Palm Security WP.Qxd

Palm Security WP.Qxd

Palm® Mobility Series: Security Smartphone and handheld security for mobile business. Mobile computing: Opportunities and risk By providing professionals with convenient mobile access to email, business applications, customer information and critical corporate data, businesses can become more productive, streamline business processes and enable better decision making. With the new ease of access to information comes a responsibility to protect the organization's data as well as the investment in mobile devices. In many ways, security risks for mobile computing are similar to those for other computing platforms. There are the usual concerns of protecting data, authenticating users, and shielding against viruses and other malicious Contents code. But because of their mobility and compact size, smartphones and handhelds present some additional challenges: Mobile computing: Opportunities and risk...................................................... 1 Know thy enemy: Security risks...................................................................... 2 • Smartphones and handhelds are more easily lost or stolen than Theft and loss ............................................................................................ 2 laptop or desktop computers. Password cracking .................................................................................... 2 Data interception ...................................................................................... 2 • Users often treat smartphones and handhelds as personal devices Malicious code .......................................................................................... 2 and must be trained to consider the security risks when they use Host intrusion ............................................................................................ 3 these devices to access corporate data and networks. Foundations of handheld and smartphone security ...................................... 3 Establish security policies ........................................................................ 3 • Because smartphones and handhelds frequently connect wirelessly, Protect data on the device ........................................................................ 4 robust wireless security becomes essential. Power-on authentication .................................................................... 4 Fortunately, a wide selection of robust security solutions makes it easy to Data encryption .................................................................................. 4 Malicious code protection.................................................................. 4 protect device data and mobile access to corporate networks. In fact, Backup and recovery .......................................................................... 4 common security practices for Palm® smartphones and handhelds are Protect data across the network .............................................................. 5 more robust than what is typically used with laptops and desktops. For Device and server authentication ...................................................... 5 example, database encryption is a standard safety measure with mobile Communications encryption.............................................................. 5 devices but not with laptops. Even if the device is stolen, the data cannot Secure administration................................................................................ 5 be read from the hard drive without the decryption key. Secure development ................................................................................ 6 Securing hotSync and ports...................................................................... 6 Strong security is multi-layered and must be woven into the very fabric Network security solutions .............................................................................. 7 of an organization. This paper examines some of the key issues in mobile VPN ............................................................................................................ 7 security and discusses security solutions for Palm handhelds and SSL ............................................................................................................ 7 smartphones. 802.11 security .......................................................................................... 7 Bluetooth security...................................................................................... 8 Infrared (IR) security .................................................................................. 8 Note: To prevent confusion, this paper distinguishes between Palm® Secure messaging and data solutions ............................................................ 8 smartphones and handhelds and the Palm OS. Palm, Inc, is a licensee Good Technology GoodLink Enterprise Edition........................................ 8 of the Palm OS (known as Garnet and referred to in this paper as the Government solutions ...................................................................................... 9 Garnet OS), which has the ability to innovate on top of the Garnet OS Federal standards ...................................................................................... 9 and often does so to build seamless integrated functionality into its FIPS solutions for Palm handhelds and smartphones ............................ 9 products. When features in this paper are native to the OS, they will Case study: FIPS Security in Action........................................................ 11 be called out as part of the Garnet OS. When features are value The future of smartphone and handheld security ........................................ 11 Appendix: Solutions from Palm solution providers ...................................... 12 added, either by Palm or by third parties, they will be so noted. Glossary .......................................................................................................... 16 1 Palm® Mobility Series: Security Palm, Inc. Know thy enemy: Security risks 2. Change passwords regularly. Periodic password changes can When forming a security strategy for mobile devices, the first step is to reduce the damage done by stolen passwords. Too frequent changes, analyze the potential risk factors. Based on the relevant risks for your however, can be irritating to users. organization and applications, form a security plan that effectively counters 3. Enforce password policies. Ensure users select passwords with a each risk. The major security threats with mobile devices are theft and loss, minimum length and special characters unrelated to their user ID and password cracking, data interception, malicious code and host intrusion. that are not in a dictionary. Theft and loss 4. Use password generators. If users are allowed to generate their The same factors that make smartphones and handhelds attractive to own passwords, they often choose easy-to-guess words. Some mobile users- their portability and convenience - also make them easy to generators create pronounceable non-words to help users memorize misplace. Despite a user's best efforts, a device may be stolen or lost. their password. The downside of complex passwords is that users With proper security measures, corporate data will be protected even if are more likely to write them down, so aim for strong passwords the device falls into the wrong hands, and the user will be able to return that can be memorized. to productivity quickly. Despite the publicity surrounding automated cracking tools, social engineer- To prepare for the worst case, IT should implement the following precau- ing continues to be the most common method of compromising pass- tions for every handheld and smartphone that contains corporate data: words. By applying these best practices and training users to guard their • Mandate authentication. Power-on authentication protects device passwords, mobile devices will be well-protected against password attacks. data and networks from unauthorized users. All Palm® smartphones Data interception and handhelds include strong, effective built-in password protection. Today's smartphones and handhelds offer a variety of ways to access and In addition, administrators may want to install security applications transmit data, including wireline, infrared (IR), wireless LAN (Local Area that enforce the organization's authentication policies. Network) technology like Bluetooth and 802.11, and wireless WAN (Wide • Encrypt sensitive data. Any data that the enterprise wants to protect Area Network) connectivity. Wireless networks are particularly vulnerable to should be encrypted when not in use. Data should also be encrypted data interception since data is transmitted over the air, making it harder to before it is transmitted. Effective encryption protects data from enforce a physical boundary. In addition to accessing unencrypted data, an thieves and hackers. eavesdropper may be able to determine the identities of the communicat- ing parties. Once an identity is obtained, the perpetrator can masquerade • Back up data regularly. A recent backup minimizes user downtime as a legitimate user and send false messages or access system resources. and enables quick restoration of data, applications and configuration. (This is often referred to as a "man-in-the-middle attack.") With regular backups, user data and profiles can be easily restored. By implementing sound security procedures such as authentication, data • Establish procedures

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    18 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us