Security threats to handhelds are minimal today because handheld devices are still not well-understood within hacker circles. But as businesses begin extending their applications to remote handheld users, there's no doubt that your Palm, Pocket PC, BlackBerry, Visor, and the wireless networks they use will become tempting targets.
A few savvy companies, including Fiberlink Communications, Funk Software, and Trust Digital, have anticipated this trend and are launching, this month, solutions to plug security holes.
Two of these solutions are based on Radius, an IETF (Internet Engineering Task Force) Triple A security protocol used within most enterprises for authentication of remote users, authorisation to access network resources, and accounting of who logged on to the network and when. Now, in addition to managing remote access, Radius can manage WLAN (wireless LAN) access as well.
Funk Software is one of the first to take the new wireless security protocol, IEEE 802.1x, and deploy it in a Radius authentication product called Steel-Belted Radius. Up until now, 802.11b WLAN users were logged onto the network before they were authenticated. Thanks to 802.1x, users can be authenticated before they are logged on.
When a user requests access to the corporate network through the WLAN, the 802.1x protocol wraps the log-on request in a packet that the Radius server can understand and then forwards the request to the Radius server.
Funk's Steel-Belted Radius also generates a dynamic key for each session and can force re-authentication after any period of time the network manager specifies. This appears to solve the problem of 802.11b's vulnerability to static WEP (wireless equivalent privacy) keys because it limits the amount of time the bad guys have to decrypt the key.
Fiberlink's solution, which also uses a Radius server, is a very nice remote network authentication and authorization platform that leaves the network undisturbed; that is, no new software must be installed on the corporate network server.
When a remote user dials up, software on the handheld sends the access request to the wireless carrier, which forwards the request to the Fiberlink server. When Fiberlink acquires the user ID and password from the handheld, it knocks on the door of the corporate network and asks for permission to let the user in.
Finally, Trust Digital announced at Comdex an enterprise-level tool that allows IT departments to monitor and control PDA (personal digital assistant) access to the network. The software, which includes PDASecure Policy Editor on the server and PDASecure Enterprise on the handheld, can be used to push down access rights, or take them away, either over a wireless connection or when the PDA user synchronizes from a desktop.