Security Basics mailing list archives
RE: PDA's/Blackberrys: risk to networksL
From: "Beauford, Jason" <jbeauford () EightInOnePet com>
Date: Fri, 20 Oct 2006 11:20:09 -0400
Chinnery, Paul wrote:
Some of our directors are bringing in PDA's like Palms and using them to sync up with their email. Since virus writers and mailicious hackers are targeting these devices, we are wondering what the security impact is on networks Can viruses be transmitted easily between PDA and the network machine they connect to? Could a key logger prg or other malicious prg be easily transferred? We're a small, rural hospital and although I keep pretty current on security issues I haven't see much on this forum or other security related forums which is why I am asking the group for their opinions. BTW, we're a W2K shop with W2K Pro and XP sp2 computers using Exchange2K and SQL. Paul Chinnery Network Administrator Memorial Medical Center
In my opinion, any device not issued and controlled by the Network Admin is a risk. Especially in a Medical Center where HIPPA standards need to be enforced, no one should be bringing in their own peripherals from home. Viruses (again, in my opinion) are the least of your worries. Unencrypted patient data leaving the hospital on some Director's PDA is the problem. What happens if that Director loses his/her PDA? Is that data encrypted or secure? If not, how can you protect your patients confidentiality? The answer is simple, you cannot. Therefore, if there is an immediate need by these Directors to have access to email or patient data at all times, then try making more options available using secure methods. If they absolutely need PDA's, issue them yourself and make sure that the data is encrypted on the device at all times. Make the data available using VPN technologies. From what I've read, SSL VPN's have been a big hit with in the medical arena. If you can make the data available to your users in a controllable and secure environment, you will be able to avoid having to deal with people bringing in their own devices. Keep in mind that, in addition to making the data available, you might want to lock down your environment a little more to prevent any unauthorized devices on your network. By removing Admin or Power Users permissions you can effectively lock out your users from installing applications and drivers often required by PDA's. If you need to lock down CDROMS, Floppy drives or USB you can accomplish this easily using Group Policy. Good Luck to you. Kind Regards, JMB --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- PDA's/Blackberrys: risk to networksL Chinnery, Paul (Oct 19)
- Re: PDA's/Blackberrys: risk to networksL Frynge Customer Support (Oct 20)
- Re: PDA's/Blackberrys: risk to networksL Nick Owen (Oct 20)
- RE: PDA's/Blackberrys: risk to networksL Murda Mcloud (Oct 24)
- <Possible follow-ups>
- Re: PDA's/Blackberrys: risk to networksL flur (Oct 20)
- RE: PDA's/Blackberrys: risk to networksL Beauford, Jason (Oct 20)
- RE: PDA's/Blackberrys: risk to networksL Chinnery, Paul (Oct 23)