Part 1 - Windows mobile security: Get it locked down. If you're going to keep up with the security risks that come with mobile devices like this, you need to know how to test Windows Mobile security, which tools are best for use with Windows-based handhelds and about general mobile device hardening best practices. These tips are designed to help you do just that, as well as teach you how to test network security from a Windows Mobile device.
SearchWinIT.com SearchEnterpriseDesktop.com LabMice.netSearchExchange.com SearchWindowsServer.comTechTarget Windows Media SearchSQLServer.com SearchDomino.com
Pocket E-Guide
Windows Mobile security
tips for the on-the-go
pro series
Part 1 - Windows mobile security:
Get it locked down
The need for Windows Mobile security isn't going away, asportable devices like smartphones, pocket PCs and laptops havebecome staples for most IT professionals. If you're going to keepup with the security risks that come with mobile devices like this,you need to know how to test Windows Mobile security, whichtools are best for use with Windows-based handhelds and aboutgeneral mobile device hardening best practices. These tips aredesigned to help you do just that, as well as teach you how to testnetwork security from a Windows Mobile device.
Security for Windows Mobile is a very real concern that cannot beignored. Learn about the risks connected with mobile devices andsome organizational must-haves in this tip.
Sponsored By:Windows Mobile security tips for the on-the-go pro seriesPart 1 - Windows mobile security: Get it locked down
Part 1 - Windows mobile security: Get it locked down
Kevin Beaver, CISSP
I recently acquired a Windows mobile-based Samsung BlackJack smartphone. I absolutely love it but I feelit's quite the liability hanging off my pocket. I can't imagine being responsible for dozens, if not thousands, ofthese types of systems in larger enterprises. But this is the case for many people - people that are used toonly having to secure Windows workstations and servers.
Mobile systems are a glaring weakness within enterprise security and not enough people are concerned aboutor have the right resources to address this. There's often no direct accountability in managing and securingmobile systems, and they often fall outside the scope of security assessments and audits. Interestingly,there's not a ton of vendor-based solutions to lock down these devices either. The ones that do exist focus onthe older versions of PocketPC.
Lack of visibility and limited security solutions aside, the odds are that you have a whole lot of untamedWindows Mobile-based devices floating around your environment. The security risks associated with WindowsMobile systems are really no different than those commonly tied to laptop computers. They include:. Weak authentication mechanism (if any)
. Lack of encryption
. Virtually unlimited storage capacities
. Potential for malware infections
. System updates and patches (not so many now, but that's bound to change).
The big difference is that you can't really test Windows Mobile systems using traditional security testing tools.It's just the nature of the beast.
These weaknesses not only expose sensitive files and email to whoever comes into contact with the mobiledevices, but they also facilitate data leakage and sensitive information exposure by employees who aren't onthe up and up. Windows mobile-based systems are that much more vulnerable because they have a greaterpropensity than the typical laptop to be lost and sprout legs, never to be seen again.
Ensuring that your Windows Mobile systems are properly locked down and are protecting sensitive businessassets all starts with policies. I know policies aren't sexy, but regardless of how boring and repetitive theyseem, it's an absolute must to make sure your mobile systems fall within the scope of all your other comput-er systems.
Sponsored by: Page 2 of 5Windows Mobile security tips for the on-the-go pro seriesPart 1 - Windows mobile security: Get it locked down
Your mileage will vary but you should at least make sure the following Windows Mobile concerns areaddressed in your existing security policies, standards and plans:. User authorization
. Passwords
. Remote access for RDP and VPN sessions
. Wi-Fi connectivity
. Internet and email acceptable usage
. Information sensitive and content storage
. Encryption requirements (storage and Wi-Fi)
. Physical security
. Incident response in the event of theft or loss
. Disposal
. Security auditing and testing
Beyond policies, here are the essential security must-haves for all Windows Mobile systems in your organiza-tion: 1. Use power-on passwords and SIM locks where you can. This serve... [download for more]
