| |
| |
Optional Security Solutions
Security for Your Tablet PC
Thinking About Security
Areas of Vulnerability
|
When assessing an organization’s or platform’s risk, there are four areas of vulnerability. These areas are access control, application and data protection, client hardware protection, and network protection. Security mechanisms are the techniques and technologies that can be deployed within each area to achieve the security policy objectives. The security polices will dictate the level of protection and security mechanisms implemented within each area.
Access control is the process by which users are identified and granted privileges to information, systems or resources. Controlling how privileges are granted and how resources are accessed is critical to protecting private and confidential information from unauthorized users. Access control technologies properly identify people and verify their identity through an authentication process so they can be held accountable for their actions. The access control system should record and timestamp all communications and transactions so that they can be audited for security breaches and misuse.
There are two general types of access control, discretionary and mandatory. Discretionary access control allows the owner of the information or resource to decide how to manage it. They determine read and write privileges, and if the requestor can execute a particular file or service. Mandatory access control systems do not allow the creator of the information to determine who can access it or modify data. System administrators predetermine who can access and modify data, systems, and resources. Mandatory access control systems are commonly used in high security environments or where government regulations require privacy protection of data (e.g. HIPAA requirements regarding electronic medical records).
Some of the mechanisms available to address access control include unique user names and passwords, smart cards, TPMs and digital certificates.
Application and data protection involves addressing security concerns associated with the operating system, the application programs and the data. The goal is to enable better application and data availability, reduce exposure to data loss and to maintain integrity of the applications and data.
Some of the mechanisms available to address these vulnerabilities include solid system and application configuration and patch management schemes, anti-virus, anti-spam, and antispyware applications, data encryption and signing and application hashing techniques.
Platform protection is primarily focused on addressing physical attacks on the client hardware. The threats include hardware theft, tampering, or destruction, and data disclosure, tampering or destruction. Some of the threats can be as simple as illicit copying of files from an unattended tablet PC. This is very dangerous because the loss of data can go completely unnoticed.
Some of the mechanisms available to address these vulnerabilities include never leaving the tablet PC unattended or in an operational mode when it’s not being used, or using a cable lock or software-based tracking/recovery application to protect the hardware when it is left alone.
Network-based protection is implemented to address both "attacks attempted across a network" as well as "attacks against the networking protocols”. Network-based attacks attempt to compromise a system through flaws in the internet protocol standard. These attacks are typically used to gain access to systems, applications and data. These attacks can also be used to cause a “denial of service” failure that would prevent users for accessing network resources. The network attack is usually the entry point for the next level of attack on the client and/or network.
Some of the mechanisms available to address these vulnerabilities include identifying and authenticating users, programs and systems, as well as restricting and monitoring activities to those whom have been authorized. Encryption and other methods should be utilized to provide confidentiality and integrity protection for data transmitted over the networks.
|
|
| |