Platform security

  • All the communications between server and Ermetix apps, uses HTTP protocol (versions 1, 2, 3) over secure connections with cryptographic protocol TLS 1.2 and 1.3. Certificate is Pinned in order to prevent man-in-the-middle attacks
  • MDM communications between server and devices are code-signed to prevent command tampering
  • critical and sensitive MDM communications between server and devices are end2end encrypted
  • Ermetix Agent for Android is compiled with advanced security technics that prevents code inspection, defends reverse engineering and takes the security more robust
  • View Screen feature can be forced on cryptographic protocol TLS to increase security
  • 2 factor authentication (via mail or Authenticator app) is enforced for admins
  • admin's single auth session is limited to a maximun of 8 hours
  • authentication on Ermetix is based on a token and time expiration
  • in cases of failed authentication attempts, user is asked to insert captcha verification code
  • server manage a ban list in case of attack or bruteforce attempts
  • server WAF uses ML-based mechanism to detect attacks and mitigates OWASP Top risks
  • when a password is changed, user will be notified on its email
  • data are separeted ad saved in a specific dedicated client's container
  • devices' or profiles' encryption is managed by the OS. See references for more info.
  • Android device integrity check can be enabled at enroll too.
  • data is mantained in Europe on Tier 4 datacenters with allmost the compliance standards like UNI CEI EN ISO/IEC 27001:2017 and AGID
  • XNOOVA S.R.L. has successfully completed a Cloud Application Security Assessment (Lab Tested - Lab Verified), validating Ermetix has satisfied CASA application security requirements. CASA is based on the industry-recognized Open Web Application Security Project (OWASP) Application Security
    Verification Standard (ASVS). More info on https://appdefensealliance.dev/casa/casa-requirements .

Android References

https://storage.googleapis.com/android-com/resources/enterprise/pdfs/AE Security Paper_V6 CM.pdf
https://source.android.com/security/encryption
https://www.linkedin.com/pulse/android-encryption-basics-mike-burr-cissp-giac-gmob

Apple References

https://support.apple.com/en-gb/guide/security/secf020d1074/1/web/1
https://www.apple.com/business/docs/site/AAW_Platform_Security.pdf

Firewall configurations["mobile"]~Knox Platform for Enterprise