RE: [fw-wiz] PocketPC firewalls
From: Paul D. Robertson (paul_at_compuwar.net)
To: Williams Jon <WilliamsJonathan@JohnDeere.com> Date: Thu, 22 Apr 2004 08:55:22 -0400 (EDT)
On Thu, 22 Apr 2004, Williams Jon wrote:
> That was the take we've had for a while, although recent changes (i.e.
> certain iPAQs coming with built in 802.11 access, etc.) have made us
> question that. Hopefully, these machines won't have mission critical
It's good to revisit it fairly often, but at this point, there's just not
heaps of exploit code out for them. By the time that there's a real
threat, we'll likely have more options for protection. At this point, I'd
seriously look more at strategies for keeping them up to date- since we're
likely to have more of the same client-side "it has to go through the
firewall" problems anyway. I doubt that PocketPC has (but I haven't
looked) all that many dangling services, but I'd bet the Web and mail
clients are about par for the course.
> data on them, but many of the users I know sync their email and address
> books to their PDAs, so some users might inadvertantly have important
> information we wouldn't want leaking. For normal files, we're also
> looking at file-level encryption, but since we were looking at the PDA
> security question, we wanted to make sure we hadn't overlooked anything.
Yeah, I just think that at this juncture, a firewall is more of a placebo
than a valuable control. Now, that could change, and if it does, then
ability to have on in place becomes important, but I really don't see it
as a major threat vector for a while (I bet the loss stats for PDAs well
outweigh the attack stats, which well outweigh the successful attack
In fact, I'll go out on a limb and say that I doubt there's been a real
PDA attack in the wild, even with 802.11 (and I'd concentrate more on WPA
for folks who use them at home than I would a firewall...)
I'd also hate to take support calls for things that "don't work" on a PDA,
since lots of salespeople *need* them to work *now*. If there's an
alternative browser like Opera available, I'd be looking at rolling that
out well before a firewall.
Just my .02.
Paul D. Robertson "My statements in this message are personal opinions
firstname.lastname@example.org which may have no basis whatsoever in fact."
email@example.com Director of Risk Assessment TruSecure Corporation
firewall-wizards mailing list