Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
4/8/2010

Perimeter security is a set of physical security and programmatic security policies that provide levels of protection against remote malicious activity. Perimeter security is enforced in the following areas:

Removable Storage Card Security

Removable storage card security provides enhanced protection from viruses and malicious applications/code that can be spread through portable storage units, such as disks and MultiMedia Cards (MMCs). For example, if this policy is turned on and an MMC is inserted into the device, files can be copied from the MMC to the device. However executable files that exist on the MMC, and files that may contain viruses will not run on the device. The AutoRun security policy enforces this protection. For more information, see Security Policy Settings.

The AutoRun security policy setting determines whether applications stored on an MMC are allowed to run automatically when inserted into the device.

Note:
Using files on an MMC is not a valid method for provisioning Windows Mobile Professional or Windows Mobile Classic.

Device Lock

In case of device theft, Windows Mobile provides enhanced protection for data by locking the device and requiring user authentication through a password. Locking the device helps prevents disclosure of sensitive information, such as user credentials, and prevents malicious system modifications that require physical access to the device, such as uploading a virus, modifying system binaries, or tampering with user data.

The device lock activates an ActiveSync lock. The ActiveSync lock enforces an exponential delay after every failed unlock attempt following the first three attempts. The device lock also helps prevent an automated brute-force attack on the ActiveSync lock.

SIM Lock

The SIM lock programmatically locks the SIM card after more than three failed unlock attempts. To prevent Denial of Service attacks or brute-force attacks against the SIM lock, normal applications are prevented from accessing the SIM APIs. In addition, rogue applications cannot destroy the SIM by exceeding the maximum number of failed logon attempts.