Learn the Basics of Handheld Security
Use of Personal Digital Assistants (PDAs) continues to increase as new applications become available for them on almost a daily basis.While the PDA market has not grown as quickly in the last two years as it did in the mid and late '90s, as the U.S. economy recovers, the market will likely get a second wind. If your organization has not taken PDA security into consideration previously, now is the time to do so. While PDA security is often a forgotten piece of the security infrastructure, PDAs have the ability to transmit and receive viruses, and can be exploited in numerous ways.
PDA Security Concerns
Early market forecasts anticipated that businesses would at some point start purchasing PDAs for all their employees. While this phenomenon has not occurred on a remarkable scale, individual employees continue to purchases these handy devices out of their own pockets, and link to them to the corporate desktop through the backdoor.
End-user ownership is not necessarily a bad thing for corporations, as it means that end-users are responsible for the support and upkeep of their own handheld devices. However, connecting these devices to the corporate desktop does create security liabilities that ought to be taken into consideration.
Digg
del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeedIf businesses are going to let their employees use PDAs, and connect them to the corporate desktop, though they may not need to offer HelpDesk support for end-user applications, they should enlist security policies, and hold the employees accountable for compliance. Security policies are rules of the road that describe rules of behavior, and configuration guidelines that end-users and administrators must adhere to. Without security policies, it's hard to hold uses and administrators accountable for security transgressions.
In fact if you're not going to provide your users with any security guidance at all for their PDAs, you really don't have any reason to expect they will take security into consideration.
PDA Vulnerabilities
PDAs, and smartphones that are based on PDA operating systems, are subject to the same types of vulnerabilities that affect laptops. The most predominate vulnerabilities affecting PDAs include:
While PDAs are probably more likely to be a carrier of viruses, than the actual target of a directed attack, it is possible through automated port scans for hackers to identify PDAs that they can attack directly. Though currently the likelihood of a directed attack may not be high, as Wi-Fi and CDMA (cellular) wireless access becomes more available it can be expected that these types of attacks will increase. When used in standalone mode, and not connected to any types of networks, your PDA has no vulnerability at all to direct attacks.
One of the biggest security risks to PDAs is theft of the device itself.
While most PDA thieves are probably more interested in obtaining the device for their own use, than obtaining the data, any sensitive data (classified information or propriety trade secrets) should be encrypted. While most PDAs probably do not come bundled with encryption software, add-on products exist which you can purchase separately to encrypt just about anything.
Since PDAs and smartphones, and cell phones are small and very mobile, they are easy to lose and huge numbers get lost every year. If your PDA or smartphone is password protected, and ownership information is visible, it is possible that if you lose it, someone who finds it may be motivated to give it back since it would be difficult for the finder to use it without the password.
If you want a lost PDA to be returned to you, put a phone number in some visible location on the outside of the device. Airports have reported collecting vast amounts of handheld devices lost in the shuffle by heedless travelers.
Safeguards
Fortunately, a number of products exist that can strengthen the security of PDAs in a variety of ways.
If you have classified or highly sensitive information on your PDA that could impact lives or national security, you'll want to have bit wiping software installed on it. In the event that you lose your PDA, if a finder inputs the wrong password, or if the PDA is not synchronized within a certain timeframe, the data is automatically erased. No one should use bit wiping software unless they truly need it, as there exists the possibility to remove your data permanently so that even the rightful owner cannot recover it.
PDAs operate in ''always on'' and if you're PDA is Wi-Fi enabled and you're not careful, you could transmit data to wireless access points unknowingly. MobileCloak makes a nifty electronic shielding bag that you put your PDA in to prevent wireless transmissions from leaking out to unknown access points.
Anti-virus vendors are starting to port their products to PalmOS and PocketPC operating systems and a handful of VPN clients are also available for PDAs. Various encryption solutions, authentication products, and firewalls are also available for PDAs.
This article was first published on PDAstreet.com. To read the full article, click here.
Forefront helps businesses protect against viruses, worms, spam, and inappropriate content. Click here to download free trial and beta versions of Microsoft Forefront products today.
