Microsoft recommendations
- Microsoft’s Security Model for Windows Mobile 5.0 and Windows Mobile 6
- Security Considerations for Windows Mobile Messaging in the Enterprise
The three part series by Kevin Beaver, summarized, paraphrased
- Administration Issues
- Authentication mechanism
- Encryption
- Virtually unlimited storage capacities
- Potential for malware infections
- System updates and patches
- Privileged account protection
- Policy Implementation
- User authorization
- Passwords
- Remote access for RDP and VPN sessions
- Wi-Fi connectivity
- Internet and email acceptable usage
- Information sensitive and content storage
- Encryption requirements (storage and Wi-Fi)
- Physical security
- Incident response in the event of theft or loss
- Disposal
- Security auditing and testing
- So what can you do instead?
- Use power-on passwords and SIM locks where you can. This serves as a good first line of defense against all but the most formidable attackers.
- Require screens to lock with password-based re-entry after a relatively short time period (i.e., 2-3 minutes).
- Ensure you have the latest firmware and software provided by your mobile device manufacturer that likely addresses known security flaws.
- Use the media card encryption feature built into Windows Mobile 6, which has the ability to wipe the system remotely. There are known issues with this, so you may be better off looking at third-party encryption solutions like those offered by Credant, Information Security Corp. and Aiko Solutions.
- Use third-party “tweaking” tools, such as Tweaks2K2.NET and Spb Kiosk. They allow you to adjust various security controls, such as disabling ActiveX, hiding admin passwords and other desktop lockdown features.
- Require secure VPN connections across Wi-Fi networks using tools like the ones offered by Bluefire Security Technologies.
- Be sure you (or your users) are backing up your mobile systems either via standard syncing capabilities or using a third-party tool like Sprite Backup.
- Antitheft
- Kaspersky Mobile Security
- PhoneBAK
- SIM Alarm
- Antivirus
- Airscanner Antivirus
- Kaspersky Mobile Security
- Symantec Mobile Antivirus
- Backup
- Mobile Backup for Windows Mobile 2007
- Resco Backup
- Sprite Backup
- Device encryption
- Airscanner Mobile Encrypter
- PGP Mobile
- Mobile Guardian
- SecuBox
- Miscellaneous
- Airscanner Mobile Firewall
- Airscanner PowerTools (for periodic system management, maintenance, and cleanup)
- Bluefire Mobile Security Enterprise Edition (a comprehensive toolset including firewall, IPS, power-on authentication/system wipe, encryption, hardware/application control, and logging)
- Secure password managers (to facilitate secure information management)
- eWallet
- LoginsPlus Mobile
- SplashID
- VPNs
- Symantec Mobile VPN
- Bluefire Mobile Security VPN
- TheGreenBow VPN Mobile
- NbtstatCE is a tool for enumerating NetBIOS name tables on remote Windows systems
- Netcat 4 wince is a tool for port scanning and establishing outbound and inbound TCP/UDP connections on a Windows system
- vxUtil is an all-in-one tool for gathering Windows DNS information, port scanning, ping and traceroute, whois lookups and more
- MiniStumbler is the handheld version of the popular NetStumbler wardriving tool
- WiFoFum is an alternative to MiniStumbler with GPS support as well (compatible with Windows Mobile 6)
- GSFinder+ (and theoretically any search tool on a networked handheld) is a tool for connecting to Windows network drives and searching for sensitive unstructured information that’s not stored securely. Use text search tools as a security and compliance tool. Unstructured, unprotected information stored in files across the network is a big security problem. Now you can perform this critical task from the palm of your hand.
Aggressive Virus Defense 