HP IPAQ HX2700 POCKET PC - IPAQ SECURITY SOLUTIONS, hp ppc hx2xxxx Instrukcje ROMy
[ Pobierz całość w formacie PDF ]
HP iPAQ Handheld Security Solutions
Overview..........................................................................................................................................................2
Security........................................................................................................................................................2
HP ProtectTools...............................................................................................................................................3
Using HP ProtectTools.................................................................................................................................3
Odyssey Client.................................................................................................................................................3
Biometric Fingerprint Reader (HP iPAQ hx2700 series only)...........................................................................4
Special issues related to security.....................................................................................................................4
Recovering from a locked device .................................................................................................................5
Passphrases ................................................................................................................................................5
Performance considerations related to data encryption ...............................................................................5
Network Connections.......................................................................................................................................6
Virtual Private Network and Wired Equivalency Privacy ..............................................................................6
Wi-Fi Protected Access (WPA) and TKIP/AES ................................................................................................6
Wireless fidelity (Wi-Fi) ................................................................................................................................7
Wi-Fi hotspots..............................................................................................................................................7
WLAN standards..........................................................................................................................................7
Additional Security Solutions ...........................................................................................................................8
Terminology .....................................................................................................................................................9
For more information...................................................................................................................................... 10
Call to action .................................................................................................................................................. 10
Overview
Protecting the private information on your HP iPAQ is serious business. There are many ways that
you can protect your HP iPAQ. Taking advantage of the built-in security features is a great way to
start protecting your HP iPAQ. These security features are powerful defenses against data theft.
Your login name and password are great ways to begin protecting your HP iPAQ against theft. It is
important to protect the information contained on your HP iPAQ from unauthorized access. Data
encryption is probably the best way to protect information on mobile devices as well as on external
storage cards. (Data encryption is a conversion process that is used for protecting data.)
This white paper provides detailed information about HP ProtectTools, Odyssey Client
®
, and
biometric security solutions. In today’s world, a lot of valuable information is being stored on
handheld devices. That is why securing your personal data is so important to HP. The HP
ProtectTools security features provide on-device security protection that decreases the risk of you
losing sensitive data and from unauthorized access on your HP iPAQ. In addition, Odyssey Client
allows easy and secure connection to a wireless network. This document is designed to assist you
in understanding security and how it works on HP iPAQ devices.
Security
Security is a crucial issue facing business users today. Without strong security protection, a lost or
stolen mobile device can give unauthorized users easy access to mission-critical data and network
resources, exposing the business to potential legal liability, financial loss, and competitive
espionage.
For these reasons, strong security is an indispensable asset for mobile business computing devices
such as HP iPAQ handhelds. HP iPAQ devices address these security challenges head-on with a
unique mix of advanced features and tools designed to prevent unauthorized access to user data.
Several important technologies converge to make it happen:
•
HP ProtectTools secured by CREDANT Technologies uses many of the same capabilities found
in that company's enterprise-class Mobile Guardian® product, including user authentication and
data encryption. (Authentication is the process of granting or denying someone access to a
network resource.)
•
Odyssey Client developed by Funk Software, Inc. allows users to connect their device (HP iPAQ
hw6900 Mobile Messenger series only) to multiple secured wireless networks. Odyssey Client
supports networks that adhere to the 802.11b wireless LAN standards. These networks can be
found in hotels, airports, and other Internet hotspots.
•
A special Biometric Fingerprint Reader allows users to easily login with a swipe of the finger (HP
iPAQ hx2700 series Pocket PC only) and/or with a PIN (personal identification number). This
feature provides highly secure, convenient, and fast authentication—without users having to
remember passwords.
•
Full virtual private network (VPN) and WEP-enhanced security is included in the Microsoft
operating system. A VPN provides enhanced security when accessing corporate data over the
Internet. WEP provides 64-bit and 128-bit encryption security when connected via wireless
networks (802.11b).
•
Even more advanced security for wireless communication through built-in support for 802.1X and
WPA (Wi-Fi Protected Access) along with support for LEAP and TKIP. LEAP is used for
authentication purposes.
Mobile viruses are not currently a serious threat; but, it is important be aware of potential risks to
your HP iPAQ. Viruses (also called worms or Trojan horses) are malicious and can be widely
distributed. When you download programs or files that are already infected, a virus can spread
between your personal computer, laptop, or other removable storage. To get more information
about mobile viruses, visit
.
2
HP ProtectTools
The special security technology found in many HP iPAQ devices is provided by HP ProtectTools, a
suite of built-in, not bolted on security solutions. These security solutions are based on the same
technologies used by market leader CREDANT Technologies Inc. CREDANT Mobile Guardian
®
(CMG) provides solutions that reduce specific security risks to handheld users. These security
solutions provide certain advantages that allow you to protect your device more effectively. The first
layer of security involves PIN or password access for HP iPAQ devices. A second layer of defense
involves data encryption, which helps ensure that sensitive information remains confidential.
You can encrypt e-mail messages, attachments, My Documents, and other files that are then
automatically protected whether stored on the device or an external storage card.
(By default, all data in the My Documents folder is encrypted.) If you forget your PIN or password,
you can regain access by entering an answer to a pre-selected question.
If a device is lost or stolen, aggressive failsafe actions can be automatically invoked to hard reset
the device back to factory defaults after a pre-determined number of access attempts.
Using HP ProtectTools
HP ProtectTools helps protect your device and the data stored on it. When HP ProtectTools is
enabled, you may have an option to enroll a fingerprint or enter a PIN and/or password to access
the device.
Once you have set the security features on your device and are unable to successfully swipe your
fingerprint or forget your PIN or password, you can access your device with a back-up question and
answer.
You should only need to set up HP ProtectTools one time. If needed, you can make changes to any
of your security settings later.
Refer to the HP iPAQ documentation on the Companion CD or Getting Started CD to learn more
about:
•
Setting up HP ProtectTools
•
Managing security options
•
Changing your HP ProtectTools settings
•
Encrypting/decrypting data
Odyssey Client
Using Odyssey Client, you can do the following:
•
Connect your HP iPAQ to a wireless network
•
Connect peer-to-peer to other devices on a network
•
Configure multiple networks to connect to various networks (possibly using different credentials
and/or authentication methods)
•
Use 802.1x to authenticate to a network
•
Use various authentication methods (such as EAP-TTLS, EAP-PEAP, and EAP-TLS protocols) to
keep your credentials secure
3
To use Odyssey Client on your HP iPAQ, your device must have an 802.1x-compliant (network
interface card) NIC driver. The HP iPAQ can be compatible with your preferred WLAN security
protocol for network authentication. A readme.txt file is included with the Odyssey Client software
that lists compatible devices.
You will need a license key to use Odyssey Client. A license key is a text sequence that
corresponds to your licensed copy of Odyssey Client. During the installation process, you are
prompted to enter the license key.
You can also enter the license key after the installation process. Several features of Odyssey Client
are licensed separately. Depending on the license, some features may be unavailable and areas of
the user interface may be grayed out.
You will need to install the Odyssey Client software onto your HP iPAQ. For instructions on
installing Odyssey Client via the CD or web download version, refer to the information that came
with your HP iPAQ.
After configuring a network on Odyssey Client, you must be within range of an access point to log
on to a specified network and connect to it. Some wireless networks require that you log on while
others let anyone within range log on. The access point links your HP iPAQ to a network. (The
range of an access point is usually several hundred feet.) If there is no access available, two or
more wireless devices can use peer-to-peer networking to share files and play games. No additional
hardware equipment is needed to use peer-to-peer networking.
Currently, the Odyssey Client for network authentication is available with the HP iPAQ hw6900
Mobile Messenger series only.
Biometric Fingerprint Reader (HP iPAQ hx2700 series
only)
The built-in Biometric Fingerprint Reader is exclusive to the HP iPAQ hx2700 series. The built-in
fingerprint reader is convenient, and it adds an extra level security for authorized users. This robust
security feature easily identifies authorized users and prevents access by others. Depending on the
strength of protection required, you can specify whether to identify yourself using only a fingerprint,
a PIN, a password, or various combinations of these methods.
This type of identification is virtually foolproof, for the simple reason that fingerprints are a unique
form of biometric identification possessed only by the specific user. This also provides the ultimate
in convenient access and does not have to be remembered like a password or PIN.
You can also find more specific information about how to enroll fingerprints using HP ProtectTools
in the User’s Guide on the Companion CD. (If you purchased an HP iPAQ hx2700 Pocket PC, the
Companion CD is available with your device.)
Special issues related to security
The unprecedented set of powerful security features found in the HP iPAQ hx2000 series requires
new behavior for some individual users. In particular, users may find that they run the risk of losing
current data in the devices if regular backups do not occur and they forget any required access
passwords or PIN numbers. This is because a locked device without a password requires a "hard
reset" that will wipe out all of the data on the unit.
The "hard reset" feature is another level of security that helps prevent data theft by unauthorized
users. For the strongest level of protection, you can set a flag in the device that blocks any attempt
to log back in after a certain number of tries. The HP default is to turn this flag off. If this flag is
turned on, in circumstances where lockout occurs, there is no recovery from the lockout that will
preserve your data.
4
Recovering from a locked device
If the device locks and you enter a correct answer to the pre-selected question, this regains access
to the device and its data. If you forget the PIN/password and the answer to the preselected
question, there is no way to recover from a locked device without losing data. The device will
prompt for a hard or clean reset, and all memory will be set back to the default factory condition
which includes deleting data in the iPAQ File Store. If this option is chosen, the iPAQ File Store
takes more than 10 minutes to initialize. During this initialization process, it is recommended that
you connect your HP iPAQ to AC power to avoid timeouts.
However, if you forget your PIN, but successfully enter your hint question/answer, you are prompted
to enter a new PIN. If you do not answer the hint question/answer successfully, there is a time delay
between the hint question/answer attempts until you enter the correct answer.
Passphrases
When HP ProtectTools is initiated, you are prompted for a passphrase that is different than the PIN
or password used to access the device. The passphrase is created for one reason: if data is stored
on a memory card and encrypted by HP ProtectTools, a passphrase is used to facilitate sharing the
data with other HP iPAQ devices. In other words, HP iPAQ devices that use the same passphrase
can also share the data that is encrypted on memory cards.
One special example occurs when HP ProtectTools is disabled but data is still encrypted on a
memory card. This data can be retrieved from the card if HP ProtectTools is reinitiated on the HP
iPAQ using the same passphrase used previously when the data was encrypted on the card. Thus,
like PINs and passwords, it is important to store the passphrase in a secure location. Passphrases
must be at least eight characters long and must include at least one punctuation mark. For best
results, a mix of at least 30 numbers, letters, and special characters should be used.
Performance considerations related to data encryption
With HP ProtectTools, the HP iPAQ automatically encrypts data stored on the device using one of
four encryption algorithms. These encryption algorithms are listed below in order of the strongest to
the weakest:
•
Lite
•
AES (advanced encryption standard)
•
Blowfish
•
3DES
When you lock and unlock the device, the HP iPAQ encrypts and decrypts the data using whichever
algorithm is chosen. Since the computer must run all data through this algorithm, the
encryption/decryption operation will take time and affect the performance of the device.
If you have a large amount of data on your device and choose to encrypt it all, regardless of
processor performance, it will take time to decrypt the data To improve performance, you may
consider encrypting only the most critical data. Performance can also be improved somewhat by
moving to weaker encryption algorithm. For instance, someone using AES for encryption can see a
small performance improvement by changing to the Blowfish method, which is still strong but not
quite as strong as AES. It is possible to change the encryption settings later, but this also involves a
wait while the data is being converted from one format to the other.
Encrypting your personal data is the best way to protect your personal information. The encryption
process runs in the background, so you are able to perform other tasks on your HP iPAQ during this
time. There are two methods to monitor the decryption process. To find out more about encrypting
and decrypting data, refer to the documentation on the Companion CD or Getting Started CD that
came with your HP iPAQ.
5
[ Pobierz całość w formacie PDF ]
zanotowane.pl doc.pisz.pl pdf.pisz.pl chiara76.opx.pl
HP iPAQ Handheld Security Solutions
Overview..........................................................................................................................................................2
Security........................................................................................................................................................2
HP ProtectTools...............................................................................................................................................3
Using HP ProtectTools.................................................................................................................................3
Odyssey Client.................................................................................................................................................3
Biometric Fingerprint Reader (HP iPAQ hx2700 series only)...........................................................................4
Special issues related to security.....................................................................................................................4
Recovering from a locked device .................................................................................................................5
Passphrases ................................................................................................................................................5
Performance considerations related to data encryption ...............................................................................5
Network Connections.......................................................................................................................................6
Virtual Private Network and Wired Equivalency Privacy ..............................................................................6
Wi-Fi Protected Access (WPA) and TKIP/AES ................................................................................................6
Wireless fidelity (Wi-Fi) ................................................................................................................................7
Wi-Fi hotspots..............................................................................................................................................7
WLAN standards..........................................................................................................................................7
Additional Security Solutions ...........................................................................................................................8
Terminology .....................................................................................................................................................9
For more information...................................................................................................................................... 10
Call to action .................................................................................................................................................. 10
Overview
Protecting the private information on your HP iPAQ is serious business. There are many ways that
you can protect your HP iPAQ. Taking advantage of the built-in security features is a great way to
start protecting your HP iPAQ. These security features are powerful defenses against data theft.
Your login name and password are great ways to begin protecting your HP iPAQ against theft. It is
important to protect the information contained on your HP iPAQ from unauthorized access. Data
encryption is probably the best way to protect information on mobile devices as well as on external
storage cards. (Data encryption is a conversion process that is used for protecting data.)
This white paper provides detailed information about HP ProtectTools, Odyssey Client
®
, and
biometric security solutions. In today’s world, a lot of valuable information is being stored on
handheld devices. That is why securing your personal data is so important to HP. The HP
ProtectTools security features provide on-device security protection that decreases the risk of you
losing sensitive data and from unauthorized access on your HP iPAQ. In addition, Odyssey Client
allows easy and secure connection to a wireless network. This document is designed to assist you
in understanding security and how it works on HP iPAQ devices.
Security
Security is a crucial issue facing business users today. Without strong security protection, a lost or
stolen mobile device can give unauthorized users easy access to mission-critical data and network
resources, exposing the business to potential legal liability, financial loss, and competitive
espionage.
For these reasons, strong security is an indispensable asset for mobile business computing devices
such as HP iPAQ handhelds. HP iPAQ devices address these security challenges head-on with a
unique mix of advanced features and tools designed to prevent unauthorized access to user data.
Several important technologies converge to make it happen:
•
HP ProtectTools secured by CREDANT Technologies uses many of the same capabilities found
in that company's enterprise-class Mobile Guardian® product, including user authentication and
data encryption. (Authentication is the process of granting or denying someone access to a
network resource.)
•
Odyssey Client developed by Funk Software, Inc. allows users to connect their device (HP iPAQ
hw6900 Mobile Messenger series only) to multiple secured wireless networks. Odyssey Client
supports networks that adhere to the 802.11b wireless LAN standards. These networks can be
found in hotels, airports, and other Internet hotspots.
•
A special Biometric Fingerprint Reader allows users to easily login with a swipe of the finger (HP
iPAQ hx2700 series Pocket PC only) and/or with a PIN (personal identification number). This
feature provides highly secure, convenient, and fast authentication—without users having to
remember passwords.
•
Full virtual private network (VPN) and WEP-enhanced security is included in the Microsoft
operating system. A VPN provides enhanced security when accessing corporate data over the
Internet. WEP provides 64-bit and 128-bit encryption security when connected via wireless
networks (802.11b).
•
Even more advanced security for wireless communication through built-in support for 802.1X and
WPA (Wi-Fi Protected Access) along with support for LEAP and TKIP. LEAP is used for
authentication purposes.
Mobile viruses are not currently a serious threat; but, it is important be aware of potential risks to
your HP iPAQ. Viruses (also called worms or Trojan horses) are malicious and can be widely
distributed. When you download programs or files that are already infected, a virus can spread
between your personal computer, laptop, or other removable storage. To get more information
about mobile viruses, visit
.
2
HP ProtectTools
The special security technology found in many HP iPAQ devices is provided by HP ProtectTools, a
suite of built-in, not bolted on security solutions. These security solutions are based on the same
technologies used by market leader CREDANT Technologies Inc. CREDANT Mobile Guardian
®
(CMG) provides solutions that reduce specific security risks to handheld users. These security
solutions provide certain advantages that allow you to protect your device more effectively. The first
layer of security involves PIN or password access for HP iPAQ devices. A second layer of defense
involves data encryption, which helps ensure that sensitive information remains confidential.
You can encrypt e-mail messages, attachments, My Documents, and other files that are then
automatically protected whether stored on the device or an external storage card.
(By default, all data in the My Documents folder is encrypted.) If you forget your PIN or password,
you can regain access by entering an answer to a pre-selected question.
If a device is lost or stolen, aggressive failsafe actions can be automatically invoked to hard reset
the device back to factory defaults after a pre-determined number of access attempts.
Using HP ProtectTools
HP ProtectTools helps protect your device and the data stored on it. When HP ProtectTools is
enabled, you may have an option to enroll a fingerprint or enter a PIN and/or password to access
the device.
Once you have set the security features on your device and are unable to successfully swipe your
fingerprint or forget your PIN or password, you can access your device with a back-up question and
answer.
You should only need to set up HP ProtectTools one time. If needed, you can make changes to any
of your security settings later.
Refer to the HP iPAQ documentation on the Companion CD or Getting Started CD to learn more
about:
•
Setting up HP ProtectTools
•
Managing security options
•
Changing your HP ProtectTools settings
•
Encrypting/decrypting data
Odyssey Client
Using Odyssey Client, you can do the following:
•
Connect your HP iPAQ to a wireless network
•
Connect peer-to-peer to other devices on a network
•
Configure multiple networks to connect to various networks (possibly using different credentials
and/or authentication methods)
•
Use 802.1x to authenticate to a network
•
Use various authentication methods (such as EAP-TTLS, EAP-PEAP, and EAP-TLS protocols) to
keep your credentials secure
3
To use Odyssey Client on your HP iPAQ, your device must have an 802.1x-compliant (network
interface card) NIC driver. The HP iPAQ can be compatible with your preferred WLAN security
protocol for network authentication. A readme.txt file is included with the Odyssey Client software
that lists compatible devices.
You will need a license key to use Odyssey Client. A license key is a text sequence that
corresponds to your licensed copy of Odyssey Client. During the installation process, you are
prompted to enter the license key.
You can also enter the license key after the installation process. Several features of Odyssey Client
are licensed separately. Depending on the license, some features may be unavailable and areas of
the user interface may be grayed out.
You will need to install the Odyssey Client software onto your HP iPAQ. For instructions on
installing Odyssey Client via the CD or web download version, refer to the information that came
with your HP iPAQ.
After configuring a network on Odyssey Client, you must be within range of an access point to log
on to a specified network and connect to it. Some wireless networks require that you log on while
others let anyone within range log on. The access point links your HP iPAQ to a network. (The
range of an access point is usually several hundred feet.) If there is no access available, two or
more wireless devices can use peer-to-peer networking to share files and play games. No additional
hardware equipment is needed to use peer-to-peer networking.
Currently, the Odyssey Client for network authentication is available with the HP iPAQ hw6900
Mobile Messenger series only.
Biometric Fingerprint Reader (HP iPAQ hx2700 series
only)
The built-in Biometric Fingerprint Reader is exclusive to the HP iPAQ hx2700 series. The built-in
fingerprint reader is convenient, and it adds an extra level security for authorized users. This robust
security feature easily identifies authorized users and prevents access by others. Depending on the
strength of protection required, you can specify whether to identify yourself using only a fingerprint,
a PIN, a password, or various combinations of these methods.
This type of identification is virtually foolproof, for the simple reason that fingerprints are a unique
form of biometric identification possessed only by the specific user. This also provides the ultimate
in convenient access and does not have to be remembered like a password or PIN.
You can also find more specific information about how to enroll fingerprints using HP ProtectTools
in the User’s Guide on the Companion CD. (If you purchased an HP iPAQ hx2700 Pocket PC, the
Companion CD is available with your device.)
Special issues related to security
The unprecedented set of powerful security features found in the HP iPAQ hx2000 series requires
new behavior for some individual users. In particular, users may find that they run the risk of losing
current data in the devices if regular backups do not occur and they forget any required access
passwords or PIN numbers. This is because a locked device without a password requires a "hard
reset" that will wipe out all of the data on the unit.
The "hard reset" feature is another level of security that helps prevent data theft by unauthorized
users. For the strongest level of protection, you can set a flag in the device that blocks any attempt
to log back in after a certain number of tries. The HP default is to turn this flag off. If this flag is
turned on, in circumstances where lockout occurs, there is no recovery from the lockout that will
preserve your data.
4
Recovering from a locked device
If the device locks and you enter a correct answer to the pre-selected question, this regains access
to the device and its data. If you forget the PIN/password and the answer to the preselected
question, there is no way to recover from a locked device without losing data. The device will
prompt for a hard or clean reset, and all memory will be set back to the default factory condition
which includes deleting data in the iPAQ File Store. If this option is chosen, the iPAQ File Store
takes more than 10 minutes to initialize. During this initialization process, it is recommended that
you connect your HP iPAQ to AC power to avoid timeouts.
However, if you forget your PIN, but successfully enter your hint question/answer, you are prompted
to enter a new PIN. If you do not answer the hint question/answer successfully, there is a time delay
between the hint question/answer attempts until you enter the correct answer.
Passphrases
When HP ProtectTools is initiated, you are prompted for a passphrase that is different than the PIN
or password used to access the device. The passphrase is created for one reason: if data is stored
on a memory card and encrypted by HP ProtectTools, a passphrase is used to facilitate sharing the
data with other HP iPAQ devices. In other words, HP iPAQ devices that use the same passphrase
can also share the data that is encrypted on memory cards.
One special example occurs when HP ProtectTools is disabled but data is still encrypted on a
memory card. This data can be retrieved from the card if HP ProtectTools is reinitiated on the HP
iPAQ using the same passphrase used previously when the data was encrypted on the card. Thus,
like PINs and passwords, it is important to store the passphrase in a secure location. Passphrases
must be at least eight characters long and must include at least one punctuation mark. For best
results, a mix of at least 30 numbers, letters, and special characters should be used.
Performance considerations related to data encryption
With HP ProtectTools, the HP iPAQ automatically encrypts data stored on the device using one of
four encryption algorithms. These encryption algorithms are listed below in order of the strongest to
the weakest:
•
Lite
•
AES (advanced encryption standard)
•
Blowfish
•
3DES
When you lock and unlock the device, the HP iPAQ encrypts and decrypts the data using whichever
algorithm is chosen. Since the computer must run all data through this algorithm, the
encryption/decryption operation will take time and affect the performance of the device.
If you have a large amount of data on your device and choose to encrypt it all, regardless of
processor performance, it will take time to decrypt the data To improve performance, you may
consider encrypting only the most critical data. Performance can also be improved somewhat by
moving to weaker encryption algorithm. For instance, someone using AES for encryption can see a
small performance improvement by changing to the Blowfish method, which is still strong but not
quite as strong as AES. It is possible to change the encryption settings later, but this also involves a
wait while the data is being converted from one format to the other.
Encrypting your personal data is the best way to protect your personal information. The encryption
process runs in the background, so you are able to perform other tasks on your HP iPAQ during this
time. There are two methods to monitor the decryption process. To find out more about encrypting
and decrypting data, refer to the documentation on the Companion CD or Getting Started CD that
came with your HP iPAQ.
5
[ Pobierz całość w formacie PDF ]