Handheld Security: Part II - Understand Vulnerabilities - Page 2

By Laura Taylor
  • Print Article
  • Email Article
Continued From Page 1

Prevent Network Vulnerabilities
One of the best ways to safeguard PDAs and smartphones on a network level is to create security policy template files and distribute them to the end-user devices. To do this, most companies need to purchase a third-party handheld security policy editor that can create group policies that integrate with either Active Directory or LDAP.

Controlling security policies through a centralized management system is the most effective approach to secure company-owned mobile devices. In evaluating enterprise PDA security products, look for ones that offer the following capabilities:

  • Protect personal databases such as address books, calendars and date books
  • Protect application databases such as SQL Server CE
  • Encrypt files, database, and folders
  • Strengthen password protection by turning on lock-out features
  • Expire passwords after a pre-determined length of time has passed

The PDA security policy editor should always be centralized and integrated with your directory services, otherwise it creates a great deal of administrative overhead.

Web Sites with PDA Vulnerability Information
Once you know what operating system your handheld uses, and how it connects to other systems or networks, you can research the vulnerabilities that could potentially affect your device.

While many independent research and advisory sites contain objective third-party information, so do the vendors that design handheld security software. Be sure to check their Web sites to improve your understanding of handheld security issues.

PDA Security Countermeasures
Countermeasures, or safeguards, are steps you can take to offset the risks of mobile device security threats. The following is a list of countermeasures that you can put in place to prevent unauthorized users from wreaking havoc on your handheld and the company systems and networks with which it communicates:

  • Install a firewall on the handheld that has its rules configured to allow only authorized IP addresses to make connections to the device.
  • Disable all HotSync and ActiveSync features when not in use.
  • Ensure that password lock-out software is enabled to restrict the number of password guesses.
  • Do not store PDA passwords on desktop PCs.
  • Install a reputable anti-virus product on your device to prevent propagation of malicious code (viruses, Trojans, and worms).
  • Strong third-party authentication (e.g. two-factor authentication) software should be installed to protect them from brute force attacks and password sniffing.
  • Any PDAs or smartphones that transmit classified information should have their connections to third-party systems and networks protected by VPNs.
  • Handhelds that contain sensitive or classified information should have their data encrypted with keys that are at least 80 bits long.

  • Make sure your mobile device is upgraded with the latest security patches.
  • Do not use un-trusted Wi-Fi access points (such as those at coffee shops) since they may not have all their security features properly configured.

PDA Vulnerability Upshot
You should take the time to read about and understand the security features that come bundled with your handheld's operating system. If it lacks basic security features, look into to improving a mobile device's security by installing third-party security software. At the very least, install an anti-virus product.

You do not have to be a computer security expert to research the security vulnerabilities that affect your handheld. You need to know what operating system your device uses and how it to connects to a desktop PC and the Internet.

From these two starting points, you can research your handheld's vulnerabilities on the Web. When shopping for a handheld, ask the dealer what sort of security features come bundled with it. For example, RIM devices come with a wireless e-mail client that is protected by the Triple DES (3DES) encryption algorithm.

If businesses allow end-users to connect their PDAs and smartphones to the corporate network, mobile device security policies should be established, include rules of behavior as well as technical policies that network administrators need to configure and set up. Mobile device management policies should also be established in order to put management accountability into place.

Adapted from smartphone.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Page 2 of 2

Previous Page
1 2
This article was originally published on September 17, 2004
Thanks for your registration