Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Security /

PalmPilots - Can you get security in the palm of your hand?

Jim Reavis
Network World on Security, 09/01/99

If you are one of those people who has a large part of your life recorded on your PalmPilot personal digital assistant (PDA), you probably have at some point been in cardiac arrest when you misplaced it. You know that your life's important details are available to the PDA's finder. These wonderful gadgets are getting easier and easier to use, and a vibrant developer community is creating more and more software applications to convert standard LAN data files into miniature PalmPilot versions. Consequently, we are rapidly seeing PalmPilots fill up with valuable corporate data "to go." If you have a PalmPilot or are managing a network that is sending data to these wonderful little devices, you need to make sure that your PDA is secured PDQ!

The primary issues surrounding PalmPilot security are the ability to lock out unauthorized users and the ability to encrypt data files stored within the device. There are also technological developments that aim to use a PalmPilot proactively to solve security problems, such as strong authentication into a corporate network.

How secure is a PalmPilot out of the box? Not secure at all is the most accurate answer. There is a security option to lock your PalmPilot with password protection but it is not possible to make this a default-operating mode for your PDA. Instead, you must manually select the locking option from the security program before it automatically powers off or it will be unprotected. Consequently, most PalmPilots are not normally locked down.

Also, if someone gains unauthorized access to a PalmPilot, there are no inherent encryption capabilities to protect individual files, although you can use a password to hide records marked as private. Perhaps worst of all, passwords are not masked upon entry, allowing people to easily snag your password over your shoulder. In order to add satisfactory security to your PalmPilot, you must search out third-party software to add the necessary components.

A major appeal of a PDA is its simplicity. Ideally, you want to add security in a way that does not add any additional steps for the user to remember. An example of this type of software is TealLock, which allows you to automatically password-lock your PDA upon power off. TealLock also masks password entry to prevent someone else from seeing the password.

Another nice utility is ReadThis!, which allows you to encrypt text on your PalmPilot.

Some people have begun to store a lot of sensitive personal information on their PalmPilots, including credit card numbers, banking PINs and mainframe passwords. Applications have been developed to store this data in encrypted format. One such application is TopSecret, which uses 128-bit encryption to store the sensitive data and has a companion desktop application to synchronize this data.

Some security vendors are sitting up and taking notice of the PalmPilot's popularity and are finding ways to develop security applications for it. In many cases, IT security managers have had a difficult time gaining user acceptance for dedicated smart cards for authentication. Security Dynamics has ported its SecurID token software to the PalmPilot, which lets users consolidate their devices and use their PDAs to provide personal authentication. The idea is that although users may dislike a single-purpose smart card, forget it or find ways around it, they will keep their trusty PDA by their side.

SecurePilot is another project to develop standard token emulators. Great places to find these and many other security applications for the PalmPilot are the PilotZone and PalmGear Web sites.

The PalmPilot is a well-conceived, functional device enhanced by an open-development architecture. These are the elements necessary to ensure that these PDAs will be used for the good, bad and ugly of information security. You probably can't ban them from your network but you can take steps to keep your data out of the palm of the bad guy's hand.

RELATED LINKS

Jim Reavis, the founder of SecurityPortal.com, is an analyst with over 10 years' experience consulting with Fortune 500 organizations on networking and security-related technology projects. SecurityPortal.com is a Web site dedicated to providing IT professionals with comprehensive information about network security issues. Jim can be reached at jreavis@securityportal.com.

The PilotZone Security Tools section

Palm Gear

TopSecret

TealLock

Tools make the Pilot
Network World, 03/08/99

Archive of Network World on Security newsletters

Network World Security Alert will keep you up to date on the latest security holes and patches, with daily updates from key vendors, security organizations and Network World reporters. See the latest dispatches from the security here.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.