S 4.229 Secure operation of PDAs

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User, Administrator

The sensible use of PDAs generally requires that they are coupled to other IT systems, for example, to the owner's workstation. The installation and configuration of the hardware and software necessary for this should be controlled and implemented centrally. No items should be installed without proper testing and release.

Stipulations regarding the security mechanisms and settings on the PDAs used are necessary. These must be documented in an easy-to-understand PDA security policy, as the correct use of PDAs lies very much in the hands of the users. Alteration of the configuration settings must therefore be explicitly forbidden. In addition, the users must be made aware of the intention and purpose of the chosen settings. As far as is technically feasible, security mechanisms should be chosen and configured in such a way that the users have as little freedom as possible to alter them.

PDAs are not designed for more than one person to work on them. As a result there are generally no sophisticated mechanisms for role separation. In particular, this means that there are no areas which only administrators can access. Thus, users cannot be prevented from making security-relevant configuration changes. This can only be achieved through appropriate rules and security awareness training of the users. Moreover, it is helpful to check the settings at regular intervals and/or to reset them to the default settings during synchronisation, using administration tools.

The security of all end devices used for synchronisation with the PDA is essentially the same as for the PDAs themselves. If data or programs are manipulated on the end devices, then these could penetrate the PDA undetected.

Data or programs that are to be installed on the PDA can be stored in special directories on the user's PC, so that during the next synchronisation operation they are automatically transferred to the PDA. Access to these directories should be restricted as far as possible. Moreover, the users should review these directories regularly to check whether they contain any unrecognised files. The synchronisation software should be configured in such a way that a user query is performed before installing programs. The synchronisation procedure should not be left unattended, since even the information of which files are transferred in each case could contain critical information.

It goes without saying that during the installation of applications the usual procedures should be followed, i.e. an ordered test and release procedure should be followed.

Synchronisation should be logged. On virtually all PDAs, it is possible to configure this. The synchronisation logs should then at least be skimmed at regular intervals in order to determine whether unauthorised synchronisations have been performed.

The security policy should specify which data and programs may be stored on the PDAs. Other security safeguards depend on this. For example, a PDA used solely to hold appointments and addresses will have a lower protection requirement than a PDA on which cryptographic keys and access parameters for other IT systems and networks are stored.

The first viruses and Trojan horses specifically targeted at PDAs have already been made public. Although they may not have caused widespread damage, their existence indicates that preventive measures are necessary. Most manufacturers of virus protection programs nowadays include PDA virus scanners in their product ranges. In this connection, virus protection on the part of the PCs used for synchronisation should not be overlooked. These machines must also be fitted with up-to-date anti-virus software. This should go without saying in the office. However, private PCs with which PDAs are synchronised must not be overlooked either.

If any internet services are to be used from PDAs, a web browser should be installed as well as an e-mail client. This should be equipped with SSL or TSL, so that encrypted connections can be established, for access to the company/agency's internal server, for example. Some browsers available for PDAs also support active content, i.e. Java, ActiveX and/or JavaScript. However, as with other IT systems, it must be noted here that, depending on the nature of these programs, their execution may carry a security risk. Hence, active content in the web browser should normally be disabled and only be activated if it comes from a trusted source, e.g. from the web pages of a known provider.

Even if web browsers are available for virtually all PDAs, the use of WAP browsers may be the better alternative, since often the same information can be offered over WAP in a more compact form and with less graphic content. The same applies to notebooks and even to stationary PCs if the bandwidth available on the internet connection is not as good as one might wish. WAP browsers should have Wireless Transport Layer Security (WTLS). WTLS offers the possibility of checks of data integrity, listening protection and authentication of server and client using encryption, and can also protect against denial-of-service attacks. WTLS is based on the industry standard TLS, which is an enhanced version of the SSL protocol.

As small and mobile devices frequently get lost, a register of the devices used must be kept in the organisation. The registers should contain the following information as a minimum: identification features such as equipment IDs or inventory numbers, type of device, operating system, installation date, configuration peculiarities, place of installation (in the case of fixed devices), user and administrator.

Review questions:

© Federal Office for Information Security. All rights reserved.