RE: PDA's/Blackberrys: risk to networksL

["Murda Mcloud" <murdamcloud () bigpond com>]

I'd second Nick's response and also add that as they are such great tools,
then maybe there should be a consistent platform that you have, then any
support or security will only need to be for one type of device and not
five.
Add other vectors such as bluetooth/web for many of these things and they
begin to multiply potential issues.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Nick Owen
Sent: Saturday, October 21, 2006 6:01 AM
To: Chinnery, Paul
Cc: security-basics () securityfocus com
Subject: Re: PDA's/Blackberrys: risk to networksL

Chinnery, Paul wrote:
> Some of our directors are bringing in PDA's like Palms and using them
> to sync up with their email.  Since virus writers and mailicious
> hackers are targeting these devices, we are wondering what the
> security impact is on networks Can viruses be transmitted easily
> between PDA and the network machine they connect to? Could a key
> logger prg or other malicious prg be easily transferred? We're a
> small, rural hospital and although I keep pretty current on security
> issues I haven't see much on this forum or other security related
> forums which is why I am asking the group for their opinions. BTW,
> we're a W2K shop with W2K Pro and XP sp2 computers using Exchange2K
> and SQL.
>
> Paul Chinnery

Paul:

As the recent ipod infections show, any device that plugs into a Windows
box is susceptible to malware thanks to the auto-run features in
Windows.  At the same time, IMO, a Blackberry or PDA is a tremendous
productivity tool and probably worth the risks.  If you can limit the
synching to PCs under your control, then you can at least make sure that
all the anti-malware tools are in place.

hth,

nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------