Presentation on theme: "CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005."— Presentation transcript:
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005
What is handheld device? Why does handheld device introduce new security risks? How to mitigate the security issues of handheld devices?
1. What is handheld device? Handheld devices (also known as handhelds) are pocket-sized computing devices that are rapidly gaining popularity as the access to information in every walk of life becomes more and more mission critical.
Typical handhelds Information appliance Smart phone Personal digital assistant (PDA) Cell phone Handheld game console
2. Why does handheld device introduce new security risks? Small size Limited computing power, memory and peripherals Handheld device users often do not consider the security implication Multiple access points (e.g., expansion modules, wireless modems, Bluetooth, etc.) Few auditing capabilities or security tools available Etc.
Security Requirements Confidentiality – information is disclosed only to legitimate entities or processes. Integrity – unauthorized modification of information is prevented. Availability – authorized entities can access a service provided they have appropriate privileges.
3. How to mitigate the security issues of handheld devices? Management Countermeasures Operational Countermeasures Technical Countermeasures
Telecommuters, Remote, Mobile, and Home users can have secure, controlled access to corporate LAN resources from any Internet connection. All applications can be made available the same as if they were locally connected. VPN - Remote/Mobile Users
Wireless Handheld Device Security Checklist Security RecommendationBest Practice Should consider Status 1.Develop an agency security policy that addresses the use of all handheld devices. * 2.Ensure that users on the network are fully trained in computer security awareness and the risks associated with handheld devices. * 3.Perform a risk assessment to understand the value of the assets in the agency that need protection. * 4.Conduct ongoing, random security audits to monitor and track devices. *
Security RecommendationBest Practice Should consider Status 5.Ensure that external physical boundary protection is in place around the perimeter of the building or buildings of the agency. * 6.Deploy physical access controls to the building and other secure areas (e.g., photo ID, card badge readers). * 7.Minimize the risk of loss or theft through the use of physical locks and cables. * 8.Label all handheld devices with the owner and agencys information. *