Honeywell Dolphin 70e black User manual

Dolphin™ 70e Black

Network and Security Guide

Disclaimer

Honeywell International Inc. (“HII”) reserves the right to make changes in specifications and other information contained in this

document without prior notice, and the reader should in all cases consult HII to determine whether any such changes have been

made. The information in this publication does not represent a commitment on the part of HII.

HII shall not be liable for technical or editorial errors or omissions contained herein; nor for any damages, whether direct,

special, incidental or consequential resulting from the furnishing, performance, or use of this material. HII disclaims all

responsibility for the selection and use of software and/or hardware to achieve intended results.

To the extent permitted by applicable law, Honeywell disclaims all warranties whether written or oral, including any implied

warranties of merchantability and fitness for a particular purpose.

This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document

may be photocopied, reproduced, or translated into another language without the prior written consent of HII.

Web Address: www.honeywellaidc.com

Trademarks

Android is a trademark of Google Inc.

Microsoft is either a registered trademark or registered trademark of Microsoft Corporation in the United States and/or other

countries.

The Bluetooth trademarks are owned by Bluetooth SIG, Inc., U.S.A. and licensed to Honeywell.

microSD and microSDHC are trademarks or registered trademarks of SD-3C, LLC in the United States and/or other countries.

MITRE is a registered trademark of The MITRE Corporation.

Cisco and Catalyst are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries.

UNIX is a registered trademark of The Open Group.

Wi-Fi is a registered trademark of Wi-Fi Alliance.

OpenSSL is a registered trademark of The OpenSSL Software Foundation, Inc.

Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and

are the property of their respective owners.

iii

Chapter 1 - Introduction

Intended Audience ...............................................................................................................1-1

How to Use this Guide .........................................................................................................1-1

Product Detail ......................................................................................................................1-1

System Architecture.............................................................................................................1-1

Architecture of an In-Premise Dolphin 70e Black System..............................................1-2

Architecture of a Field Service Dolphin 70e Black System ............................................1-2

Related Documents ............................................................................................................1-3

Chapter 2 - Security Checklist

Infection by Viruses and Other Malicious Software Agents .................................................2-1

Mitigation Steps..............................................................................................................2-1

Unauthorized External Access.............................................................................................2-1

Mitigation Steps..............................................................................................................2-1

Unauthorized Internal Access ..............................................................................................2-2

Mitigation Steps..............................................................................................................2-2

Chapter 3 - Developing a Security Program

Forming a Security Team.....................................................................................................3-1

Identifying Assets to be Secured .........................................................................................3-1

Identifying and Evaluating Threats.......................................................................................3-1

Identifying and Evaluating Vulnerabilities ............................................................................3-1

Identifying and Evaluating Privacy Issues............................................................................3-2

Creating a Mitigation Plan....................................................................................................3-2

Implementing Change Management....................................................................................3-2

Planning Ongoing Maintenance...........................................................................................3-2

Additional Security Resources ............................................................................................3-2

Chapter 4 - Disaster Recovery Planning

Honeywell Backup and Restore Power Tool Utility..............................................................4-1

Accessing the Backup and Restore Power Tools ..........................................................4-1

External Storage ..................................................................................................................4-1

Remote MasterMind Device Management Software............................................................4-1

Disaster Recover Testing.....................................................................................................4-1

Chapter 5 - Security Updates and Service Packs

Honeywell SysInfo Power Tool ............................................................................................5-1

To View System Information ..........................................................................................5-1

Chapter 6 - Network Planning and Security

Connecting to the Business Network ...................................................................................6-1

Third Party Applications .......................................................................................................6-1

Table of Contents

Chapter 7 - Securing Wireless Devices

Wireless Local Area Networks (WLAN) and Access Points (APs) Security ........................ 7-1

Secure Wireless AP Configuration ................................................................................ 7-1

Secure Dolphin 70e Black WLAN Configuration............................................................ 7-1

Bluetooth™ Wireless Technology Security ......................................................................... 7-1

Wireless Wide Area Network (WWAN) Security.................................................................. 7-1

Wireless Near Field Communication (NFC) Security .......................................................... 7-2

Chapter 8 - System Monitoring

Intrusion Detection............................................................................................................... 8-1

Chapter 9 - Securing Access to the Android 4.0 Operating System

Basic Security Setup ........................................................................................................... 9-1

SIM Card Lock............................................................................................................... 9-1

Screen Lock................................................................................................................... 9-1

Security Lock Timer ....................................................................................................... 9-1

Device Encryption.......................................................................................................... 9-1

USB debugging.............................................................................................................. 9-2

Bluetooth Wireless Technology ..................................................................................... 9-2

NFC Wireless Technology............................................................................................. 9-2

Device Administration Policy (Recommended) ................................................................... 9-2

Chapter 10 - Network Ports Summary

Network Port Table........................................................................................................... 10-1

Chapter 11 - Glossary

General Terms and Abbreviations..................................................................................... 11-1

Chapter 12 - Customer Support

Product Service and Repair............................................................................................... 12-1

Technical Assistance......................................................................................................... 12-1

1 - 1

Introduction

This guide defines the security processes, both implemented and recommended by Honeywell, for using the Dolphin™ 70e

Black mobile computer with Android™4.0.

Intended Audience

The target audience for this guide is the Dolphin 70e Black with Android customer organization that identifies and manages the

risks associated with the use of information processing equipment. This includes, but is not limited to, Information Technology

(IT). Third party organizations delivering and installing turnkey systems should also follow the guidelines in this guide. The intent

of this guide is to drive the discussion between the organization using the Dolphin 70e Black with Android and the organization

responsible for managing information technology risks.

A high degree of technical knowledge and familiarity in the following areas is assumed.

• Android 4.0 operating systems.

• Networking systems and concepts.

• Wireless systems.

• Security issues and concepts. In particular, the following systems need to be understood and properly setup:

–RadiusServer

– Mobile Device Management Software (e.g., Remote MasterMind™)

– Application Server (e.g., Web server or Terminal Emulation server)

How to Use this Guide

Note: Dolphin 70e Black references in this guide refer to devices with Android 4.0 operating systems.

If you have specific security concerns (e.g., virus protection or preventing unauthorized access), consult the Security

Checklist (page 2-1) or select from the topics listed below.

Developing a Security Program, page 3-1

Disaster Recovery Planning, page 4-1

Security Updates and Service Packs, page 5-1

Securing Wireless Devices, page 7-1

System Monitoring, page 8-1

Securing Access to the Android 4.0 Operating System, page 9-1

Network Ports Summary, page 10-1

Product Detail

The Honeywell Dolphin 70e Black is a device intended for use in in-premise Automatic Data Collection (ADC) systems and for

field ADC applications. In-premise systems typically exist in establishments such as distribution warehouses or retail stores.

This type of system often uses terminal emulation servers or web servers to direct the Dolphin 70e Black to perform ADC

operations (e.g., scanning during picking or placing of items). Field applications entail the use of the Dolphin 70e Black for field

service applications and route distribution. Field service applications may use either Web applications or client applications that

require different levels of connectivity to the customer servers.

System Architecture

The diagrams on page 1-2 illustrate sample architecture for in-premise and field system Dolphin 70e Black network

deployments. In both examples, a firewall exists to prevent the systems from having direct access to external networks or the

rest of the Business System Network (e.g., Finance or HR) and to prevent those systems from accessing the Dolphin 70e Black

system.

1 - 2

Architecture of an In-Premise Dolphin 70e Black System

The diagram below provides an example of in-premise system architecture that includes multiple Dolphin 70e Black with

Android devices, a wireless LAN (WLAN), a mobile device management (MDM) server (e.g., Honeywell's Remote

MasterMind device management software) and an application support server (e.g., web server or a terminal emulation

server).

Architecture of a Field Service Dolphin 70e Black System

The diagram below provides an example of field application system architecture that includes Dolphin 70e Black with

Android devices, a wireless wide area network (WWAN) (e.g., wireless phone service), and web-applications, clients, and

MDM servers (e.g., Remote MasterMind device management software).

Firewall

Switch

MDM Server

(e.g., Remote MasterMind)

Application

Server

Radius Server

(e.g., IAS)

Ethernet

Wi-Fi®

Ring

Scanner

Portable

Printer Dolphin 70e

Black

Dolphin 70e

Black

USB

Ring

Scanner

Bluetooth

Dolphin 70e

Black

Firewall

Switch

MDM Server

(e.g., Remote MasterMind)

Application

Server

Radius Server

(e.g., IAS)

Ethernet

Portable

Printer

Cellular Data

Service Network Dolphin 70e Black

Bluetooth

Dolphin 70e Black

1 - 3

Related Documents

User’s Guides Additional Information

Dolphin 70e Black powered by Android User’s Guide Available for download from the Dolphin 70e

Black product page at www.honeywellaidc.com.

Dolphin Power Tools for devices powered by Android User’s Guide

1 - 4

2 - 1

Security Checklist

This chapter identifies common security threats that may affect networks containing Dolphin 70e Black devices. You can

mitigate the potential security risk to your site by following the steps listed under each threat.

Infection by Viruses and Other Malicious Software Agents

This threat encompasses malicious software agents, for example viruses, spyware (Trojans), and worms. The intrusion of

malicious software agents can result in:

• performance degradation,

• loss of system availability, and

• the capture, modification or deletion of data.

Mitigation Steps

Unauthorized External Access

This threat includes intrusion into the Honeywell Dolphin 70e Black system from the business network or other external

networks including the Internet.

Unauthorized external access can result in:

• loss of system availability,

• the capture, modification, or deletion of data, and

• reputation damage if the external access security breach becomes public knowledge.

Mitigation Steps

Ensure virus protection is installed, signature files are up-to-date, and

subscriptions are active.

Allow only digitally signed software from trusted sources to run.

Use a firewall at the interface between other networks and Dolphin

70e Black devices.

Mitigation Steps

Implement file system encryption. https://source.android.com/devices/tech/

encryption/

android_crypto_implementation.html

Use HTTPS when using Web servers across untrusted networks. http://developer.android.com/training/articles/

security-ssl.html

Use a firewall at the interface between your other networks and

Dolphin 70e Black devices.

Secure wireless devices.

Set the minimum level of privilege for all external accounts, and

enforce a strong password policy. This is especially true for Mobile

Device Management (MDM) systems.

Disable all unnecessary access ports (e.g., FTP).

Use a VPN when the Dolphin 70e Black system requires data to

traverse an untrusted network.

Use SSL for communication between native applications and

specialty servers.

http://developer.android.com/training/articles/

security-ssl.html

Use intrusion detection on WLAN networks.

2 - 2

Unauthorized Internal Access

This threat encompasses unauthorized access from people or systems with direct access to a Dolphin 70e Black device. This

threat is the most difficult to counter since attackers may have legitimate access to part of the system and are simply trying to

exceed their permitted access.

Unauthorized internal access can result in:

• loss of system availability,

• the capture, modification, or deletion of data, and

• the theft or damage of system contents.

Mitigation Steps

Do not allow the use of unauthorized removable media

(e.g., microSD™ or microSDHC™ cards) on Dolphin 70e Black

devices.

http://source.android.com/devices/tech/

security/index.html

Implement password protection on Dolphin 70e Black devices. Refer to the Dolphin 70e Black powered by

Android User’s Guide available for download at

www.honeywellaidc.com.

http://source.android.com/devices/tech/

security/index.html#password-protection.

Monitor system access.

Other manuals for Dolphin 70e Black

Table of contents

Other Honeywell Handheld manuals

Honeywell

Honeywell Dolphin CN80 NI User manual

Honeywell

Honeywell CN75 User manual

Honeywell

Honeywell MX7 Tecton User manual

Honeywell

Honeywell MX9 User manual

Honeywell

Honeywell CN51 PrintPAD User manual

Honeywell

Honeywell 7900L0P-422C20E - Hand Held Products Dolphin... User manual

Honeywell

Honeywell CT50LON User manual

Honeywell

Honeywell HX2 User manual

Honeywell

Honeywell 7600BP-112-B6EE - Hand Held Products Dolphin... User manual

Honeywell

Honeywell Dolphin 70e Black User manual

Honeywell

Honeywell ScanPal EDA61K Series User manual

Honeywell

Honeywell Dolphin CT40 User manual

Honeywell

Honeywell ScanPal 5100 User manual

Honeywell

Honeywell CT50 User manual

Honeywell

Honeywell 7600BG-122-B4EE - Hand Held Products Dolphin... User manual

Honeywell

Honeywell CK75LAN User manual

Honeywell

Honeywell Dolphin CN80 User manual

Honeywell

Honeywell 7600BP-112-B6EE - Hand Held Products Dolphin... User manual

Honeywell

Honeywell Dolphin 60s User manual

Honeywell

Honeywell MX9 User manual

Honeywell

Honeywell Dolphin 9900 User manual

Honeywell

Honeywell HX2 User manual

Honeywell

Honeywell 8680i Series User manual

Honeywell

Honeywell MX8 User manual

Popular Handheld manuals by other brands

Panasonic

Panasonic CF-VST332U How-to

Wasp

Wasp WPA 1000II user manual

Hand Held Products

Hand Held Products Dolphin 9500 Software upgrade instructions

Intermec

Intermec CK61 quick start guide

Wasp

Wasp WDT92 user manual

Texas Instruments

Texas Instruments TI-Nspire user guide

Docomo

Docomo F-04H instruction manual

Armstrong

Armstrong Brain Wave Hardware & software installation

Unitech

Unitech TB128 user manual

Symbol

Symbol MC9000-G Product reference guide

Ingenico

Ingenico IWL220 GPRS Quick reference guide

Intermec

Intermec CK61 user manual

Symbol

Symbol c2000 user manual

Toshiba

Toshiba e350 Series user manual

Palm

Palm Tungsten E2 supplementary guide

MiTAC

MiTAC Mio 168 user manual

NCI Technologies

NCI Technologies NCI - 465 WMU user manual

Symbol

Symbol PDT 8100 Series Product reference guide