|
|
Programming Help |
Homework Help |
Counseling Astrology Advice | Tarot Advice | Parenting Dating Advice | Love Advice | Divorce Advice Legal Advice | Debt Advice | Career Advice W IRELESS N ETWORK S ECURITY 5-32 5.4.2 Operational Countermeasures Operational countermeasures require handheld device users to exercise due diligence in protecting the handheld devices and the networks they access from unnecessary risks. Most operational countermeasures are common sense procedures that require voluntary compliance by the users. Operational countermeasures are intended to minimize the risk associated with the use of handheld devices by well- intentioned users. Although a determined malicious user can find ways to intentionally disclose information to unauthorized sources, the handheld security policy and the agency's operational countermeasures should make clear the user's responsibilities. The back of the PDA device should always be labeled with the owning agency's name, address, and phone number in case it is lost. Handheld device users should be provided with a secure area to store the device when not in use. A desk with drawers that lock or a file cabinet with locks are available in most offices and should provide sufficient physical security against theft from within the office environment. Galvanized steel cables and locks are also available to secure handheld devices to the user's desktop if other physical controls are not available. Although these measures cannot ensure that a determined thief will not cut these cables or locks, it does prevent an opportunistic thief from walking away with an unattended handheld device. While on travel, room safes should be used, if available, to store handheld devices when not in use. Security administrators should have a list of authorized handheld device users, to enable them to perform periodic inventory checks and security audits. Individuals that use their handheld devices for other than business uses should comply with the agency's security policy or be restricted from accessing the agency's network. Handheld devices should be distributed to the users with security settings that comply with the agency's security policy and should not be distributed with "out-of-the-box" default settings. A configuration management policy should be established. Such a policy frees security administrators from having to focus on many different configurations and allows them to concentrate on the configurations that have been adopted for the agency. Handheld devices should have a PIN code or password to access the device. Some handheld devices already use voice authentication for authenticating users to the device or to network resources. Voice authentication should be coupled with password authentication. A number of security tools are currently available to help mitigate the risks related to the use of PDAs, including password auditing, recovery/restoration, and vulnerability tools. 53 In general, users should not store sensitive information on handheld devices. However, if sensitive information is stored on the handheld device, users should be encouraged to delete sensitive information when no longer needed. This information can be archived on the PC during synchronization and transferred back to the PDA when needed. Users can disable IR ports during periods of nonuse to deter them from leaking information from their handheld devices. Users with access to sensitive information should have approval from their management and network security administrators before storing sensitive information on their handheld device to ensure they have the appropriate security countermeasures in place. Some handheld devices allow users to mark certain records as "private" and hide them unless the device password is entered. Thus, if a malicious user gained access to an unattended device without knowledge of the device password, that malicious user would not be able to see the private data. Depending on the underlying operating system, however, some of these private data fields can be read directly from memory. 53 See "Research Tools" at http://www.atstake.com . |
Find more freelance jobs
|
