S 4.231 Use of additional security tools for PDAs

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User, Administrator

A number of additional tools that can improve the security of PDAs are available. These offer additional security functions, such as

encryption of the file system and memory card content or of individual files or databases,
improved authentication e.g. through simpler or more secure authentication procedures,
protection of the connection to other components, e.g. through encryption of communications or through the generation of one-time passwords for logging on over external IT systems,
virus protection and
prevention of unauthorised access to the device.

By such means the security of PDAs can be raised to a certain extent. However, this requires that the users be fully familiar with the additional security mechanisms. They should be informed not only about their benefits and weaknesses but also about how to use them. Generally, it should be clear to all the users that it is virtually impossible to implement a reliably secure application on an insecure platform with weak security mechanisms. For many of the PDA security products, warning messages advising of security gaps have already been published. Only some of the security problems relating to the use of PDAs with the available additional security software for PDAs have been rectified.

Nevertheless, checks should be carried out as to the extent to which such tools would be sensible for the intended use of the PDAs because they do help to reduce the potential threat. The use of such tools is particularly advisable if PDAs are to be used as security tokens or to store sensitive data. Thus, for example, tools that improve access protection, encrypt certain files or the entire system and permit central administration are available.

Review questions:

Has it been checked whether the use of additional security tools for PDAs is sensible?
Are the users trained on how to handle the additional security tools?