Firewalls on the PocketPC Platform
As mentioned in the AntiVirus section above, your PocketPC is generally safe from Virus exposure due to its “low profile” in the hacking community, and this same reason also works to indicate that your device is generally safe from outside intrusion by hackers. Additionally, your device requires a NetBIOS transport mechanisms in order to be accessed by outside devices, so in order for someone to gain access to your device from the outside world, some sort of NetBIOS client must be installed on the device in order to facilitate a NetBIOS session.
- The most common such client installed on most PocketPCs is Microsoft’s ActiveSync program.
- My favorite software for Remote Control of the PocketPC is Soti’s Pocket Controller Professional.
So essentially, your device has a natural barrier against outside intrusion. However, this protection can be easily bypassed if a Virus or Trojan such as Brador (mentioned above in the AntiVirus Section) gets onto your PocketPC and opens a backdoor by way of it’s own built-in client.
If you intend to get a firewall, it should provide you with a low-level (Network level on the OSI model) protection, as well as Stateful Packet Inspection (SPI). Bidirectional SPI which inspects both incoming and outgoing packets is considered a bonus even by PC standards, since most PC Firewalls only care about incoming packets (a notable exception is ZoneAlarm’s offering for the PC). A truly good firewall will contain customizable access control list will allow you to define custom settings for your specific network, and comes with frequent updates (possibly by paid subscription) to the software’s pre-programmed filters. This will patch newly found vulnerabilities and assist your device in detecting and preventing newer exploits and inbound attacks like a Denial Of Service (DoS).
QUICK LIST of Firewall Applications for the PocketPC:
- AirScanner Mobile Security also offers their Mobile Firewall application.
- Sadly, BlueFire Firewall appears to be geared more for enterprise distribution rather than individual use. Their website claims that SMB (Small Business) use is “coming soon”.
BioMetric Applications for the PocketPC
The use of a BioMetrics (short for Biological Metric) is a Security methodology that grants authority or access based on the presence of biologically unique aspects of your physiology. Unique and theoretically non-reproducible examples of human physiology include fingerprints, voiceprints, retina scans, as well as handwriting, and even typing cadence. Measurements of this nature generally require a lot of work on the part of the user providing a dozen or so “samples” (fingerprints for example) up-front, but the reward is usually a quick and effortless authentication in the long-run.
I can personally attest to this ability with my iPAQ h5555, which has a built-in fingerprint scanner. I have invited friends to attempt to hack the unit or “pretend” to be me with some advanced duplication technologies and they all failed. When I need access, I do not have to stop and ask myself “Now what was that password again?” I just run my finger across the scanner bar and I have almost immediate access. Fingerprint entry (or “swiping”) takes a little getting-used-to, but I tend to get it right the first time about 94% of the time.
These PocketPCs equipped with Fingerprint readers are the best working examples of BioMetric Security being utilized in PDA construction. There are aftermarket programs available to judge biological metrics, but they will be limited to utilizing whatever inputs your PocketPC has readily available: namely the touch-sensitive screens all PDA’s have.
QUICK LIST of BioMetric Security Applications for the PocketPC:
- PDA-Protect utilizes your stylus input onscreen to capture a “secret sign” you pre-program, along with pattern recognition algorithms that judge the velocity, direction, and angle of the writing to determine identity.
- Likewise, PDALok utilizes your signature to capture judges your identity based on personal rhythm, speed, pressure flow, and rate of acceleration.
Data Loss Mitigation Applications for the PocketPC
So your Enterprise PDA was just stolen. All that corporate information is now in someone else’s hands. What to do? Well, this kind of an application specializes in mitigating the issue of what to do if a certain number of pre-programmed events occur which indicate to the device that it has been stolen. Such applications will restrict access to your Applications, and will wipe any and all sensitive data from the device after a certain number of failed logon attempts are logged, or if the device is not synchronized with the normal Host PC within a certain number of days.
QUICK LIST of Data Loss/Data Mitigation Applications for the PocketPC:
- Surewave’s Mobile Defense (previously known as PDA-Defense).
- HP ProtectTools by Credant Technologies is built-in to HP hx2000 and hx4700 series iPAQs. See your iPAQ documentation for more information.
- HP Password protection is built in to most HP iPAQs and will tell the system to perform a hard reset after a predetermined number of failed login attempts are logged. See your iPAQ documentation for more information.
Follow us on Twitter!