get the ALL the lastest news! Mobile Windows News | Windows Mobile podcast Podcasts | videos about Windows Mobile phones and more Videos | Search | Forums | Site News


For developers: Secure Windows Mobile Development and Deployment
 September 02, 2004 [General] | By Edward J. R.

Yes, it is an article for developers but it discusses some security risk that may be very interesting for regular users of Pocket PC and Microsoft Smartphone too:

This article looks at what development and deployment security options are available for the Pocket PC and Smartphone, including Public Key Infrastructure, Email with Exchange Server, Virtual Private Networks, WiFi, device configuration management, Pocket PC power on passwords and SQL SE security.

root certificates - security for Microsoft Smartphone

What exactly is deployment? It covers many situations, hardware and software, but primarily is about distribution and maintenance. In the desktop and server world, maintenance tends to be a factor in deployment planning, Microsoft® Windows Mobile™ 2003-based Pocket PCs and Microsoft® Windows Mobile™ 2003-based Smartphones tend not to be at the forefront of deployment and maintenance. This paper demonstrates various techniques to aid configuration of devices, to support hardware deployment and maintenance. We will also look at developer techniques you can use to improve security of your application and data on the device.

Mobile Threats

When you start designing a Smart Client application you should consider threat modeling analysis to identify your assets, threats and risks. Common areas include securing access to data on the device and securing communications between the device and remote endpoints. Since there is no concept of users and ACLs, all users of the device are effectively local administrators, so you might want to lock down the device.

When securing data on the device, consider encrypting SQL CE databases and adding login to your application. What happens if the device is lost or stolen? If someone tries a dictionary attack on your application you may want to delete your application data after a certain number of failed attempts or increase a wait time between each login. If your application data resides on a storage card then consider encrypting the data files as these are easily removable and readable.

For remote communications think about using encrypted transports such as SSL or if applicable VPN, or you may want to custom encrypt data before sending. Be aware that the shared key encryption on 802.11b WiFi can be broken if enough packets are sniffed.

To read the article click here.

Discuss this item in the forumsPost your comment (free registration is required to post, but if you register you can edit your posts later)


If you need help with Microsoft cellphones or you have some feedback, then leave us voicemail at Skype!!!

<< Previous Story Next Story >>

visit NewsNow! read msmobiles.com off-line in your Symbian, Palm or Windows Mobile device with use of AvantGo client!
visit us to get regularly also some unique content, not available elsewhere!

Help us by submitting news!
Some of our Reviews
(phones):







Some of our Reviews
(software):
3G video calling
Live Messenger
MS Push Email
SlingPlayer over WiFi
SlingPlayer over UMTS
Opera browser
  get the ALL the lastest news! Mobile Windows News | Windows Mobile podcast Podcasts | videos about Windows Mobile phones and more Videos | Search | Forums | Site News

Submit news | Contact us | Windows Mobile podcasts | All Windows Mobile news | RSS/XML Feed

Our friends: MoDaCoCoolSmartphone.comSmartphoneThoughtsMobiusBink.nu - Microsoft news,  pdaPhoneHome.com.

Copyright © 2002-2009 by msmobiles.com. All rights reserved.
This site is not affiliated with Microsoft Corporation.