McAfee EMM, supports iOS, Android, Windows Phones and Blackberry
http://www.mcafee.com/us/products/enterprise-mobility-management.aspx [mcafee.com]
Disclaimer: I work for McAfee but a different division
BlackBerry ? (Score:3)
You have not researched this very much (Score:2)
- You propose a bunch of obtuse and/or manufacturer specific options, when Android has had full disk encryption available out of the box since 4.0
- Encryption is not your primary problem. Endpoint Management is. It doesn't matter a lick if your device is encrypted if it is swiped while it is unlocked, or if it gets malware inserted into it via an SD card or browser exploit. You need to be able to enforce what is installed on the phone so that you can force malware detection software. You also need to be abl