Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Managing Encrypted Android Devices In State and Local Gov't?

Posted by timothy on from the better-to-city-council-corruption dept.

An anonymous reader writes "I am a systems administrator for a mid size state agency. We currently offer Blackberries to our staff, but we are migrating to Android devices in the near future. Since phones have sensative data (email, documents, etc.), what is a good choice for encrypting that data? Options abound, like OS-level encryption from Motorola and Samsung, 3rd party apps from GoTrusted and even a LUKS port for Android. Does anyone have experience managing encrypted Android devices? What are the important features I should be looking at? Many thanks in advance." (And, for that matter, are there good options for doing the same with iPhones? Other options to consider?)

36 of 138 comments (clear)

  1. Don't encrypt by Anonymous Coward · · Score: 5, Insightful

    If the state isn't doing anything wrong, it doesn't have anything to hide.

    1. Re:Don't encrypt by masternerdguy · · Score: 5, Insightful
      It doesn't just have to do with hiding immoral actions (btw we don't even know what agency he works for -- he could be fracking parks and recreations), it also prevents tampering.

      I encrypt the disks on my computers not to hide anything, I will gladly decrypt my disk for the FBI if they ever asked, but to prevent outside tampering. Without encryption, an adversary can just load up a linux live cd and tamper with anything they want with root access. By encrypting the entire disk I can prevent that sort of tampering. They can still boot a live cd, but they can't tamper with the installed operating system or the data.

      Besides, there is a metric ton of personal information on any smart phone. How would you like Joe the Laptop Thief to get access to your Google account, or possibly even login information for your online banking?

      --
      To offset political mods, replace Flamebait with Insightful.
    2. Re:Don't encrypt by roc97007 · · Score: 2

      > he could be fracking parks and recreations

      Gee thanks. It'll take a long time to get that mental image out of my head.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    3. Re:Don't encrypt by Calos · · Score: 3, Insightful

      Sorry, but no, not everything the government has should be open for anyone to obtain and peruse. Take this as an example, or several other blunders made by the UK government or its contractors. This has some data and discussion on the US. Personally, I'm more concerned with the general lack of responsibility for these kind of breaches in both the public and the private sector.

      Don't get me wrong, I agree with your ideal. But ideals can rarely if ever become reality. And they're not always the blessing that they would seem to be.

      --
      I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
    4. Re:Don't encrypt by Last_Available_Usern · · Score: 5, Insightful

      What about personally identifiable information? Should SSN's be flying around unencrypted? Just because encryption is used to conceal wrongdoing doesn't mean it's always used for that purpose.

    5. Re:Don't encrypt by aristotle-dude · · Score: 3, Funny

      > he could be fracking parks and recreations

      Gee thanks. It'll take a long time to get that mental image out of my head.

      No doubt, they should not allow exploration for natural gas deposits inside of parks.

      --
      Jesus was a compassionate social conservative who called individuals to sin no more.
    6. Re:Don't encrypt by AmiMoJo · · Score: 4, Insightful

      I encrypt because I do have things to hide. I'm a normal person. Everyone has things they want to keep private. You wouldn't be happy getting your bank statements on the back of a postcard, would you?

      Hiding stuff is normal. Everyone needs privacy. There is nothing wrong with it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Don't encrypt by Man+Eating+Duck · · Score: 3, Funny

      s/authentification/authentication/g. I'm ashamed, and shall go to bed after finishing my beer :)

      --
      Are you a grammar Nazi? I'm trying to improve my English; please correct my errors! :)
  2. iPhone by masternerdguy · · Score: 3, Informative

    Considering that any meaningful encryption (I will assume you want some sort of volume group/full disk encryption) will require root access and probably a custom kernel module, you will need android. Personally I would download the source code and hack it myself, add in the encryption and other features I want, and then flash the modified ROM onto a device of choice. You can't do that on an iPhone. It worked for SELinux.

    --
    To offset political mods, replace Flamebait with Insightful.
    1. Re:iPhone by bz386 · · Score: 5, Informative

      Android has builtin encryption starting with ICS.

    2. Re:iPhone by jmorris42 · · Score: 4, Insightful

      Nice propeller spinning but forget all that crap and lets get real.

      If you want to enforce privacy of information you do two simple things.

      YOU DON"T F*CKING ALLOW IT TO WALK OUT THE FRONT DOOR.

      YOU DON"T ALLOW IT TO BE MOVED TO DEVICES OUTSIDE OF YOUR DIRECT CONTROL.

      So just say no to BYOD, let em screech and bitch all they want. Tell em straight up, if your can't work without your precious iPad then go find an employer who doesn't need to deal with laws enforcing privacy. And good luck with that in this crappy economy. Just say no to portable devices, period, unless there is a truly compelling need. Data collection and off site archiving come to mind.

      Otherwise admit you really don't care about privacy at all and get on with it and, again, you don't need to spend a lot of money on tech that won't actually work when it comes to crunch time with end user idiots.

      --
      Democrat delenda est
    3. Re:iPhone by gweihir · · Score: 2

      While I agree that BYOD is a nightmare security wise, you seem to be unaware that technology cannot really protect against insiders. So let me add:

      YOU DON'T ALLOW ANYBODY TO WORK WITH IT OR LOOK AT IT.

      That is where the "lock everything down" approach fails and things like data leakage prevention look just as ridiculous as they are.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:iPhone by rogueippacket · · Score: 2, Insightful

      Please, I would like to see you say those exact words to your CxO when they come and ask you for help with activating their brand new iPhone/Android/Tablet. You're just going to make my job easier when I sell them a BYOD solution without your consent.
      BYOD is here to stay whether you want to support it or not.

    5. Re:iPhone by jmorris42 · · Score: 2

      Translation: Security/privacy is just a joke. We will waste a little tax money on security theater and fattening up a preferred vendor but we really don't care. Give me the shiny toy.

      --
      Democrat delenda est
    6. Re:iPhone by rhsanborn · · Score: 4, Insightful

      This is why IT people have such a bad reputation. Yes, portable devices are a security risk. Our job, as IT professionals, is to come up with solutions. On the same bent, I suppose you'd also cut the link to the Internet. Wait, you obviously haven't, because you're posting on Slashdot. But you came up with clever ways to protect your system from the Internet? Then why don't you start working on coming up with ways to secure mobile devices.

      The obstructionism is well intentioned, but we have an obligation to try to support the needs of the business. Staff are more mobile, and the business is benefiting by having people more connected and better able to make decisions, even when they aren't sitting in front of a PC. So, let's make it secure.

    7. Re:iPhone by gorzek · · Score: 2

      When a C-level executive says they want something, do you really think a rank-and-file IT worker, or even the IT manager, is going to get to tell them "no"?

      --
      Check out my world simulator thingy.
    8. Re:iPhone by Yaztromo · · Score: 4, Informative

      Considering that any meaningful encryption (I will assume you want some sort of volume group/full disk encryption) will require root access and probably a custom kernel module, you will need android.

      iOS devices have AES 256 encryption baked right into the hardware inside the DMA path between flash storage and the main system memory. It's always enabled, and can't be disabled by users, administrators, or anyone else. No custom kernel modules required -- XNU already has built-in AES 256 support, and the platform already implements it for each and every device.

      Yaz

    9. Re:iPhone by devforhire · · Score: 2

      I think you are correct with everything you said, but you're missing the most fundamental part of security as it's mostly practiced in the real world (there are some places where security is really taken seriously but they are extremely few.) The only thing that is important is the illusion of an extremely secure system. Most normal human beings would never tolerate any truly secure system as it would be too inconvenient to use.

    10. Re:iPhone by jmorris42 · · Score: 2

      > just forwarding the stuff to my gmail account

      Translation: I didn't give a shit about security and worked around it for my convience. I didn't give two rats asses if I passed private information through totally unsecured servers at Google and anyone at Google with legit (or not) access to the servers with that data on them. I passed information I was obligated to protect the privacy of right through who knows how many unsecured pathways between work, google and home. I managed to leave before getting fired when a major scandal broke in the newspapers and now work somewhere where everybody does this sort of crap out in the open so I no longer even worry about it.

      You are the reason privacy breaches happen. Which was what I was getting at in my first post, make up your mind whether you actually give a crap about privacy/security/etc or not. Then follow Yoda's advice. And sometimes forgetting about it might be the better call, a lot of stuff gets locked down for little real reason. And some stuff really should be kept private.

      --
      Democrat delenda est
    11. Re:iPhone by stewbacca · · Score: 2

      Better translation: our IT policies were stupid and overly restrictive and nobody could get any work done so EVERYBODY had a work around. You can't fire everyone, but starting with the idiot IT policy makers would have been a good first start.

    12. Re:iPhone by gorzek · · Score: 2

      The problem I see with the above is that, if this hypothetical IT worker does the necessary ass-covering and the executive gets to use whatever devices he wants, and then there's a breach, on whom is the axe going to fall? The IT guy. Shit rolls downhill, always.

      "I want to use this device."
      "That device isn't secure. You should use this other one instead, which complies with our security policies."
      "Nah, I'll use the one I've already got."
      "Okay, but I'm going to note in our records that you were warned."

      Three months later...

      "Help! My phone's been compromised!"
      "Hah! I have it written right here that I warned you something like this might happen! My ass is safe."
      "That's what you think. You're fired for not preventing this!"
      "But..."
      "SECURITY!!!!"

      --
      Check out my world simulator thingy.
    13. Re:iPhone by Man+Eating+Duck · · Score: 2

      just forwarding the stuff to my gmail account

      Translation: I didn't give a shit about security and worked around it for my convience.

      That's the rub. Security will always be traded for convenience. Some employees have a very real need to be able to work with confidential stuff on the go, but for most it's just "I want to have my email just appear on my iPhone instead of having to turn on my PC and log in to that VPN shit".

      A dedicated and knowledgeable attacker *will* get passwords (almost) no matter what you do to prevent it, but it's easier when you have easily stealable access points in the wild. Of course, an offer of a bit of money to the underpaid cleaning people emptying their carts outside early in the morning, in exchange for installing/retrieving a hw keylogger, will accomplish the same thing.

      --
      Are you a grammar Nazi? I'm trying to improve my English; please correct my errors! :)
  3. Re:state agency will take the best deal not the be by masternerdguy · · Score: 2

    No, the US government actually takes computer security pretty damn seriously.

    --
    To offset political mods, replace Flamebait with Insightful.
  4. Re:BlackBerry = Security by snowraver1 · · Score: 3, Interesting

    Has anyone here tried blackberry mobile fusion? Is it good?

    --
    Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
  5. Use Apple. by Anonymous Coward · · Score: 4, Funny

    Their phones don't offer any enterprise-level collaboration features whatsoever. No features, no security risk!

  6. If they're going to have Active Sync... by nighthawk243 · · Score: 4, Informative

    If you're using active sync, you can make it part of the sync policy to wipe the phone when it is marked lost. We do that quite a bit.

  7. Sandbox Application by rogueippacket · · Score: 3, Interesting

    Try something like Good for Enterprise - allow your employees to bring their own devices (this is the trend, don't try to dodge it) if they wish, and just provide them with an activation key for the application. The days of "work device" and "personal device" are over - users will use one device for both, and issuing a crippled device which only performs one of these tasks is quite draconian. The sandboxed application ensures all critical information is secure, while giving your employees the segregation between life and work they desire.

    1. Re:Sandbox Application by gweihir · · Score: 2

      Stay away from that trash. I recently attended a presentation on "Good for Enterprise" intended for professionals and it was just pathetic. Some friends, who are not security experts, began poking holes in the statements made in real-time, because the fatal flaws were obvious even to them.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  8. Wrong: iPhone is encrypted by default... by nweaver · · Score: 2

    And in fact its non-disableable. The remote wipe is, in fact, "kill key store".

    Apple's propaganda, err, whitepaper on the subject

    --
    Test your net with Netalyzr
  9. Err, proper propaganda link... by nweaver · · Score: 2

    Proper propaganda link, silly me, forgot the http

    --
    Test your net with Netalyzr
  10. You have no security. by Animats · · Score: 3, Insightful

    Assume that your carrier, cloud provider, and handset manufacturer all have access to everything on the phone.

    With Blackberry, you could run your own server, and nothing in the public infrastructure had access to unencrypted data. With Android, Google has a direct tap into your data. Encryption won't help when the layer that reads the keys is under the control of the provider.

  11. Re:state agency will take the best deal not the be by dsvick · · Score: 3, Insightful

    I would think that the fact the OP is taking to the time to ask the question and even went so far as to ask for help with things he realizes he might not even know enough to ask is pretty good evidence that they are taking security seriously. Granted, he probably has to get it approved if it a pad app, but the cost of that should be pretty small compared to the cost of the phones themselves.

  12. iOS has encryption and management built-in by plsuh · · Score: 4, Informative

    I'm a former Apple engineer, current independent consultant, so I'm not going to address the Android side. That's a lot more complicated -- I'll stick with talking about the iOS info that I know about.

    That said, wow, there's a lot of snarky comments but not a lot of information posted.

    iOS has full-device hardware encryption built-in on the iPhone 3GS and later, activated as soon as you set up a passcode. This top-level encryption layer is for quick device wipes, not for data protection. Each user data file is then encrypted on top of that using its own unique key, then set into a protection class by the app developer:

      - Complete Protection - decrypted only when the device is unlocked; file key is removed from memory when the device is locked.

      - Protected Unless Open - decrypted when the device is unlocked; if file is open when the device locks, the file stays open/decrypted.

      - Protected Until First User Authentication - decrypted on first unlock, stays decrypted until reboot

      - No Protection - file system encryption only; no per-file encryption key

    Apple has really been on developers cases to tighten down the data protection classes for their apps on iOS.

    In addition, iOS has a huge number of remote management options. Apple provides a basic management tool called Profile Manager in Lion Server, and there are third-party Mobile Device Managers (MDMs) that take the basics and go even further. You can force complex passcodes, pre-configure e-mail accounts, restrict usage of features, and so on. The enterpriseios.com site has a pretty complete listing.

    One of the cool things about using iOS MDM is that all of the configuration profiles are tied to the management profile that gets installed when the device is first enrolled with the MDM. If you're in a BYOD situation and a user leaves on bad terms, the IT department can retract the management profile, which automatically retracts all of the other configuration profiles. This will delete corporate e-mail accounts, remove in-house apps (and their data!), take away VPN and 802.1X access, and so on, without erasing the person's device entirely. All of the pictures the person took are still there, not blown away as they would be after a complete device wipe.

    Anyway, a few links that may help you out:

    http://www.apple.com/iphone/business/integration/
    http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf
    http://www.enterpriseios.com/
    http://consultants.apple.com/index.php - look for consultants with the Mobility specialization
    https://help.apple.com/advancedserveradmin/mac/10.7/ - go into "Manage Users" --> "Profile Manager" on the right

    Hope this helps.

    --Paul

  13. My state phones have sensative data send to me! by Qubit · · Score: 2

    Oh wait, was this the article about spammers hiring better copyeditors so they could steal your data more better, or was it the other one?

    --

    coding is life /* the rest is */
  14. Airwatch checks for jailbroken devices by daninaustin · · Score: 2

    You can automatically remove all corporate data when the device is jailbroken. I prefer android devices, but the security on the IOS devices is still better than android.

  15. BlackBerry ? by gitano_dbs · · Score: 3

    http://us.blackberry.com/business/software/blackberry-mobile-fusion.html