Making PDAs More Secure

[William Knowles <wk () C4I ORG>]

http://www.networkmagazine.com/article/IWK20001212S0004

By InformationWeek
December 12, 2000

SANTA CLARA, Calif. -- Sensitive company information on unencrypted
mobile and wireless devices has been a nightmare for IT managers
wondering who would get access if the device were lost or stolen. At
the PalmSource conference Tuesday, Jawz Inc. introduced its DataGator
application as a means of encrypting all the data on a Palm OS
personal digital assistant, requiring a user to log in with a password
every time the device is turned on. DataGator comes in three versions
for the handheld device:

- Standard, which encrypts the four most-used Palm apps (address book,
  datebook, to-do list, and memo)

- Professional, which also will encrypt third-party apps

- Enterprise, which can be customized for individual security needs

Password management is made simpler, as there simply is none. If users
lose their passwords, unless their IT department has made specific
allowances for lost passwords in their configuration, the information
is lost as well. "It's a little heartless, but that's the way to go,"
says Bob Raymond, product manager for Jawz. "Our default is to be the
most secure possible. That means there is no backdoor for a hacker."

Security for handheld devices must be dealt with completely before
important business applications, and financial applications, are put
on such a device, says one attendee of the PalmSource show. "Security
is going to be very big," says Niclas Areskog, a consultant and
programmer for Nocom Integration AB in Sweden, who develops banking
apps in Sweden and the United States. "As Palm does more services like
banking, you have to have a solid security foundation."

DataGator uses either 448-bit Blowfish or 168-bit triple DES
encryption algorithms and operates on any device using the Palm OS,
including Handspring Visor, IBM WorkPad PC Companions, Qualcomm pdQ
smart phone, and Symbol SPT 1700 and 1740. DataGator is a 170-Kbps
download at the Jawz site. The standard edition is $39.95, the pro
edition is $49.95, and the enterprise edition varies, depending on
requirements.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".