By Tara Seals

WHILE THE INTERNET SECURITY WAR rages on, wireless users may have a vague notion of security concerns at a hotspot. But most dont think twice about using their Palm Treos or accessing a unified messaging center with a Wi-Fi-enabled softphone, and the truth is, mobile data devices are increasingly the weakest points in the enterprise network defense.

Todays cell phones and PDAs have the same functionality e-mail, IM, Web access, storage, processing capabilities and applications that notebook computers had just a few years ago, says Mark Komisky, CEO and co-founder of Bluefire Security Technologies, which offers security for PDAs and smart phones via VARs and systems integrators. In fact, with the various wireless capabilities including Wi-Fi, wireless carrier networks and Bluetooth, they are more vulnerable than ever because they are always attached to a public network with hundreds of millions of unknown users.

Wi-Fi-enabled tablet PCs and laptops, cell phones with Web access, PDAs and even MP3 players may be the new front in the Internet security war, but channel partners can be the first line of defense. Vendors are turning to partners to proselytize a range of shields against viruses, worms, malware and hacked access to corporate data, as the need for security is snowballing. This year, two-thirds of U.S. employees will be mobile in nature and relying on such devices, according to IDC Research. Thats a lot of potential chinks in the armor.

About 90 percent of business activity is conducted within range of one or more wireless networks, and while people are broadly aware of the benefits of Wi-Fi, most have no idea about the risks, says Michael Maggio, CEO at Newbury Networks, which offers location-based management and security solutions through VARs and SIs.

Nonetheless, socialization of these issues has not reached mainstream, and some companies still believe that a VPN is all they need for security, says Skip Taylor, vice president of product marketing at Fiberlink Communications Corp. Enter VARs,which use a trusted adviser role to bring the concerns to light and recommend solutions like Fiberlinks DNA platform and Extend360 intelligent access clients, to control how users can connect and what conditions are right on the device before connectivity should be allowed. Today, the end device is an easier attack point than the traditional LAN-based firewall that blocks intrusion, so the hackers are becoming very aggressive in their attempts to gain device access, particularly in hotels, airports and other hotspots catering to more mobile access with weakened security implementations, Taylor cautions.

Many strategies available to VARs take into account the endpoint but start with the network, since mobile devices dont come with typical protection capabilities found on PCs. SonicWALL Inc. has 600,000 devices in the field, from Internet security appliances for SMBs to centrally managed security solutions for distributed enterprises. We offer unified threat management that makes endpoint threats a nonissue; in the past, a firewall/VPN combo provided access rules, but didnt look at packet data coming in, says John Gmuender, vice president of engineering at SonicWALL, which maintains a channel of 15,000 VARs. VARs should be able to offer many layers of protection, including antivirus, anti-spyware, intrusion detection, scan-andblock capabilities and more. Our solution has all that within its hardware, software and bundled subscription revenue components.

Other device security approaches push information from network to device. Electronic Lifestyle Integration Inc. has launched an appliance, Eli, which updates Wi-Fi and DSL/cable-connected devices 30 times per day with security profiles. A PCMCIA version for cellular devices is in prototype now. Our Trust resellers are security and network integrators and VARs, says Susan Lutz, ELIs CEO and founder. They have been struggling to build out security expertise in the mobile area and are hungry for solutions like this.

Above all else, VARs should be aware that security is a multilayered endeavor. Precautions on the device side should include only allowing signed trusted applications to be downloaded and run, and processes like SIMLock (securely tying the SIM card and the handset to a specific operator) and IMEI (giving an ID to every handset to reduce fraud and theft). Each endpoint, remote or otherwise, should be seen as a vulnerable node on the network and should use security software including firewalls, antivirus, authentication and file encryption software. Security also could include the use of external monitoring software to ensure the firewall and antivirus products are doing their jobs as well as remediation of vulnerabilities before the user touches the LAN.