By William Jackson
The use of increasingly powerful cell phones and other portable devices
as business tools can open an enterprise to a new class of cyber
threats, and the National Institute of Standards and Technology has
released guidelines for mitigating these risks.
Special Publication 800-124 , titled "Guidelines on Cell Phone and
PDA Security" is an overview of common cell phone and personal digital
assistant devices, their associated risks and guidelines for mitigating
the risks. The guidelines are not mandatory standards, but are
recommendations intended to help users and administrators make informed
information technology security decisions on their use.
"Cell phones and Personal Digital Assistants (PDAs) have become
indispensable tools for today's highly mobile workforce," the
publication says. They are being used not only for voice calls, text
messages, and managing personal information, but also for many functions
that are typically done on a desktop laptop computer, including .sending
and receiving electronic mail, browsing the Web, storing and modifying
documents, delivering presentations, and remotely accessing data..
The devices also can contain specialized features such as cameras, a
Global Positioning System, and small removable-media card slots, and
employ a range of wireless interfaces that include infrared, Wi-Fi,
Bluetooth, as well as multiple cellular interfaces. Through these
features, the devices are increasingly subject to many of the threats
common to desktop systems as well as others. The threats include loss or
theft; malware infection through tainted storage media or wireless
connections; text and voice spam as well as the e-mail variety, which
can be used for phishing as well as resulting in charges for inbound
messages; electronic eavesdropping through a variety of channels;
location tracking; theft of service through cloning; and exposure of
sensitive data at the server.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!