Geeks With Blogs

News Clicky Web Analytics

web stats View David Caddick ('s profile on LinkedIn

Search this Site!

Locations of visitors to this page
View My Stats eXTReMe Tracker
This posting is provided "AS IS" with no warranties, and confers no rights. The opinions expressed within are my own and should not be attributed to any other Individual, Company or the one I work for. I just happen to be a classic techie who is passionate about getting things to work as they should do (and are sometimes advertised and marketed as being able to?) and when I can I drop notes here to help others falling in to the same traps that I have fallen in to. If this has helped then please pass it on - if you feel that I have commented in error or disagree then please feel free to discuss with me either publically or privately? Cheers, Dave
Thin Clients, VDI and Linux integration from the front lines.... Raw and sometimes unedited notes based on my experiences with VMware, Thin Clients, Linux etc.

I found this little Gem on Jason’s Blog last night. If you are at all concerned about how to ensure some degree of Security on mobile devices within your organisation you should really review this – sorry, late me restate that – you must review this, it’s essential reading.

Although the headline is for CESG, Jason quickly points out that:

“CESG is the Information Assurance (IA) arm of GCHQ and are the UK Government’s National Technical Authority for Information Assurance”

The upshot of this is that “Windows Mobile is approved to protect the access to RESTRICTED data”.

What's really interesting is that many Government organisations have been deploying Blackberry without CESG approval - yet holding back on Windows Mobile - which with the above solutions does have CESG approval!

Now unless I’m reading this incorrectly it would appear that this all hangs together on the basis of HP’s
ProtectTools Windows Mobile? Even if I have misunderstood, this Product (or should I say this Product Range?) from HP would appear to be quite comprehensive and even on it’s own is well worth further investigation.
HP ProtectTools Embedded Security

A rich portfolio of rock-solid security solutions

·         HP ProtectTools Email Release Manager - This custom-tailorable policy enforcement system provides vital security enhancements for Microsoft Exchange and Outlook clients. It includes facilities to electronically sign, encrypt, and audit mail messages, tightening your organization's control with minimal impact on your users. Access product details at HP ProtectTools Email Release Manager (pdf).

·         HP ProtectTools Authentication Services - Mitigate security risks with strong user authentication including a customer-unique password hashing system, managed change of administration passwords, last successful and unsuccessful login information, multiple login denial, and timed auto log-out. Access product details at HP ProtectTools Authentication Services (pdf).

·         HP ProtectTools Device Manager - Offers advanced tools for managing and auditing the import and export of data from multiple devices based on user privileges. Controls access to CD readers and writers; compact flash cards; USB, serial, and parallel ports; scanners; digital cameras; PDAs; and more. Access product details at HP ProtectTools Device Manager (pdf).

·         HP ProtectTools Application Manager – This “out of the box” software gives System Administrators the facility to lock down servers and desktops preventing them from running unauthorised executable code no matter where it is from.  It provides defence in depth running only administrator trusted applications. Access  product details at HP ProtectTools Application Manager whitepaper (pdf)

·         HP ProtectTools Role-Based Access - Give your users secure terminal server access to diverse role-based facilities from a single desktop. This powerful software enables you to establish a strong multi-role security system, with each role implemented in a separate, cryptographically protected Windows account. Access product details at HP ProtectTools Role-Based Access (pdf).

·         HP ProtectTools Windows Mobile - Keep your confidential data secure even if a mobile device falls into the wrong hands. This solution toughens Windows Mobile security with state-of-the-art features including password generation, secure memory erase, device locking, and event logging. Access product details at HP ProtectTools Windows Mobile (pdf).

·         Tenix Data Diode-Based Solutions - These solutions ease one-way data transfer from lower-security to higher-security networks, while protecting data confidentiality. They provide for secure movement of files, e-mail, and clipboard data, as well as forwarding of network packets across a Tenix Data Diode. Access product details at Tenix Data Diode-Based Solutions (pdf).

Evaluation kits  are available for selected HP ProtectTools packages. You can download the kits from the Software Depot. See the listings under "security and manageability."

For further information and pricing, please contact

Posted on Tuesday, September 6, 2005 5:38 PM C500/C600 SmartPhone (or replacement) , Exchange and Push Email , IT Management , Real Cool Stuff , Security | Back to top

Comments on this post: Security for Mobile devices

# re: Security for Mobile devices
Requesting Gravatar...
Except they don't have a Windows Mobile 5 version at present unless I'm mistaken and the CESG approval is for up to WM2003 as of the moment...
Left by Paul Edwards on May 07, 2006 7:59 AM

# List of mobile Device which are CESG Compliant
Requesting Gravatar...
Can somebody please give me a list of Mobile Handset device / PDAs which are CESG compliant.

It will be really a great help for me.
Left by Sangram Swain on Sep 20, 2007 7:58 PM

# re: Security for Mobile devices
Requesting Gravatar...

It's the OS you want to worry about not the device.

I believe the answer at the moment is, nothing is CESG approved which is cuasing a lot of pain through out Govt.

On the grapevine i hear that Microsoft are close to getting some agreement with CESG over Win Mob but that may not be until WM7.

I'm chasing this down with MS now and I'll post the update if i get a sensible answer and it's not under NDA.

Left by Andy Weedon on Sep 21, 2007 2:30 AM

Your comment:
 (will show your gravatar)

Copyright © Dave Caddick | Powered by: