For Immediate Release

Bluefire Releases 10 Tips to Combat Handheld Attacks

Security Company Shares Best Practices to Protect Mobile Devices

Baltimore, MD February 18, 2003 — Bluefire Security Technologies today released 10 tips for securing enterprise mobile devices. As PDAs and cell phones become more common vehicles for enterprise data delivery, they also become more vulnerable to attack. This reinforces the need for an effective enterprise-wide mobile security strategy. To prevent the loss of confidential data and ensure customer privacy, organizations that empower employees to use mobile devices should implement device-side security measures to minimize corporate risk.

Combating Handheld Attacks The mobile device platform poses unique challenges to security administrators. ThatÕs why Bluefire Security has compiled 10 tips to combat attacks on handhelds. These tips are a product of what Bluefire has learned from its extensive engineering and development efforts, leveraging its more than 100 years of collective experience in the enterprise security and wireless worlds. While every mobile enterprise should carefully evaluate its own device-side security needs, the following best practices provide a basic guide from which to begin the process.

• Define Handheld Security Policy.
• Centrally Enforce and Monitor Handheld Security.
• Enforce Use of Power-on Passwords.
• Block Unauthorized Handheld Network Activity.
• Detect Handheld Intrusions.
• Protect Handheld Integrity.
• Encrypt Sensitive Data Stored on Handhelds.
• Protect Traffic Sent/Received by Handhelds.
• Maintain Up-to-Date Anti-Virus Protection.
• Backup Frequently.

TIPS TO COMBAT HANDHELD ATTACKS

Mobile Device Attacks

While attacks on mobile devices are not as widely published or prolific as the viruses and worms that infiltrate network security defenses, they do exist and can be equally as dangerous. In fact, while they are functionally rich, the open handheld operating systems are completely insecure, lacking even the most rudimentary security measures such as power-on password enforcement. This makes the device highly susceptible to a variety of attacks, all of which will grow in sophistication and magnitude as enterprise wireless adoption increases.

"We are predicting a significant increase in enterprise wireless technology adoption over the next five years, including an uptake in handheld usage," said Matthew Kovar, director Security Solutions & Services research and consulting practice for the Yankee Group. "As with any technology that touches the enterprise, the wireless device should be protected. In addition to a spike in wireless adoption, the popularity of public hot spots will further jeopardize the security of PDAs and cell phones running enterprise applications. Whether attacks are premeditated or random, corporations can save themselves time and money by taking proactive security measures now and avoiding big bills later."

Common attack types include:

• Copying or stealing information from the device.
• Loading malicious code onto the device.
• Destroying key files or applications on the device.

"Government, health care and financial services enterprises are realizing the critical nature of device-side wireless security," said Mark Komisky, CEO of Bluefire Security Technologies. "These organizations need to provide their employees with mobility, but must also protect the information accessible on handhelds. Whether driven by regulatory issues or competitive advantage, no enterprise can afford to expose confidential data or to compromise their network, especially when it can be easily prevented." Additional information on the 10 tips can be found in the replay of "Mobile and Wireless Security: Protecting Your Mobile Enterprise," a recent Webcast featuring Matthew Kovar and Mark Komisky. The presentation is available at www.bluefiresecurity.com.