PDA Security: Incorporating Handhelds into the Enterprise

Because of their small, portable nature, PDAs present a unique security dilemma. This is the essential reference for PSA technicians and IT professionals who need to understand and solve this challenge. Written by a security expert, the book explores PDA security issues and details what must be done to establish privacy in the hand-held medium. It: covers the vast variety of devices available, including Palm, PocketPC, and RIM devices; includes foreword by Rebecca Bace, internationally recognized intrusion detection and network security specialist; includes a case study guide - "PDA Defense - Palm's Choice for Enterprise"; explains why handheld security is largely about OS (Operating Systems); explores hacking problems; answers the questions - when does a handheld become an IT problem and what is a measured IT response?

Table of Contents:
FOREWORD ACKNOWLEDGMENTS INTRODUCTION SECTION ONE: INTRODUCTION TO PDA SECURITY IN THE ENTERPRISE Incorporating Handhelds into the Enterprise PDAs in the Enterprise The Power Resource Guide to Understanding Where Security Must be Achieved SECTION TWO: HANDHELDS IN THE ENTERPRISE When a Handheld Becomes Information Technology's Problem The Components of a Measured IT Response The How-To Guide SECTION THREE: THE TECHNOLOGY OF PDA SECURITY: CRYPTOGRAPHY, PASSWORDS, HACKING, AND MORE Understanding Handheld Security is Largely About the Operating System Hacking Threats and Mitigations SECTION FOUR: GRADUATION Handhelds Where Does Device Security Go from Here? INDEX

About the Author :
David Melnick currently holds the position of President of PDA Defense, the leading Enterprise PDA Security offering. Prior to PDA Defense, David helped to pioneer Internet-based financial transactional systems and security from the mid-'90s publishing multiple books on the execution of electronic commerce systems. As early as 1996, David was the focus of case studies in the area of Internet-based Electronic Commerce (Microsoft's Merchant Server Book -- Ventana, 1996). And, by 1997 David had taken the lead author role in the first book published on Microsoft's Active Server Pages (QUE/Macmillan Publishing, 1997). From the beginning of the 1990s David has worked to leverage technology and manage risk within the Financial Services industry starting with his work for one of the largest credit card processors. At GE's Credit Card companies, David worked with GE Corporate R&D to implement the first commercial application of Neural Network technology for risk management socring within the company, as well as later operationally working in both Fraud management and Risk Scoring Development groups. After GE, David's financial services work continued with the architecting of payment gateways currently in use by Bank of America and Wells Fargo Bank. In the credit card processing area, David worked closely with Visa and Bank of America to pilot early tests with Smart Cards and emerging security standards such as SET 0.0 for taking transactions over the Internet. Through a combination of published work, speaking engagements, and professional organization involvement. David has established a reputation fore leadership in the technology-intensive security and risk management areas, includingn a specialization in the area of financial services. Mark Dinman has over 17 years of experience in software systems development and IT project/program management. Mark joined Asynchrony Software when it launched in 2000 and served as the product manager of PDA Defense since its inception. Prior to joining Asynchrony, Mark spent 15 years with EDS in various roles serving a wide variety of clients and industries. His last assignment with EDS was as a Program Manager responsible for a global team developing and supporting a Material Management System for General Motors. Mark earned his master's degree in business administration from Washington University's John M. Olin School of Business and his BA magna cum laude from Brown University. He is also a certified Project Management Professional by the Project Management Institute (PMI) and currently serves as the President for the St. Louis PMI Chapter. Mark lives in Chesterfield, Missouri. Bob Elfanbaum is the Co-Founder and President of Asynchrony Solutions, Inc., a software technology firm with products and services focused on security, collaboration, and systems integration, including PDA Defense Enterprise, a leading security solution for handheld devices. Since its inception in 1998, Bob has led the company to significant relationships with Fortune 1000 and federal government clients including the U.S. Department of Defense, Boeing, and McKesson Information Solutions. Prior to founding Asynchrony, Bob was Chief Financial Officer of Virbac Corporation (NASDAQ: VBAC), a public animal health company, managing both the company's systems and financial organization. Bob is a CPA who also spent two years running the internal audit division of a Fortune 500 company, as well as eight years in the audit group of Price-WaterhouseCoopers. He earned his Bachelors degree, cum laude, with a major in accounting from Indiana University, Bloomington.

Review :
By Tony Bradley This book provides a wealth of information for network and security administrators struggling to address the security risks posed by PDA's within their networks. It stands out as pretty much the only book addressing the security concerns of these convenient and valuable tools. The book opens with a fairly comprehensive overview of PDA technology and the security features available. It then moves on to talk about other ways to secure the PDA such as encryption. Most importantly though, the book provides a wide range strategies and advice to help managers deploy and manage PDA's in their networks securely. As the subtitle "Incorporating Handhelds Into The Enterprise" implies, the book is aimed at network and security administrators and not at the actual PDA users per se. The book serves as a great tool to help administrators begin to tackle the new security issues created by PDA's and to develop and implement structured policies to control PDA security in the enterprise. PDA's are pretty much here to stay. I recommend that any network or security administrator with users using PDA's take a look at this book to get a grip on securing them. NetSecurityAbout.com 20040901 Most security managers wouldn't dream of leaving file servers or laptops filled with proprietary information unprotected. But the protection could be for naught if the same data is transferred to a personal digital assistant (PDA), which often is overlooked when security is considered. PDA Security: Incorporating Handhelds into the Enterprise trumpets the importance of PDA security and guides system administrators through protective measures. When PDAs first appeared commercially, their capabilities were limited and their risks minimal. Today's PDAs have scores of megabytes of memory and well-developed networking capabilities, making them as important to protect as PCs and laptops. PDA Security is valuable for corporate system administrators who need a PDA-protection architecture for their organizations. The book provides tactics on how to deploy, manage, and secure PDAs in the workplace. Section one of the book offers a comprehensive introduction to PDA technology and security, with sections two and three exploring security mechanisms and strategies such as cryptography in greater detail. The book is not designed for end users; its information is far too technical for the casual PDA user. But administrators who must support and secure many PDAs will find a good resource here. [Reviewer] Ben Rothke, CISSP (certified information systems security professional), is a New York City-based senior security consultant with ThruPoint, Inc. He is a member of ASIS International. Security Management 20040202