Technology Positioning Statement Report

4.2.6 Hand-held Computer Security Technologies

Description: Portable computer physical and data security hardware and software technologies, including software, sensors and locking devices.

Category: 4 - Client Platforms   Subcategory: 2 - Hand-held Client Platforms
Old Category: none

Vision

RetirementContainmentCurrentTacticalStrategic
     

Standards

Industry UsageSC Usage
IEEE 802.1x
 
 

Performance Metrics

Security (access control, data loss prevention, physical loss prevention, virus protection); ease of use; cost; ease of maintenance.


Usage and Dependencies

Industry Usage:

The rapid adoption by knowledge workers of remote access and wireless portable devices presents a new level of security and cost risk. These devices have weak or no security, and the physical asset is often owned by the end-user, although their electronic contents belong to the organization. This constitutes a new vulnerability and a complex issue that is beginning to be addressed either technology vendors. Increasing use of portable devices will require extensions of existing computer risk assessments and security policies of many user organizations.

Notebook/laptop security can be implemented in several levels: a) physical security. This means, for example, a cable with the Kensington standard connector locked to the computer when the unit is on a table or chair. A simple $20 device like this can be sufficient in many cases to protect the machine as well as its data. b) system security. This provides password-protected lockout of intruders; it is a feature available in NT and Windows 2000 on notebook computers. c) file-based security. If a disk drive is partitioned in NTFS, file-level security is provided, so that any directory or file can be encrypted. The login password is then required to read the file. d) Antivirus security. Symantec Corp., for example, released an AntiVirus engine for the Palm OS, and is exploring on-device virus scanners for Microsoft Windows CE and Pocket PC, Symbian and NTT DoCoMo i-mode operating systems.

SC Usage: SC provides notebook, Blackberry and Palm devices to some users. Security features for each device need to be addressed. In general, portable computer security should be defined in government and DoE policy. In lieu of detailed policies and advanced technology (such as biometric authentication), users should follow simple practices of locking down, logging out, and using good passwords. AntiVirus protection should be installed and maintained on a weekly basis on all devices.

SC Application Impacts: The Flexiplace initiative, and perhaps many other applications, will require operation using notebook platforms. Data security for notebook platforms must be accommodated, whether the system is connected to the Internet via modem or wireless, or disconnected.

Last Update: Valid Until:
3/27/20029/27/2002

References

"Getting a Handle on Security", Federal Computer Week, Jan. 21, 2002.


List all Categories

Administer the Database