Purdue University proudly presents Doug Couch & Nathan Heck, IT Security Analysts

 Any security devices or software shown during this presentation is for demonstration purposes only. Purdue University does not endorse or support any PDA security device or software solutions at this time.

 BlackBerry Video

 Loss  Biggest threat to PDA’s  In one Chicago cab company in 6 months: ▪ 85,619 mobile phones ▪ 21,460 PDAs/Pocket PCs ▪ 4,425 laptops  80% of all passengers were reunited with phones and 96% with their Pocket PCs/PDAs and laptops  In 2007 about eight million phones were lost  Only about 72% were recovered

 Theft  Next biggest threat to PDAs  Be aware that they are a target  Know how to secure them  Know what to do if they are stolen

 Unauthorized Access  Your device can be under attack at any time  Do: ▪ Enable the built in security ▪ Double check your configuration  Don’t: ▪ Use obvious PIN’s ▪ Write your PIN on your PDA

 Electronic Eavesdropping  “Network sniffing”  Spyware  Wi-Fi hotspot impersonation  Possibly even cellular network vulnerabilities

 Electronic Tracking  Uses either GPS or cellular triangulation  Is available for tracking family or employees  Can be quickly enabled on unattended phones  Some trackers are stealthy  Tracking services may be vulnerable to compromise

 Electronic Tracking

 Spam  Annoying (as always)  Can be costly ▪ SMS spam may be charged per message ▪ spam may include images which take more bandwidth  Can be used for Social Engineering ▪ Can be used to trick users into calling or texting a chargeable number ▪ Used for Phishing to trick users into giving up private info

 Malware  Send mass SMS and MMS messages  Dial premium-rate numbers without your knowledge  Delete or steal your personal information  Disable functions of the phone  Use up the battery much faster than usual  Send infected files to others (via , Wi-Fi, Bluetooth etc.)  Transfer malicious code to a PC during synchronization  30% of cell phone users in the U.S. receive attachments

 Your device  Your personal data  Your business data or trade secrets  Money, due to an increased phone bill from unauthorized calls or data use  Your reputation  Possibly corporate data on servers

 Be Proactive  Configure user authentication and access controls  Apply critical patches and upgrades  Remove or disable unnecessary services or applications  Install additional security software

 Maintain the security of your PDA  Maintain physical control of the device  Reduce exposure of sensitive data  Backup data frequently  Use encryption  Enabling wireless interfaces only when needed  Enable and analyze device log files  Test and apply critical patches in a timely manner  Evaluate device security periodically

 Plan ahead  Use a PDA case  Use a screen protector  Use a surge protector when charging your PDA  Avoid using your PDA near liquids (or in the rain)  Use hands free options while driving  Don’t lend your PDA to someone  Consider device insurance

 Treat a PDA like a credit card:  maintain control at all times and store it securely  Be especially cautious while traveling  Keep a low profile when using your PDA  Record your PDA’s Identifying numbers  Engrave an ID number on it  Remove your data card  Dispose of properly

 Enter your contact information in the owner fields  Set a repeating alarm to go off on a regular interval  Use a security sticker or label  Third party recovery services  IF YOUR PDA IS LOST, YOUR DATA MUST BE ASSUMED TO BE COMPROMISED!

 Enable your built-in security  Configure to lock when inactive  Change any default passwords  Synchronize and backup data frequently  Remove or disable unnecessary services and applications  Don't store data on the SIM card  Use removable storage cards to store data separately

 Password management databases  Intrusion detection  Anti-virus  Anti-spam  Personal firewall  Device content and memory card encryption

 Alternate authentication programs  Remote locking/erasure  Remote tracking  GSM SIM lock  Multimedia Card Security Standard

 Use only secured wireless networks  Verify the SSID  Use a VPN when possible  Disable Wi-Fi ad-hoc mode  Disable Wi-Fi when not in use

 Disable the ‘discover’ mode of your Bluetooth  Always require a password to pair a device with your PDA  Disable Bluetooth when not in use  Keep a list of paired devices  Configure Bluetooth for the lowest power setting

 IR  Disable or block if possible  GPS  Disable when not using, if possible  USB

 VPN Clients  Phone firewall  SSH clients  ActiveSync lock  digital certificates

 Make sure you have the following information:  Serial Number  MAC Address (if Wi-Fi capable)  IMEI for GSM  If stolen, report it to the local law enforcement  Call your cellular provider and report the loss  At Purdue, report the loss to and provide the MAC  Add your PDA's information to the "Stolen Computer Registry"  Disable, lock, track, or erase it remotely  Change your passwords