Interview Questions for Mobile device management

-


What is MDM

Mobile device management (MDM) is the administrative area dealing with securing, monitoring, integrating and managing mobile devices, such as smartphones, tablets and laptops, in the workplace. The intent of MDM is to optimize the functionality and security of mobile devices within the enterprise, while simultaneously protecting the corporate network.


Mobile device management software allows distribution of applications, data and configuration settings and patches for such devices. Ideally, MDM software allows administrators to oversee mobile devices as easily as desktop computers and provides optimal performance for users. MDM tools should include application management, file synchronization and sharing, data security tools, and support for either a corporate-owned or personally owned device.

 

Active Directory.

Is Microsoft’s version of a directory service for Windows networks (and by far the most widely used in industry). It acts as the domain controller to manage all corporate users and authentication requests. This is an implementation of LDAP.

LDAP

Lightweight Directory Access Protocol. Is the industry standard protocol for accessing and maintaining directory services distributed over a network?

Directory Services is a system that stores, organizes, and provides access to information in a directory (such as a directory of corporate users).

ActiveSync

Exchange ActiveSync (EAS) is a Microsoft technology that allows mobile users to access their Microsoft Exchange mailboxes and use -mail, calendar, contacts and tasks on their mobile devices. Administrators can control which devices have access to the Exchange Server. Exchange ActiveSync works with a wide variety of mobile operating systems, including Windows Mobile, Windows Phone, iOS, Android, Symbian and Palm WebOS.

 

EAS

Exchange ActiveSync. Protocol to enable devices to interface Over the air with an MS Exchange server for email, contacts, calendar synchronization.

APNs

The Apple Push Notification Service (APNS) is a mobile service created by Apple that “pushes” notifications and alerts from applications on servers to iPhones, iPads and iPods.

Athena

A Windows Mobile device service that establishes a connection to the application server. In practice, it behaves like a web server once the connection (tunnel) is running. It can respond to remote queries.

BYOD

Bring Your Own Device. Refers to the "consumerization" of IT infrastructure and the growing trend of employees bringing their own devices to the workplace.

 

C2DMor (GCM) - Google cloud Messaging

Cloud to Device Messaging. An Android messaging service used to push messages to Android phones over the cloud.

 

CAB file

Cabinet File. A Cab file is a Window CE/WM software install package (A Cab file is used to install AirWatch on Windows Mobile devices). Similar to a ZIP file, a CAB is an archive of files with additional capabilities (eg. modify system settings).

 

CAS

Client Access Server. One of the 5 server roles that can be used for Microsoft Exchange 2010. Supports the Outlook Web app, Exchange ActiveSync, and the IMAP4 and POP3 mail protocols. Accepts connections to the Exchange 2010 Server from various clients.

 

 

Certificate

A certificate establishes identity. It consists of the public key and information about the owner (name, URL…) and a signature, by a trusted third-party CA. Other certificates can be self-signed (this is called a “root” certificate) in which case any clients must install and trust the certificate – with no guarantee that the claimed owner identity is genuine.

CIMD

Computer Interface to Message Distribution (CIMD) is a proprietary short message service center protocol developed by Nokia for their SMSC. This is a supported protocol in AirWatch for the SMS gateway.

Client certificate

A client certificate is a certificate on a client device that is presented to a server for authentication; this is any certificate with a private key residing on a mobile device; note that certificates installed on a device with a public key only are not client certificates – these are used to establish trust with a given CA (e.g. GoDaddy or VeriSign).

Device encryption

Device encryption is the ability to encrypt selected files or all of the files on a device to protect them from unauthorized access if the device is lost or stolen. Typically the user must enter a PIN before the device will decrypt and display encrypted files.

Organization Group- OU

AirWatch identifies users and establishes permissions using Organization Groups, which tie a user to their corporate role. The Organization Group identifier is the Group ID, which is entered by the user during enrollment.

 

OTA

Over-the-air. Operations performed remotely and wirelessly on a device. AirWatch uses over the air provisioning and over the air configuration.

 

Passcode

A passcode is a string of characters or numbers used to authenticate a user to a device.

 

PKI

Public Key Infrastructure. A PKI is a public key infrastructure, so named because a certificate consists of a public and a private key; the term PKI encompasses an organizations entire certificate infrastructure, including root, intermediate, and issuing CA’s, as well as SCEP/NDES servers, certificate distribution servers (e.g. LDAP), and CRL servers.

NDES

Network Device Enrollment Service. The name for Microsoft's implementation of the SCEP protocol.

 

Private key

The sensitive portion of a certificate (.pfx file); private keys should be known only to the owner/subject of the certificate and are not distributed; any certificate used by a client/device to authenticate to a server must have a private key.

Public Key

The portion of a certificate that is freely distributed (.cer file); public keys can be used to encrypt data that can then only be read by the owner of the certificate (who is assumed to be the only possessor of the corresponding private key).

Provisioning profile

A provisioning profile is a file installed on mobile devices, especially iPhones, which allows specific in-house applications to be installed and executed. Administrators can use provisioning profiles to restrict applications to specific devices.

Proxy Server

The proxy server is the server the client interacts with when it makes a request for information/files from the server. The proxy server evaluates the request and can return either a cached response from the server or will alter the response as to protect the server security/identity.

 

SCEP

Simple Certificate Enrollment Protocol. The SCEP protocol was designed by Cisco as a means of obtaining certificates for its routers to be used with IPSec communication – it has since been more widely used as a means of issuing certificates to mobile devices; a SCEP transaction consists of a device generating a public/private key pair, sending that key pair to the SCEP server (which is an RA), the SCEP server sending the request to an issuing CA, the certificate being granted and passed back to the SCEP server, and the SCEP server responding with an issued certificate; the SCEP protocol provides no means of user authentication – instead challenge tokens are used that are embedded in the body of the SCEP request (which is encrypted); best practice dictates that SCEP communication between the device and SCEP server should always be over unencrypted port 80, not port 443; the only mobile platform to currently support SCEP-based certificate enrollment is iOS, which can use SCEP certificate for authentication to WiFi networks, VPNs, and SSL client-certificate-protected websites (but not Exchange ActiveSync); AirWatch supports the Microsoft implementation of SCEP (called NDES) in both Windows Server 2003 and Windows Server 2008 – support for the VeriSign cloud-based managed PKI service is currently under development, as well as SCEP proxy functionality whereby the AirWatch server acts as a SCEP client and then passes the newly generated certificate to the device embedded in a profile.

 

Two-Factor Authentication

This may also be referred to as “something you have, and something you know”; the something you know is a traditional password; the something you have is a certificate or time-based token; two-factor authentication is becoming more common as companies increase the security of their mobile device deployments.

 

VPN

Virtual Private Network. A mechanism for providing secure, reliable transport over Internet[1].The VPN uses authentication to deny access to unauthorized users, and encryption to prevent unauthorized users from reading the private network packets.

 

Web Clip

An iOS web browser shortcut displayed in the home screen (the android equivalent is called a bookmark).

 

X.509 certificate

Also referred to simply as a certificate since X.509 is the most common format, a container for a public/private key pair that has been signed by a certificate authority that guarantees the key pair is owned by the subject stated in the certificate metadata; the key pair is signed cryptographically by the CA such that no modifications can be made to the certificate by a 3rd party without detection.

 

 

 

 

 

 

 

 


Comments

Post a Comment

Popular posts from this blog

Basic Concepts of Networking

-
Q . What is Biometric authentication? Biometric authentication uses the biological characteristics of user to authenticate the user. The Biological characteristics that can be authenticated are fingerprints, retina, and voice and so on.   Q . What is smart card? A Smart card is pocket sized used for authenticating users. Smart cards store digital information about the user credentials in their Integrated Circuits(IC).   Q . What do you understand by Wi-Fi connection? A Wi-Fi connection is used to provide wireless access to local Area Networks (LAN).   Q1.       Which tasks should be performed to analyze the security requirements of the organization? Ans: -   Gather the Business requirements.             Identify the business driver for security design.             Analyze the management structure of the organiz...
Read more

Understand the Telecom Basics

-
Q. What is  SS7 (signaling System 7)? Ans : SS7 (signaling System 7) - signaling is the most widely used signaling system where the signals are transmitted on a separate physical channel from the call channel.  Because of that, SS7 network can examine all parts of a call route for free lines and allocate them at once. This leads to a more efficient network and fast call setup times, generally about 3 seconds where as in early CAS systems this might take about 20 seconds. Also it has many more advantages compared to CAS (Channel Associated Signaling) or "in-band" signaling where signals and the call are transmitted on the same channel. SS7 allows telecommunication networks to offer wide ranges of services such as telephony, fax transmission, data transfer, ISDN and IN (Intelligent Networks). SS7 is popular because:   SS7 Signaling Types: SS7 supports 2 types of signaling: Circuit related signaling and non-circuit related signaling. Circuit related signa...
Read more

Understand the Basic Networking concepts

-
    Invention of W.W.W. è Tim Berners-Lee Co   There are various categories of computer systems                                                                       Microcomputer (Personal Computer) Minicomputer. Mainframe Computer.                                                         Super Computer. Workstation.   Be...
Read more