Companies today have a good overview of the vulnerabilities with their handheld devices. Personal electronic devices (PED), personal digital assistants (PDAs), e-mail and paging devices are connected (like BlackBerry), hybrid and other handheld communication devices found in the hands of almost every manager in those days but their inherent weaknesses are largely overlooked.
Perhaps this is because of their size, mobility and relatively inexpensiveCosts. In any case, these devices have not register on the radar of most system administrators and are incorrectly wired so as not vulnerable as they connect via fixed terminals to a LAN, WAN or perceived the Internet. The popularity and proliferation of rapidly evolving technology associated with the devices make them extremely vulnerable to security breaches.
There are several general classes of handset operating systems: the Palm Operating System (OS) (PalmPilots, Handspring Visor, etc.), Apple iPhone OS, Symbian, and those that Windows CE and Pocket PC (Compaq, HP Jornada, Casio, etc.). Hand-held devices are equipped with a variety of accessories for cameras, modems equipped and synchronization cable and wireless connections to Bluetooth and flash memory. All operating systems have software libraries with applications, widgets and plugins developed and distributed during both the commercial as shareware and freeware Channelsand as with any software that also untrusted sources freeware programs may contain hidden code - it adware or malware.
Due to their size and agility, the primary safety concern with hand-held devices connected to their ability to store large amounts of information. In addition, the breadth of communication options is available, and you have a device that takes enormous risks. Since the devices are relatively cheap to buy their own users or they received asGifts and they tend to be used in an organization, regardless of whether they are qualified or not. As such, companies have little or no control over information leaving the organization.
A variety of vulnerabilities exist when these devices to PCs or other network are connected, combined automated information system (AIS): a Trojan horse and malware programs are easy to install creates a backdoor on the host network for exploitation since the Anti-Virus The hand will be approvedDevices are not as stringent as PC antivirus software and operating systems are not currently designed to limit malicious code from system files to change. Wireless device connections can be intercepted and data without the knowledge or consent of the user, as shown recently in the well-publicized incidents of drive covered by hacking, blue and blue Snarfing propulsion. Handheld devices with infrared technology transfer can also be intercepted as well. Finally, the hand held devicestheir very nature are small and therefore easily stolen or lost, what will be passed on sensitive information to unauthorized parties.
The first and best step is to get a grip on hand equipment to ensure that your company, they include in their written safety guidelines. Companies need clear and precise question guideline for which devices can and can not be used and for what specific purposes.
As the devices are used and the type of information is allowed tostored on the devices directly affect the total risk for the company. Good policy is the approved configuration of devices and operating modes, including whether wireless radio frequency and / or infrared transmission is permitted and whether the user can specify synchronized system administrator privileges on the base to the PC the device. Of course, the purpose and conditions of use are acceptable devices. Corporate provided equipment should be used onlyto work for activities. Users should be an agreement to sign the compliance of the Acceptable Use Policy for. The devices should not be used to enter or passwords, safe / door combinations, personal identification numbers, or classified, sensitive or proprietary information.
Effective policies should delineate approved connectivity requirements, prohibiting the uploads and downloads via radio or infrared, while the desktop PC connected and specifying approved methods for the infrared dataTransfers. Users should synchronize precise instructions regarding the requirements for their equipment, patches, fixes and updates to obtain. It is important to clearly define your policies, device-specific build and configuration requirements include: firewall, VPN, encryption, biometrics, authentication and anti-virus software is required.
Physical security requirements should be simple and achievable, but at least should specify that the devices should not be left unattended, if an attachmentComputers, secured with password protection if they do not take into use, and immediately reported the case of loss or theft and against theft, loss or breakage insurance.
Your organization should provide a mechanism to have to administer the policy for hand-held devices, from a central location and establishing a register of all equipment in service. This registry key should be: serial number, configure, make and model, and to whom the instrument was issued. Each device should be part of the organization are identified as such withan asset tag or other permanent identification.
While the handheld devices currently may be a lesser goal than networks, devices or laptops for viruses and hacker attacks, which is not always the case. The applications and functionality that we see on PDAs is now what we suggest on a lap five saw. What we find on a PDA five years now, what we find on laptops today. The increased performance and flexibility in the operating systems will bring greater security threat. The earlierYou get to control the risk, the better.
Last but not least: Do not forget that hand-held devices to PCI requirements and subject!
new computer foryou review labtop computers Best Antivirus Foryou
0 ความคิดเห็น:
Post a Comment