Intranet Journal   Earthweb  
Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts

   Intranet Journal Subjects
Search Earthweb

Privacy Policy
 

[ Home | Discussion Forum | How Do I... | Lotus Notes Intranets | Microsoft SharePoint | Products | Shopping  ]

free news!
Storage Networking , Part 1
eBook: A storage network is any network that's designed to transport block-level storage protocols. But understanding the ins and outs of networked storage takes you deep into several of protocols. This guide covers SANs, Fibre Channels, Disk Arrays, Fabric, and IP Storage. »
Storage Networking 2, Configuration and Planning
eBook: Picking up where Part 1 left off, Part 2 of our look at storage networking examines configurations for SAN-attached servers and disk arrays, and also includes a look at the future of IP storage. »
Storage Management Costs in the Enterprise: A Comparison of Mid-Range Array Solutions
Whitepaper: Many factors contribute to the ownership cost for enterprise storage. These include (but are not limited to): physical capacity relative to physical space requirements, performance capacity for data transfer and system reaction time, software maintenance and updates, expandability and flexibility, and much more. »
Storage Is Changing Fast  Be Ready or Be Left Behind
PDF: The storage landscape is headed for dramatic change, thanks to new technologies like Fibre Channel over Ethernet (FCoE), pNFS, object-based storage and SAS that will affect everything from NAS and SANs to disk drives. Get the knowledge you need to make the most of your storage environment, now and in the future. »
HP StorageWorks EVA4400
Demo: Dont settle for an expensive and complex array that lacks functionality. The HP StorageWorks EVA4400 delivers virtual storage with enterprise class functionality at an affordable price. »

Whitepaper: Control Costs & Drive Agility in the Datacenter. Learn to control costs, improve business agility & remain secure & in compliance through dynamic infrastructure.

PDA Security 101

Laura Taylor
4/07/2003

Go to page: 1 2 

Printer Friendly Version

Corporate information technology users are increasingly relying on personal data assistants (PDAs) to check e-mail, surf the Web, and a variety of other tasks. When you use PDAs for online tasks they become just as vulnerable as desktop systems to viruses, mobile code exploits, and a variety of other threats. What should organizations do to make keep their PDA users safe from the threats of the Internet?

PDA Security Issues

With PDAs becoming ubiquitous, the same threats that affect desktop users are starting to affect PDAs. The biggest threats that PDA users need to be concerned typically fall into one of these six categories:

  • Password theft
  • Viruses and data corruption
  • Data theft through line sniffing
  • Theft of the PDA itself
  • Mobile code vulnerabilities
  • Wireless vulnerabilities
The biggest security risk to PDAs is likely theft of the device itself, and for that reason securing the data on the device in standalone mode is probably the best type of precaution users can take. The second biggest security risk to PDAs is viruses. Mobile code vulnerabilities (Java and ActiveX exploits) are also a threat, but only affect PDAs that do Web surfing. Wireless vulnerabilities only affect PDAs that use wireless services or have their wireless port enabled.

Encryption solutions exist for PDAs to secure both the data, and links used to communicate with remote systems and networks. The encryption solutions that exist for PDAs typically are one of two types: products to secure the data as the PDA sits in standalone mode or products to secure the link as the data moves back and forth to and from infrastructure devices (such as the desktop unit that it uses for hot-syncing). Using an encryption product to secure either the link to the desktop hot-sync system, or for wireless surfing, means that you basically need to wrap up your PDA traffic in a VPN. Unless you have extremely sensitive data (e.g. government classified data), using a VPN on your PDA may not be worth the performance hits you will suffer.

The best way to protect your PDA from wireless vulnerabilities is to install a VPN client on your PDA. When you protect wireless transmissions, you are protecting the data in transit. If you install a VPN client on your PDA, you will likely notice performance degradations and unless you have reason to believe that someone is "sniffing" your wireless traffic, or you have sensitive information to protect, installing a VPN client on your PDA is probably not worth it. However, if you are dialing into a classified network on your PDA, the security policies of the organization may require that you use a VPN whether you want to or not.

VPNs operate using a client-server architecture, therefore PDAs using VPN clients need to connect to a VPN gateway server residing on the destination network. It is not possible to establish a VPN tunnel with the VPN client by itself. Therefore, unless you have a VPN gateway server on the destination network that your PDA client will connect to, there is no point in trying to configure a VPN client. For stronger VPN security, you'll want to use X.509 digital certificates for authentication.

Security Policies for PDAs

Organizations can also create security policies to help protect sensitive data that resides on PDAs. For example, a policy that requires the wireless port be disabled will reduce the risk of sensitive data being transmitted to unauthorized individuals. You can create an end-user behavior policy that stipulates that PDAs not be used for receipt or sending of e-mails with private and sensitive information. By creating end-user behavior security policies organizations can hold the end-users accountable for security violations.

If you feel that your network is at risk for PDA viruses, and you have not deployed enterprise anti-virus software for PDAs, you can create a policy that requires the synchronization capability (hotsync) to be turned off. Keep in mind that end-users typically are resistant to security policies, and your best bet for gaining end-user acceptance is by illustrating the risks to executive managers who may help with championing and supporting PDA security policies.

Go to page: 1 2

Printer Friendly Version
Of Interest
Intranet eXchange Discussion Board
Security Policies 101
VPN Shopping 101

email this page

Tutorials
and more at:
Intranet Journal's Tutorials
Intranet Journal Favorites

Creating a PHP-Based Content Management System

The Spyware Guide

Introduction to Microsoft SharePoint Portal

Intranet Journal
Part of the EarthWeb Network

Managing Editor
Intranet Journal
Tom Dunlap

EarthWeb Home Page
Jupitermedia Home Page

Media Kit





JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Microsoft Article: HyperV-The Killer Feature in WinServer ‘08
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Win Server ‘08
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
 Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
 Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES