1. Purdue University proudly presents www.purdue.edu/securepurdue Doug Couch & Nathan Heck, IT Security Analysts

2. www.purdue.edu/securepurdue  Any security devices or software shown during this presentation is for demonstration purposes only. Purdue University does not endorse or support any PDA security device or software solutions at this time.

3. www.purdue.edu/securepurdue

4.  BlackBerry Video

5. www.purdue.edu/securepurdue  Loss  Biggest threat to PDA’s  In one Chicago cab company in 6 months: ▪ 85,619 mobile phones ▪ 21,460 PDAs/Pocket PCs ▪ 4,425 laptops  80% of all passengers were reunited with phones and 96% with their Pocket PCs/PDAs and laptops  In 2007 about eight million phones were lost  Only about 72% were recovered

6. www.purdue.edu/securepurdue www.gizmag.com

7. www.purdue.edu/securepurdue  Theft  Next biggest threat to PDAs  Be aware that they are a target  Know how to secure them  Know what to do if they are stolen

8. www.purdue.edu/securepurdue  Unauthorized Access  Your device can be under attack at any time  Do: ▪ Enable the built in security ▪ Double check your configuration  Don’t: ▪ Use obvious PIN’s ▪ Write your PIN on your PDA

9. www.purdue.edu/securepurdue  Electronic Eavesdropping  “Network sniffing”  Spyware  Wi-Fi hotspot impersonation  Possibly even cellular network vulnerabilities

10. www.purdue.edu/securepurdue  Electronic Tracking  Uses either GPS or cellular triangulation  Is available for tracking family or employees  Can be quickly enabled on unattended phones  Some trackers are stealthy  Tracking services may be vulnerable to compromise

11. www.purdue.edu/securepurdue  Electronic Tracking

12. www.purdue.edu/securepurdue  Spam  Annoying (as always)  Can be costly ▪ SMS spam may be charged per message ▪ Email spam may include images which take more bandwidth  Can be used for Social Engineering ▪ Can be used to trick users into calling or texting a chargeable number ▪ Used for Phishing to trick users into giving up private info

13. www.purdue.edu/securepurdue  Malware  Send mass SMS and MMS messages  Dial premium-rate numbers without your knowledge  Delete or steal your personal information  Disable functions of the phone  Use up the battery much faster than usual  Send infected files to others (via email, Wi-Fi, Bluetooth etc.)  Transfer malicious code to a PC during synchronization  30% of cell phone users in the U.S. receive e-mail attachments

14. www.purdue.edu/securepurdue  Your device  Your personal data  Your business data or trade secrets  Money, due to an increased phone bill from unauthorized calls or data use  Your reputation  Possibly corporate data on servers

15. www.purdue.edu/securepurdue  Be Proactive  Configure user authentication and access controls  Apply critical patches and upgrades  Remove or disable unnecessary services or applications  Install additional security software

16. www.purdue.edu/securepurdue  Maintain the security of your PDA  Maintain physical control of the device  Reduce exposure of sensitive data  Backup data frequently  Use encryption  Enabling wireless interfaces only when needed  Enable and analyze device log files  Test and apply critical patches in a timely manner  Evaluate device security periodically

17. www.purdue.edu/securepurdue  Plan ahead  Use a PDA case  Use a screen protector  Use a surge protector when charging your PDA  Avoid using your PDA near liquids (or in the rain)  Use hands free options while driving  Don’t lend your PDA to someone  Consider device insurance

18. www.purdue.edu/securepurdue

19.  Treat a PDA like a credit card:  maintain control at all times and store it securely  Be especially cautious while traveling  Keep a low profile when using your PDA  Record your PDA’s Identifying numbers  Engrave an ID number on it  Remove your data card  Dispose of properly

20. www.purdue.edu/securepurdue

22.  Enter your contact information in the owner fields  Set a repeating alarm to go off on a regular interval  Use a security sticker or label  Third party recovery services  IF YOUR PDA IS LOST, YOUR DATA MUST BE ASSUMED TO BE COMPROMISED!

23. www.purdue.edu/securepurdue

24.  Enable your built-in security  Configure to lock when inactive  Change any default passwords  Synchronize and backup data frequently  Remove or disable unnecessary services and applications  Don't store data on the SIM card  Use removable storage cards to store data separately

25. www.purdue.edu/securepurdue  Password management databases  Intrusion detection  Anti-virus  Anti-spam  Personal firewall  Device content and memory card encryption

26. www.purdue.edu/securepurdue  Alternate authentication programs  Remote locking/erasure  Remote tracking  GSM SIM lock  Multimedia Card Security Standard

27. www.purdue.edu/securepurdue

29.  Use only secured wireless networks  Verify the SSID  Use a VPN when possible  Disable Wi-Fi ad-hoc mode  Disable Wi-Fi when not in use

30. www.purdue.edu/securepurdue  Disable the ‘discover’ mode of your Bluetooth  Always require a password to pair a device with your PDA  Disable Bluetooth when not in use  Keep a list of paired devices  Configure Bluetooth for the lowest power setting

31. www.purdue.edu/securepurdue  IR  Disable or block if possible  GPS  Disable when not using, if possible  USB

32. www.purdue.edu/securepurdue  VPN Clients  Phone firewall  SSH clients  ActiveSync lock  Email digital certificates

33. www.purdue.edu/securepurdue  Make sure you have the following information:  Serial Number  MAC Address (if Wi-Fi capable)  IMEI for GSM  If stolen, report it to the local law enforcement  Call your cellular provider and report the loss  At Purdue, report the loss to abuse@purdue.edu and provide the MAC addressabuse@purdue.edu  Add your PDA's information to the "Stolen Computer Registry" - www.stolencomputers.org www.stolencomputers.org  Disable, lock, track, or erase it remotely  Change your passwords

34. www.purdue.edu/securepurdue