Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Corporate Mobile Phone Security Considerations

Idea Some excellent analysis on security exposures and corporate recommendations are presented in these detailed PDF documents.

NIST - Guidelines on Cell Phone and PDA Security
http://www.gtiscsecuritysummit.com/pdf/CyberThreatsReport2009.pdf
http://www.networkworld.com/newsletters/sec/2009/022309sec1.html
http://www.pcworld.com/article/152330/botnet_spam_attacks_to_target_cellphones_report_warns.html

QUOTE: The cell phone is becoming an entirely new tool— especially outside the U.S., where accessing the Internet from a mobile device can provide a better experience than traditional fixed computing. VoIP technology also continues to improve and will rival landline and mobile communications in terms of reliability and call quality. As Internet telephony and mobile computing handle more and more data, they will become more frequent targets of cyber crime.

NIST Guidelines on Cell Phone and PDA Security (51 pages)
http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf

SECURITY RISKS: The Executive Summary presents a succinct overview including a list of vulnerabilities leading to risks for corporate security from cell phones and PDAs:

• The devices are easily lost or stolen and few have effective access controls or encryption;
• They’re susceptible to infection by malware;
• They can receive spam;
• Wireless communications can be intercepted, remote activation of microphones can eavesdrop on meetings, and spyware can channel confidential information out of the organization;
• Location-tracking systems allow for inference;
• E-mail kept on servers as a convenience for cell-phone/PDA users may be vulnerable to server vulnerabilities.

RECOMMENDATIONS: The key recommendations, which are discussed at length in this 51-page document, include the following (quoting from the list on page ES-2 through ES-4):

1. Organizations should plan and address the security aspects of organization-issued cell phones and PDAs.

2. Organizations should employ appropriate security management practices and controls over handheld devices.

3. Organizations should ensure that handheld devices are deployed, configured, and managed to meet the organizations’ security requirements and objectives.

4. Organizations should ensure an ongoing process of maintaining the security of handheld devices throughout their lifecycle.

Posted: Feb 26 2009, 09:53 AM by Harry Waldron | with 1 comment(s) |

Comments

Todd Cohan said:

Corporates should take measures to ensure the security of mobile phone text, SMS and email messages of their employees. Mobile Phone utilities like <a href="www.textguard.com/.../a> can help them take care of this. This utility is designed especially for Windows Mobile and BlackBerry phones and will be soon available for phones running on Symbian and Android operating systems.

TextGuard will soon provide SEC 17a-4 compliance as well, making it necessary for most businesses to use it under law. This will not only help businesses, enterprises and corporates, but it can also help professionals and individuals as well.

# March 6, 2009 5:03 AM