Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Securing Moving Targets

by Caroline Ikomi - CISSP, Technical Manager at Check Point - Monday, 25 February 2008.

Key concerns for handheld security include a rigorous audit of all the devices being used within the enterprise, and then a single encryption solution to cover as many of the platforms as possible. If the handheld device is not authorised, the default approach should be to not allow connection to the corporate network or storage of sensitive data. And as with full disk encryption on laptops, the solution chosen should encrypt data automatically with no user intervention, giving ease of use with control and enforceability. In terms of encryption strength for handheld devices, this is typically not as strong as for a fully specified laptop, but look for 128-bit AES for data stored on the devices as a minimum.

However, this is only the first part of the security picture. Full-disk encryption is not a magical shield against all types of security threat to portable devices. While it will protect data on the hard drive from compromise if the device is stolen or lost, the hard drive is only one storage medium in use on a typical laptop. This brings us to the second area for endpoint security: the management and control of data leakage.

Data leakage: audit and control of removable media

Endpoint security should ensure that the organisation is able to avoid data leaks onto peripheral devices such as USB drives and portable storage media – such as mp3 players and digital cameras. The starting point for protection against leaks via these USB devices is to include them in the business acceptable usage policy (AUP) and to educate users on the importance of following policy – which will include the business risks of breaching policies.

However, policies alone are not enough. How should they be backed up and enforced? This is the role of port control solutions, which can automatically block a USB device that does not comply with the corporate security policy or prevent the transfer of certain files or file types. An example of a corporate security policy could include allowing encrypted USB devices – but not an iPod or mobile phone – from an authorised user. Again the ability to manage the security policy centrally will be a key requirement to the Security Department as in a large environment it would not be unusual to have 1000s of USB devices. Once the data is encrypted on an authorised device it must be accessible to the organisation if required through central administration of the system.