Improve Your Device Security

[ben2ong2]

Improve Your Device Security
by Tyson Greer
   
   

It's 10:00 o'clock. Do you know where your mobile device is?

One of a network administrator's biggest fears is a lost or stolen device. And for good reason. Hacking has gone hard-core. The motivations for digital "break & enter" have morphed from youthful curiosity to organized crime.

Think about the invaluable customer and corporate data and access credentials you have on your deviceâ€"and I'm not even going to mention 1 and 2 Gb storage cards without any type of password protection.

I've always felt compassion for the network administrators who shoulder the job of balancing industrial-strength network security with mobile users' demands for convenience. None of my mobile-packing pals wants to take the time to enter a 10-digit pin number just to answer a call.

But they can be on the hook for violations of HIPAA, Gramm-Leach-Bliley, California Assembly Bill 1950, the European Union's Privacy Directiveâ€"to name a fewâ€"if customer data leaked from their mobile device.

This double-edge sword of data-anywhere will get a little easier to handle with the Microsoft Messaging & Security Feature Pack for Windows Mobile 5.0. The Feature Pack, affectionately called MSFP, is an extension to the Windows Mobile 5.0 operating system. It is targeted to businesses who update Exchange Server 2003 to SP2. Both updates will be available to organizations and device manufacturers in the second half of 2005. In this article, I'll highlight five of the new security features. Next month, I'll explain what direct e-mail push means to your organization.
   
   
Security Strategy
   
   

I spoke with Samir Kumar and Weihun Liew, two of Microsoft's Windows Mobile product managers. They said that MSFP is an initial release to help organizations who want to extend their messaging security model to include smart mobile devices.

Extending the existing security model means organizations won't have to create and maintain a parallel security infrastructure dedicated to mobile devices.

The Windows Mobile powered device security strategy has been to build in support for messaging security standardsâ€"such as 128-bit encryption, NTLM authentication, and SSL (Secure Socket Layer). These are the same standards that apply to desktop e-mail communications, plus WiFi security standards. MSFP adds more of the standards powered security features that customers want. It gives network administrators new tools to enforce corporate security policies and to take preventive and remedial action.
   
      
   
Related Links
   
   

    * Helping Customers Secure Messaging and Collaboration Infrastructure
    * Defining a Security Policy for Windows Mobile Pocket PCs by Microsoft MVP Darryl Burling
    * Exchange Server 2003 Service Pack 2 is coming

   
   
More Business Articles
   
   

    * Choosing Your Next Windows Mobile Device
    * Windows Mobile in the Classroom
    * Say Ah! to Windows Mobile

   
   
See all articles
   
   

    *
      Certificate powered Authentication: With MSFP, you don't need to store logon credentials on your Windows 5.0 mobile device. "That's a fancy way of saying, ‘more secure way to access Exchange,' said Kumar.

   
   
Muscle Power for Network Administrators
   
   
   
   

    *
      Policy enforcement: A security policy is only as strong as the means to enforce it. Today, network administrators need to find a third-party product to enforce security policies on a Windows Mobile powered device. With MSFP, network administrators will be able to set and change policies from their Exchange Server 2003 SP2 console. They'll be able to distribute them over the air to mobile devices.

      "Administrators will have more flexibility," said Liew. "For example, they can set which policies are recommended, which policies are mandatory, and which users are exempt. They can refresh policies every two hours. There's a theme here, of how we're enabling IT to do more." The initial release is focusing on "passive security," such as enforcing password length and strength and time-out periods.
    *
      Local wipe: With the Messaging and Security Feature Pack, network administrators can enforce policies that lock the device after a number of incorrect attempts to guess a password.
    *
      Remote wipe: For higher level protection, network administrators would have the capability to issue a remote "kill bits" order to wipe data and credentials from a device reported lost or stolen. Because Windows Mobile 5.0 works well with Exchange 2003 SP2 and Active Directory, even if you lost your device, you could still use your digital credentials elsewhere. Your smart card would work for building access or network computing resources.

   
   
Later this year or early in 2006, mobile device makers will begin offering upgrades to existing Windows Mobile 5.0 devices or releasing new ones with MSFP installed. In the meantime, please be careful where you leave your mobile device!