Does Axim present a security risk to computer networks?

[DaLabrador]

Back on track:

A network administrator for a corporate network with many users and services has reason to be paranoid. New security holes and bugs are found every day, but availability and functionality needs to be weighed against security. A totally secure environment is a locked down environment.
Introducing an unknown into the network is a potential risk for every service and client. Introducing an unknown on a computer is less of a risk, since an updated antivirus can catch common malware, and the firewall might stop the malware from spreading (unless it's got rootkit functionality).
Trusting the users not to try to circumvent local security is a must. That's their responsibility.
So is being responsible with sensitive data.

Every network is a sensitive place, and your IT people might not want to be the first to have to clean up after a cross-platform worm. It's expensive.

In my experience corporate networks usually have antivirus software that scans any drive , card or disk connected to the laptop or desktop!

[breley]

Originally Posted by DaLabrador

Back on track: A network administrator for a corporate network with many users and services has reason to be paranoid. New security holes and bugs are found every day, but availability and functionality needs to be weighed against security. A totally secure environment is a locked down environment. Introducing an unknown into the network is a potential risk for every service and client. Introducing an unknown on a computer is less of a risk, since an updated antivirus can catch common malware, and the firewall might stop the malware from spreading (unless it's got rootkit functionality). Trusting the users not to try to circumvent local security is a must. That's their responsibility. So is being responsible with sensitive data. Every network is a sensitive place, and your IT people might not want to be the first to have to clean up after a cross-platform worm. It's expensive.

Well said, DaLabrador. I was lucky to get a few Axims on our network because 1) our VP wanted to be able to use hers at work and on the road and 2) our senior sales exec got one and wanted the same, but I shudder to think the havoc a clever or simply careless person might do with remote desktop, vnc, ping, ftp, wireless, etc., or installed malware. We're going to be examing Microsoft's WM 5 Messaging and Security Pack that promises some forced policy requirements on mobile devices, at least where Exchange Server 2003 connectivity is concerned.

[Ashton]

This is just soemthing I stumbled accross. There's a service setup to let you syncronize a WM device with an online version of outlook (probably MS Exchange) and then you can syncronize your desktop with it too. This is commonplace with Blackberries and WM Smartphones, but I dont know for sure if it will work with an Axim (since 90% of the time I dont have a WiFi connection and my BB doesn't have BT, I dont get online with my axim much except in a cybercafe while traveling)

IIRC, the service was Exchangemymail.com though it may not be the right one...

Yes, there is an option to sync to the local copy of Outlook rather than the server directly. Works well and is easier to setup.

[netsyd]

Originally Posted by ldrafter

I've recently ceased to be able to sync my x51v with my work computer. I've confirmed with IT support at work that this is the result of recent changes to the firewall implementation and other security measures aimed at reducing the risk of external forces impacting the operation of the network.

And I say good for them. While many companies are slowing catching up with the times, I think too many are still behind the curve when it comes to protecting the soft insides.

Originally Posted by ldrafter

The question that I have is whether allowing a PDA to connect and sync with my desktop computer truly increases the risk of a successful attack on the desktop and/or the network? Is this risk any greater than that which exists by allowing files stored on removable media (flash drive, optical disk, etc.) to be accessed on the computer?

The extended risk is very slight right now but the potential is there. Personally I don't see much more risk in having a PDA connected vs allowing usage of removable media... but in the wrong hands the risk is massive. 1 bad apple my friend ...

Originally Posted by ldrafter

When I spoke to IT support it did not seem like they had an informed understanding of the risk associated with PDAs and if I am to make the case that they should be allowed to connect to the computer, I need to have a better idea of what the risk is.

No offense intended here - but never under estimate what your IT staff does and doesn't know. I've met the oddest people in this business that you'd think were dumb as rocks - but get them started on something geeky and they will scare you. The problem for many of us is explaining it in terms that someone not familiar with IT will understand.

The risks are very complex, but it all depends on your position within the company, your level of access, how the network is segregated, etc etc etc... people write dissertations on this stuff. Matter of fact there's a gentleman working on his masters right now, and is planning a rewrite of Familiar to turn an iPaq into a mobile network penetration testing and evaluation device. There's also known examples of similar devices that have been modified and to run Familiar and used to exploit vulnerabilities in Windows 2000 Server.

There's one argument that IT will take with understanding every day all day. Business Need. If you want to win a round against IT to get something approved, get your manager (unless of course you are the manager) and discuss it. Prove to IT that there is a solid business need for the device and it will get allowed. For example, if you travel a lot and do sales for the company it stands to reason that you "need" the device to maintain your contacts / contract information. Business Need is the key. IT is there to enable business not prevent it.

Originally Posted by ldrafter

Secondly, if I am unable to convince the IT people that an exception should be made for devices like the x51v, is there a workaround that I could use to allow me to sync with MS Outlook calendar on my desktop? I appreciate any advice you can give me on this.

Again prove a business need and it shouldn't be a problem. They folks here gave you a couple good options for how to possibly use the legacy connection, but honestly get the device approved the right way. Nothing puts you on the shat list with IT faster than knowing you shouldn't be doing something and breaking policy by doing it anyway. Be very careful on this path ... I've worked in more than one place were you would placing your job very much at risk by attaching an un-approved device to a corporate system.

[ldrafter]

I'd like to thank all of those here who took the time to reply to my question. In particular, I'd like to thank the members who posted suggestions for alternative ways of syncing with my desktop. I hadn't realized that the firewall changes may not have affected serial/bluetooth connections and, after some trial and error, I was able to sync via bluetooth. :)

You're welcome. I used to sync with BT myself, until I got a new hub to hook the desktop stand into.

[billc.cn]

I think the it people did the right thing.
The activesync program is actually a big back door. Hackers with proper software can just connect to your computer and download your contacts, emails and almost every company secret without providing any password! (think about the network sync function, when you connect async only asks the password of the device which is surely controlled by the hacker)