In previous chapters I covered the threats to PDAs themselves and to their supporting infrastructure. One of the most important groups of threats to understand is the threat PDAs pose to the enterprise LAN and enterprise PCs. These threats fall into the following categories:
Unwanted transfer and disclosure of sensitive data
Introduction of malware
Unauthorized conduit to the corporate LAN
One of the biggest problems with PDAs in the enterprise is the inability of the enterprise to properly and centrally manage and control PDA‐configuration policies. In this section I will discuss enterprise‐level, centralized management tools for PDAs.
As I discussed in Chapter 5, “Protecting Your PC and LAN from BlackBerrys,” controlling data is critical for enterprises. The threat to uncontrolled data as it pertains to USB drives is known and, for the most part, understood. It is also important to understand that PDAs can be used as a means to transfer sensitive data. Let's take a look at how Pocket PCs can be used to remove data, and then discuss the threats.
The first means to transfer data over to a Pocket PC is by simply using Windows Explorer. When a Pocket PC is connected to a PC, the device itself and its subsequent file structure can be navigated from within Windows Explorer. This makes copying data from the PC or network to the Pocket PC very quick and simple. Figure