George 
Assignment 2.3 Isolation Boundaries
For this assignment, I would like to use a real-life example. In today’s enterprise, with the use of mobile devices and the ever-growing popularity of “BYOD” (Bring your mobile /device), I am aware of the growing threats to users’ own devices, every day it seems there is a threat alert around the growing threat of a mobile device. The government of the United States (and others) is weighing out and blocking the use and installation of TikTok on devices that are used to address government issues.
TikTok is a growing social media outlet, and with any growing outlet, hackers use the newest platforms to promote malware and more. This leaves out the above security concern of the government of TikTok being spyware for the government of China for the current topic. I will focus on the surge of Malware on the platform. As recently as December 2022, the latest challenge on TikTok was called the ‘Invisible Challenge’. In this “Challenge,” users ported themselves online, and Threat Actors wrote programs that were supposed to see what was behind the “invisible” Filter. However, the actors wrote programs to steal passwords, discord accounts, cryptocurrency wallets, and other information.
Let’s suppose for a minute you are big on the TikTok Challenges and want to see the person behind the filter. Let’s suppose you are using your work phone or BYOM. The above malware would now have access to your work email, data, passwords, and contacts list. That Malware will fill your corporate data and place it for sale on the surface web or dark web.
Companies, Governments, and all need to protect against that from happening. Most organizations prefer Apple Mobile Devices as Apple provides more checks in their Appstore and restricts apps and developers unless they follow a strict term of service. However, we have seen, time and time again, threat actors bypassing these restrictions. Microsoft and other providers add layers of security known as Mobile Device Management. Although many providers exist, I worked with MS Intune (now Microsoft Device Manager) and MobileIron. With Apple, an origination can purchase the device and lock it to their account, and using one of the MDMs can restrict service, apps, and data and monitor the device for location and, if needed, brick or destroy the device over the air. Protecting their data from others.
With BYOD, MDM providers like Microsoft can build a work partition on the device to restrict company data to special apps and monitor the corporate apps and data for possible issues. This can be done with a multitude of software apps.
Samsung and Google have gone even further in the Android ecosystem. While Android is open source and allows more in the Appstore, Samsung with Knox builds secure encrypted partitions and profiles on the phone. Knox keeps your personal and professional data separated and isolated. Data can be shared with heavy user interaction, although that can be further locked down. Knox allows a personal vault set with different passwords and pins to isolate your private data from apps and software completely.
However, even with the best software and security measures, zero-touch software from NSO Group and devices like Stingray can intercept, crack, and open your protected information. Governments and threat actors can grab your data with enough money and time.
Simply
5. Identify the isolation boundary in a computer system design.
Networks can be vaned and air-gapped. Hardware and software can have encryptions and software countermeasures. Enterprises have solutions to protect data and training programs to teach the basics about security threats. At the end of the day, good cyber hygiene and being aware of what you are installing and accessing will provide some protection.
6. Explain The roles of the guard.
The guard is the one to isolate and defend the information from prying eyes.
