Important: |
---|
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Perimeter security is a set of physical security and programmatic security policies that provide levels of protection against remote malicious activity. Perimeter security is enforced in the following areas:
-
Physical Access Control. The security devices and policies
that are enforced for physical access control prevent the spread of
viruses through portable storage devices, help protect data on the
phone and the Subscriber Identity Module (SIM) card.
-
.cab Signing. .cab file signing provides a more secure
method of packaging and delivering applications in Windows Mobile
Standard. By signing the .cab files for downloads, Windows Mobile
Standard can verify the source and integrity of the file.
-
Device Management. The security policies that are enforced
for device management help to protect the device from threats that
may originate from over-the-air (OTA) downloads or push messages.
-
Microsoft® ActiveSync®. The RAPI policy that is enforced for
ActiveSync operations helps to protect against application-level
threats.
Removable Storage Card Security
Removable storage card security provides enhanced protection from viruses and malicious applications/code that can be spread through portable storage units, such as disks and MultiMedia Cards (MMCs). For example, if this policy is turned on and an MMC is inserted into the device, files can be copied from the MMC to the device. However executable files that exist on the MMC, and files that may contain viruses will not run on the device. The AutoRun security policy enforces this protection. For more information, see Security Policy Settings.
The AutoRun security policy setting determines whether applications stored on an MMC are allowed to run automatically when inserted into the device.
Note: |
---|
Using files on an MMC is not a valid method for provisioning Windows Mobile Professional or Windows Mobile Classic. |
Device Lock
In case of device theft, Windows Mobile provides enhanced protection for data by locking the device and requiring user authentication through a password. Locking the device helps prevents disclosure of sensitive information, such as user credentials, and prevents malicious system modifications that require physical access to the device, such as uploading a virus, modifying system binaries, or tampering with user data.
The device lock activates an ActiveSync lock. The ActiveSync lock enforces an exponential delay after every failed unlock attempt following the first three attempts. The device lock also helps prevent an automated brute-force attack on the ActiveSync lock.
SIM Lock
The SIM lock programmatically locks the SIM card after more than three failed unlock attempts. To prevent Denial of Service attacks or brute-force attacks against the SIM lock, normal applications are prevented from accessing the SIM APIs. In addition, rogue applications cannot destroy the SIM by exceeding the maximum number of failed logon attempts.