Wireless Security White Paper
6
Moreover, workers are using notebook computers more and more as desktop machines while in
the office, then taking them home at the end of the day to continue working. Because of their
usefulness, companies deploy millions of notebook computers to their employees. Companies
treat the devices as critical resources by defining usage and security policies and by instituting
measures to protect the hardware and the data that the devices hold. For information on Compaq
notebook computers, see
http://www.compaq.com/showroom/notebooks.html
.
Mobile devices such as handheld computers, PDAs, and cellular telephones have traditionally
been used for a subset of the tasks that notebook computers address. However, handheld
computers and PDAs are beginning to be used by workers who are on the road or present in client
offices to access many types of applications in real time. For information on Compaq handheld
devices, see
http://www.compaq.com/showroom/handhelds.html
.
Device security concerns increase significantly where handheld mobile devices are concerned,
because they are often owned and managed by individuals, as opposed to the companies they
work for. Most companies, therefore, do not have in place the usage and security policies
appropriate for such devices. The difficulty in managing individually owned handheld mobile
devices and their rate of propagation causes them to pose a unique security threat.
The following subsections describe security problems specific to mobile access devices, the first
link in the pipe on the client side, and possible solutions to those problems.
Usage in Public
Mobile devices employing a cellular service are used more frequently in public places (hotel
lobbies, airplanes, and the like) than desktop devices, which makes it harder to prevent strangers
from peering over the shoulders of mobile device users. If permitted to observe the user’s
computing activity for any period of time, the curious stranger may be able to read and record (or
remember) sensitive information. This violates the security tenet of privacy.
The exposure to prying eyes that mobile devices incur has no technological solution. The only
way for users to minimize this exposure is to exercise vigilance and common sense. Being
selective in where and when they use their devices and reasonably alert in monitoring their
surroundings are precautions that mobile device users can and should take. The smaller screens of
handheld devices reduce this type of security risk.
Loss and Theft
Mobile access devices are more susceptible to loss and theft than larger stationary devices. If a
device is lost or stolen, unauthorized persons may view confidential information stored on the
device. They may also use the device to gain access to public and private networks in order to
tamper with or steal information. The security tenets of privacy, authentication, and integrity are
all potentially breached in such a situation.
Vulnerability to Hacking
Connecting to the Internet or to corporate networks by radio waves leaves data vulnerable to
hacking because of the open-to-all nature of the transmission medium (air). Minimizing
vulnerability to hackers can be accomplished when both access devices and portals themselves
are protected by their own firewalls. Often firewalls are not installed due to the small storage size
of some handheld access devices, and lack of enforcement of security and usage polices relating
to such devices.