Part 3 - Free security testing tools for Windows handheld devices. If you're going to keep up with the security risks that come with mobile devices like this, you need to know how to test Windows Mobile security, which tools are best for use with Windows-based handhelds and about
general mobile device hardening best practices. These tips are designed to help you do just that, as well as teach you how to test network security from a Windows Mobile device.
With these no-cost security testing tools, you can check network security from Windows handheld devices.
SearchWinIT.com SearchEnterpriseDesktop.com LabMice.netSearchExchange.com SearchWindowsServer.comTechTarget Windows Media SearchSQLServer.com SearchDomino.com
Pocket E-Guide
Windows Mobile security
tips for the on-the-go
pro series
Part 3 - Free security testing tools
for Windows handheld devices
The need for Windows Mobile security isn't going away, asportable devices like smartphones, pocket PCs and laptops havebecome staples for most IT professionals. If you're going to keepup with the security risks that come with mobile devices like this,you need to know how to test Windows Mobile security, whichtools are best for use with Windows-based handhelds and aboutgeneral mobile device hardening best practices. These tips aredesigned to help you do just that, as well as teach you how to testnetwork security from a Windows Mobile device.
With these no-cost security testing tools, you can check networksecurity from Windows handheld devices.
Sponsored By:Windows Mobile security tips for the on-the-go pro seriesPart 3 - Free security testing tools for Windows handheld devices
Part 3 - Free security testing tools for Windows handhelddevices
Kevin Beaver, CISSP
We talk a lot about the security testing tools that run on Windows desktops. But what about security testingtools for the Windows Mobile platform? You can and should do some basic security testing from yourWindows handheld devices, such as smart phones and PDAs. This comes in handy if you're trying to performsome unannounced security testing and don't want to pique the interest of those who manage the systems,or if you just don't have your laptop around.
Now, I will say that these tools won't work on every version/model of Windows handhelds. You'll have to readthe fine print to see if your platform is supported. But if it is and you have a wireless network connection onyour device with a supported wireless adapter, you should be good to go.
Here are some tools to check out:
General networking. NbtstatCE -- a tool for enumerating NetBIOS name tables on remote Windows systems
. Netcat 4 wince -- a tool for port scanning and establishing outbound and inbound TCP/UDPconnections on a Windows system
. vxUtil -- an all-in-one tool for gathering Windows DNS information, port scanning, ping andtraceroute, whois lookups and more
Wi-Fi scanners. MiniStumbler -- the handheld version of the popular NetStumbler wardriving tool
. WiFoFum -- an alternative to MiniStumbler with GPS support as well (compatible with WindowsMobile 6)
Text searching. GSFinder+ (and theoretically any search tool on a networked handheld) -- a tool for connecting toWindows network drives and searching for sensitive unstructured information that's not storedsecurely. I'm a big fan of using text search tools as a security and compliance tool as I outlined in mytip, The problem with unstructured information. It's often overlooked, but unstructured, unprotectedinformation stored in files across the network is a big security problem. Now you can perform thiscritical task from the palm of your hand.
Sponsored by: Page 2 of 4Windows Mobile security tips for the on-the-go pro seriesPart 3 - Free security testing tools for Windows handheld devices
Outside of the slim pickings, if there's any other downside to mobile security testing tools, it's that they comeat a price. Sure, they're "free" in the traditional sense but what you will pay for is battery life. As with any-thing that accesses hardware on a battery-powered machine -- like these applications do with the wirelessconnection -- they're going to sap more power out of your systems than you may be used to. Of course, ifthis was a big issue, you probably wouldn't be using your handheld for security testing to begin with.
You're not going to have a comprehensive testing environment with these tools, but they are a good start ifyou have a specific need to use a handheld for security testing. So far, there aren't many current applicationsbecause the demand hasn't been there and mobile applications can be difficult to code. I suspect both thedemand for them and the supply will change.
Imagine a world where we can perform security tests from our mobile devices when we're stuck in meetingsor otherwise incapacitated. Sounds like a great-time management tool to me! This is going to be fun.
About the a... [download for more]
