Intranet Journal   Earthweb  
Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts

   Intranet Journal Subjects
Search Earthweb

Privacy Policy



internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

internet commerce
Be a Commerce Partner
















 

[ Home | Discussion Forum | How Do I... | Lotus Notes Intranets | Microsoft SharePoint | Products | Shopping  ]

free news!

PDA Security 101
Page 2


Laura Taylor
4/7/2003

Go to page: 1 2 

Printer Friendly Version


PDA Security Products

There are a wide variety of PDA security products on the market to protect PDAs from becoming susceptible to vulnerabilities and threats. The leading PDA security products available today are typically made for the PalmOS and WindowsCE platforms. PalmOS is bundled on PDAs made by both Palm and Handspring. WindowsCE is Microsoft's PDA operating system and comes bundled on PDAs that are marketed as PocketPCs. PocketPCs are made by a wide variety of vendors including Compaq, HP, Sony, Toshiba, and Dell.

Except for PDA security products related to hotsync functions, most of the PDA security products on the market are similar to security products for desktop systems. There are authentication products, encryption products, anti-virus products, and password products that work in similar ways as products of this type made for desktop and laptop systems.

One product that stands out as very unique to PDAs is an electronic shielding bag made by MobileCloak. PDAs typically operate in "always on" mode. If you remove the battery, you actually lose your data. (This is why end-users should hotsync their PDA regularly.) Therefore, in one sense, PDAs are never completely turned off. To ensure that wireless transmissions are protected and not leaking into wireless access points that you may not know about, you can put your PDA into an electromagnetic shielding bag while carrying it around with you.

On PDAs that have highly sensitive information that could, for example, compromise national security, you can install bit wiping packages. Bit wiping occurs when the entire memory is over-written, basically wiping out all of the data completely so that it can't be recovered even by a PDA forensics tool. Bit wiping is just a terminology for reformatting or completely erasing the stored memory. Typically, you would set-up bit wiping to kick in if the PDA was not synchronized within a certain timeframe, or if there were too many bad password attempts. However, bit wiping is not for the average everyday user. If not used correctly, bit wiping can destroy your valuable data so that even the data owner cannot recover it.

If you allow PDAs on your enterprise network, you should at the very least set up a password enforcement product that will require all your PDA end-users to supply a password for authentication. The best way to deploy a PDA password enforcement solution is to set-up a backend system to automatically install password enforcement software on the enterprise PDAs when they hotsync to their desktop hosts.

PDA Security Vendors

There are a wide variety of PDA security vendors that have products to secure your PDA. PDA vendors that seem to have particularly useful products are listed below.

PDA Security Vendors
Vendor Product
Name
Web Site Description
Cisco VPN 3000 www.cisco.com VPN gateways for PDA VPN clients
FreeWarePalm CCrypt www.freewarepalm.com Data encryption
Certicom movianVPN www.certicom.com VPN clients for PDAs
MobileCloak mCloak www.mobilecloak.com Electromagnetic shielding bag
DentonSoftware Cradle Robber and ALP www.dentonsoftware.com Secure databases and authentication solutions
F-Secure FileCrypto, SSH, Anti-Virus www.f-secure.com Anti-virus, encryption, and authentication solutions
Asolutions PDA Defense www.asolutions.com Hotsync security and IrDa port security, database security, password enforcement, bit wiping
Pointsec Pointsec for Pocket PC, Pointsec for PalmOS www.pointsec.com Encryption and authentication solutions
Paraben PDA Seizure www.paraben-forensics.com PDA forensics tools
Trust Digital PDA Secure www.trustdigital.com Password protection, hotsync protection, data encryption, bit wiping, VPN client

A Word to the Wise

The CERT Coordination Center at Carnegie Mellon University (www.cert.org) has been publishing advisories on information technology security threats and trends since 1988. For at least a year, CERT has been publishing information about vulnerabilities and threats that affect PDAs. With the debut of PDA-based cell phones, security vulnerabilities to PDAs and their associated hotsync hosts will only increase over time.

Not securing PDAs from viruses and all the other threats that exist increases the possibility of data corruption on the PDA itself, and on the devices to which they pass traffic. If you allow PDAs on your network infrastructure, then you need security controls and policies to keep these devices from damaging your valuable data and infrastructure. If no security controls or policies are in place for PDAs, it is best to keep them off your network infrastructure until policies and security controls can be implemented.

Keep in mind that if you leave your PDA in a taxi or a restaurant, a person finding it will likely be more interested in the device itself than in the data on the device. If you have a password enforcement package that prevents access to the device making it unusable to an unauthorized user, it is possible that a finder might be motivated to give it back. Therefore, a simple suggestion is to label your PDA with an address or phone number so that it can be returned to you in case it is recovered by an honest finder.

Go to page: 1 2

Printer Friendly Version

Of Interest
Intranet eXchange Discussion Board
Security Policies 101
VPN Shopping 101

email this page

Tutorials
and more at:
Intranet Journal's Tutorials
Intranet Journal Favorites

Creating a PHP-Based Content Management System

The Spyware Guide

Introduction to Microsoft SharePoint Portal

Intranet Journal
Part of the EarthWeb Network

Managing Editor
Intranet Journal

Tom Dunlap

EarthWeb Home Page
Jupitermedia Home Page

Media Kit





JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions
Whitepapers and eBooks
Go Parallel Article: Intel Thread Checker, Meet 20 Million LOC
IBM Whitepaper: Innovative Collaboration to Advance Your Business
Internet.com eBook: Real Life Rails
Avaya Article: Call Control XML - Powerful, Standards-Based Call Control
Tripwire Whitepaper: Seven Practical Steps to Mitigate Virtualization Security Risks
Internet.com eBook: The Pros and Cons of Outsourcing
Internet.com eBook: Best Practices for Developing a Web Site
IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"
Avaya Article: Call Control XML in Action - A CCXML Auto Attendant
Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program
IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
Go Parallel Article: Getting Started with TBB on Windows
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++
HP Video: Is Your Data Center Ready for a Real World Disaster?
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
HP On Demand Webcast: Virtualization in Action
Go Parallel Video: Performance and Threading Tools for Game Developers
Rackspace Hosting Center: Customer Videos
Intel vPro Developer Virtual Bootcamp
HP Disaster-Proof Solutions eSeminar
HP On Demand Webcast: Discover the Benefits of Virtualization
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Microsoft Download: Silverlight 2 Software Development Kit Beta 2
30-Day Trial: SPAMfighter Exchange Module
Red Gate Download: SQL Toolbelt
Iron Speed Designer Application Generator
Microsoft Download: Silverlight 2 Beta 2 Runtime
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage
Microsoft Article: Expression Web 2 for PHP Developers--Simplify Your PHP Applications
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES