Hi, James,
A mobile device which is never synced to anything, wirelessly
connected to anything, only allows the user to see the screen while
it's being used, and is electromagnetically shielded is secure
while it's under the owner's control. Does that help? ;-)
Can you elaborate more on the threat that's expected, and what the
value of the data is which will be installed on the device?
For example, I did a project for a Major Auto Manufacturer where the
threat was defined as "casual perusal of a lost Palm, Windows CE, or
RIM Blackberry device". We proposed solving it by using an escrow
service and whole-device screen-locking software. A random person
finding it in an airport restroom would not know that the device
belonged to Big Time Auto Executive, but would see the sticker that
said "Turn this into Joe Blow Services and get $100!". They couldn't
get into the apps on the device, but $100 in the hand is worth more
than finding out who the device belonged to. And they'd never know
that there was valuable information about the Big Time Auto
Executive's meetings with a company they were about to acquire in the
Memo Pad, Datebook and Phonebook...
So, let's define the threats and the value of the data...
>>>>> On Mon, 25 Mar 2002 11:44:19 -0500, "Meritt James" <[EMAIL PROTECTED]> said:
Meritt> As contradictory as this intuitively seems, is anyone
Meritt> aware of anything that even ADVERTISES itself as a secure
Meritt> mobile device? I've been asked about a 'secure' (whatever
Meritt> that means) mobile (say, wear on belt size, 6 oz or so)
Meritt> unit. Haven't been able to find out if voice, IP or what.
Meritt> So far, I'm flexible. ;-)
Meritt>
Meritt> Thanks! -- James W. Meritt CISSP, CISA Booz | Allen |
Meritt> Hamilton phone: (410) 684-6566
Meritt>
Meritt>
--
John Karabaic
3545 Zumstein Ave, Cincinnati OH 45208-1309
513.321.3221
When in doubt, use brute force.
-- Ken Thompson
