{"id":8412,"date":"2010-11-19T13:32:39","date_gmt":"2010-11-19T20:32:39","guid":{"rendered":"http:\/\/wapreview.com\/?p=8412"},"modified":"2010-11-22T22:10:12","modified_gmt":"2010-11-23T05:10:12","slug":"symbians-robust-enterprise-security","status":"publish","type":"post","link":"https:\/\/wapreview.com\/8412\/","title":{"rendered":"Symbian’s Robust Enterprise Security"},"content":{"rendered":"
\nL to R; Me, Mike Maddaloni, Craig Richards,\u00a0 Teemu Lehtonen.<\/small><\/p>\n
At Microsoft Tech.Ed in Berlin last week, Mike Maddaloni (thehotiron.com<\/a>), Craig Richards\u00a0 (geekcomputers.co.uk<\/a>) and I sat down with Nokia’s Teemu Lehtonen.\u00a0 The topic was Symbian security, something Teemu knows a thing or two about having worked primarily in that area for most of the 12 years he’s been with Nokia.<\/p>\n Teemu outlined the Symbian security model which he called the most secure in the industry. It starts with the hardware. All modern Symbiam phones contain a chip level, hardware accelerated AES encryption engine which can encrypt and decrypt large data sets on the fly without impacting the user experience.<\/p>\n The Symbian boot loader is encrypted.\u00a0 As the device is powered up the hardware engine decrypts the boot loader and verifies that it has not been tampered with.\u00a0 Similarly, the Symbian OS image is\u00a0 encrypted and has to be decrypted and verified before the OS can be loaded.<\/p>\n The hardware encrypted boot loader and OS image mean we will probably never see an alternate OS like Linux or Android running on a Symbian device.\u00a0 While I’m a big fan of\u00a0 people hacking alternate OSs on to\u00a0 all sorts of devices, I’m sure corporate IT administrators\u00a0 sleep better knowing that they don’t have to worry about rouge operating systems\u00a0 on devices issued to employees accessing the enterprise network.<\/p>\n On top of hardware and OS security lies Platform Security.\u00a0 Symbian apps must be signed with an encrypted certificate and Java apps may be. Signing guarantees that the app has not been tampered with and there are different certificates\u00a0 that rant\u00a0 varied levels of access to device capabilities. The\u00a0 certificates that allow access to the most privileged APIs are only available to Nokia, device manufacturers, mobile operators and other trusted partners.\u00a0 While it’s true that Platform Security in older Symbian phones has been hacked to grant\u00a0 unsigned apps access to privileged capabilities,\u00a0 doing so has required physical access to the device.<\/p>\n Lost or stolen phones can also potentially result in identity theft and disclosure of personal, financial and corporate secrets. Symbian offers users and device administrators several ways to protect sensitive information if a device goes astray.\u00a0 All E-Series phones since the E71\u00a0 let the user encrypt the contents of device memory and the SD card\u00a0 using the same hardware accelerated encryption engine that protects the OS and boot loader. Decryption of data of data occurs on the fly as needed and is transparent to applications and the user.<\/p>\n All E-Series and most N-Series phones also support\u00a0 remote device locking.\u00a0 Provided the user has enabled remote locking in advance, a lost or stolen can be locked by sending a text message containing the secret lock code.<\/p>\n Corporate IT administrators have a lot of options for managing device security in the field. Microsoft Exchange and Lotus Domino administrators can apply mailbox polices to E-Series phones that enforce things like requiring a device lock password, setting inactivity timeouts and password complexity and aging rules, automatically wiping the device after a specified number of failed password attempts and disallowing downloading attachements or limiting their size. Exchange and Domino administrators can also remotely wipe a device.<\/p>\n Symbian supports the\u00a0 Open Mobile Alliance\u00a0 Device Management (OMA DM) protocols that allow administrators to set password policies, remotely configure phone settings and remotely lock or wipe phones using 3rd party OMA DM products.<\/p>\n The Nokia Mobile VPN client, which is pre-installed on E-Series phones and is a free download<\/a> for most Symbian\u00a0 phones, lets users to securely connect to corporate and personal Virtual Private Networks (VPNs) using the iPSec protocol.\u00a0 The client supports many enterprise features including custom digital certificates, password rules, and RSA SecurID or\u00a0 Active Directory \/LDAP\u00a0 authentication.\u00a0 VPN security\u00a0 can be configured and updated over the air using OMA DM compatible tools.<\/p>\n Talking with Teemu was an eye opener for me. I worked as a developer at a large US based financial services company for many years and am familiar with the challenges that mobile computing brings to enterprise data security.\u00a0 Still, I was unaware, as I think many US IT professionals are,\u00a0 of the strength and depth of Symbian’s security model.\u00a0 RIM and Windows Mobile are the dominant choices for enterprise smartphones in this country but Symbian is a worthy and cost effective alternative that more businesses should consider.<\/p>\n Theres more on Symbian security on nokia.com<\/a>. including a detailed security white paper<\/a> (PDF).<\/p>\n Disclaimer: My expenses for the trip to Tech.Ed, including airfare, hotel, meals, drinks, and admission to the conference were paid for by the 1000heads<\/a> agency on behalf of Nokia. However, the opinions expressed here are entirely my own.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" L to R; Me, Mike Maddaloni, Craig Richards,\u00a0 Teemu Lehtonen. At Microsoft Tech.Ed in Berlin last week, Mike Maddaloni (thehotiron.com), Craig Richards\u00a0 (geekcomputers.co.uk) and I sat down with Nokia’s Teemu Lehtonen.\u00a0 The topic was Symbian security, something Teemu knows a thing or two about having worked primarily in that area for most of the 12 years he’s been with Nokia. Teemu outlined the Symbian security model which he called the most secure in the industry. It starts with the hardware. … Continue reading