RE: [fw-wiz] PocketPC firewalls

From: Paul D. Robertson (
Date: 04/22/04

  • Next message: Ravi: "[fw-wiz] High Avaialability and Firewall state transfer"
    To: Williams Jon <>
    Date: Thu, 22 Apr 2004 08:55:22 -0400 (EDT)

    On Thu, 22 Apr 2004, Williams Jon wrote:

    > That was the take we've had for a while, although recent changes (i.e.
    > certain iPAQs coming with built in 802.11 access, etc.) have made us
    > question that. Hopefully, these machines won't have mission critical

    It's good to revisit it fairly often, but at this point, there's just not
    heaps of exploit code out for them. By the time that there's a real
    threat, we'll likely have more options for protection. At this point, I'd
    seriously look more at strategies for keeping them up to date- since we're
    likely to have more of the same client-side "it has to go through the
    firewall" problems anyway. I doubt that PocketPC has (but I haven't
    looked) all that many dangling services, but I'd bet the Web and mail
    clients are about par for the course.

    > data on them, but many of the users I know sync their email and address
    > books to their PDAs, so some users might inadvertantly have important
    > information we wouldn't want leaking. For normal files, we're also
    > looking at file-level encryption, but since we were looking at the PDA
    > security question, we wanted to make sure we hadn't overlooked anything.

    Yeah, I just think that at this juncture, a firewall is more of a placebo
    than a valuable control. Now, that could change, and if it does, then
    ability to have on in place becomes important, but I really don't see it
    as a major threat vector for a while (I bet the loss stats for PDAs well
    outweigh the attack stats, which well outweigh the successful attack

    In fact, I'll go out on a limb and say that I doubt there's been a real
    PDA attack in the wild, even with 802.11 (and I'd concentrate more on WPA
    for folks who use them at home than I would a firewall...)

    I'd also hate to take support calls for things that "don't work" on a PDA,
    since lots of salespeople *need* them to work *now*. If there's an
    alternative browser like Opera available, I'd be looking at rolling that
    out well before a firewall.

    Just my .02.

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation
    firewall-wizards mailing list

  • Next message: Ravi: "[fw-wiz] High Avaialability and Firewall state transfer"