Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: PocketPC firewalls

From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 22 Apr 2004 08:55:22 -0400 (EDT)
On Thu, 22 Apr 2004, Williams Jon wrote:


That was the take we've had for a while, although recent changes (i.e.
certain iPAQs coming with built in 802.11 access, etc.) have made us
question that.  Hopefully, these machines won't have mission critical


It's good to revisit it fairly often, but at this point, there's just not
heaps of exploit code out for them.  By the time that there's a real
threat, we'll likely have more options for protection.  At this point, I'd
seriously look more at strategies for keeping them up to date- since we're
likely to have more of the same client-side "it has to go through the
firewall" problems anyway.  I doubt that PocketPC has (but I haven't
looked) all that many dangling services, but I'd bet the Web and mail
clients are about par for the course.


data on them, but many of the users I know sync their email and address
books to their PDAs, so some users might inadvertantly have important
information we wouldn't want leaking.  For normal files, we're also
looking at file-level encryption, but since we were looking at the PDA
security question, we wanted to make sure we hadn't overlooked anything.



Yeah, I just think that at this juncture, a firewall is more of a placebo
than a valuable control.  Now, that could change, and if it does, then
ability to have on in place becomes important, but I really don't see it
as a major threat vector for a while (I bet the loss stats for PDAs well
outweigh the attack stats, which well outweigh the successful attack
stats.)

In fact, I'll go out on a limb and say that I doubt there's been a real
PDA attack in the wild, even with 802.11 (and I'd concentrate more on WPA
for folks who use them at home than I would a firewall...)

I'd also hate to take support calls for things that "don't work" on a PDA,
since lots of salespeople *need* them to work *now*.  If there's an
alternative browser like Opera available, I'd be looking at rolling that
out well before a firewall.

Just my .02.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: