Mobile device security/TealLock
From Provider Wiki
Contents |
This page has been frozen as of the presentation to SUG and IT Roundtable on February 12, 2007
Introduction
This page has been created for the 2006 Mobile Security evaluation team. This product has been identified as meeting our first round requirements, and deserves a closer look. Please provide as much detail as possible about the technical specifications of the product as well as install the product yourself. Jorj and I have contacted the vendor (if a demo is not available) and will post download information as it becomes available. I have included some preliminary information that should be identified, but is by no means an exhaustive list. Bob DeSilets 11:23, 12 December 2006 (EST)
There are 4 different versions of TealLock available:
- Lite
- Standard
- Corporate
- Enterprise
For our purposes, we should only be considering the Enterprise version.
Evaluation Questions
What devices does it work on
TealLock is Palm OS only. The product does support external memory card (SD) encryption.
What level/type of encryption does this support
- 128-bit Blowfish encryption
- 128-bit AES encryption in Enterprise Edition
Is there device-wipe capability?
There is a remote-wipe capability with this product. TealLock can be configured to wipe both the unit and external media when certain criteria are met:
- A specified number of incorrect passwords are entered.
- A specified "booby trap" password is entered.
- If the device is a smartphone then it can be sent sms text messages to destroy files in memory data, lock the device or unlock the device.
Cost
- TealLock Lite Edition ($19.95)
- Basic features for a single user.
- TealLock Corporate Edition ($29.95)
- offers additional administrator controls such as multi-unit installation, enforced use, password restrictions, and remote device unlocking.
- TealLock Enterprise Edition ($34.95)
- offers all the power of TealLock Corporate Edition, but adds heavyweight AES encryption and policy-update-capability.
There is also a trial download of the TealLock Corporate Edition available for download from their web page. It is a 30 day evaluation but all features of the product are available. A "nag" screen reminds you to register the product if you have not purchased it yet.
HIPAA Compliance
The following list of features realate to HIPAA Security Technical Safeguards (164.312)
- Authenticated Access Control
- TealLock password-protection insures that only persons with access rights can view or modify protected health information (PHI) stored on the device.
- Password Strength
- TealLock password controls prevent insecure passwords from being selected. Options requirements include password length, inclusion of numbers inclusion of letters and requirements for mixed case passwords.
- Password Aging
- TealLock password expiration can require passwords be changed at regular intervals and be required to differ from recently used ones.
- Automatic Logoff
- TealLock can automatically lock the handheld a specified number of minutes after a password is entered, performing an automatic logoff.
- Inactive Session Termination
- TealLock can automatically lock the handheld after a specified number of minutes of inactivity.
- Emergency Access Procedure
- TealLock Corporate/Enterprise Edition’s administrator passwords can provide authorized individuals full access rights to data stored on the handhelds in an emergency.
- Data Partitioning
- TealLock’s password permissions, guest password, and protected mode access can limit access to specific applications and their data to specific passwords, preventing unauthorized data access from guests who have been loaned a handheld for a specific purpose.
- Encryption and Decryption
- TealLock supports encryption and decryption of data stored both in memory and on external storage cards with industry-standard 128-bit protection and optional 128-bit AES encryption in TealLock Enterprise Edition.
- Audit Trail
- TealLock’s History Log feature provides an audit trail for tracing for all logins, logouts and attempted logins using any enabled device passwords.
Comments?
TealLock seems to be very easy to install, It uses the standard Palm Desktop installation.
The installation of Teal lock was rather easy. I documented the installation process and there's only 5 steps to my installation instructions. TealLock was also very easy to use and configure. I was able to navigate through the configuration settings and configure my PDA without looking at any of the documentation that TealLock provides on their website.--Mikki Miller
Passwords
Passwords must have a minimum of four characters.
TealLock has several different levels of passwords.
- Admin password
- The Admin password allows full device access. If no admin password has been set the user password has full device access.
- Guest password
- By default the guest password only allows the device to be unlocked and to run unprotected applications. You can change the permissions of the guest account.
- Quick password
- By default the quick password allows unlocking of the device, shows private records, and allows protected applications to run. You can change permissions on the quick password.
- User password
- The user password gives full access if no admin password is set. If an admin password is set the user password has full permissions except for permission to alter the other password settings
Additional Features
- With the TealLock software you can create Install and Uninstall files that can be used on other PDA devices that are supported.
- The Install Files lets you copy the security setting from the current device to other devices and imbed an initial password that end users must change after login.
- The Uninstall file can be used to turn off TealLock on deployed handhelds typically before upgrading to a new program version.
---Mikki Miller
