Re: Mobile wireless users

[Ashish Popli <apopli () gmail com>]

> Traffic to/from those devices at a non-secure location is susceptible 
> to capture and analysis by unknown parties.
Agree, this is going to be a problem, say, if passwords are being sent 
in plaintext, but any security aware organization will not use a service 
that uses plain text passwords. So what is the mobile device trying to 
access in this case?

> What about the times they use organization resources that are exposed 
> to the general public and enter private credentials to gain access to 
> those resources?
This somehow does not make sense to me, why would anyone need private 
credentials to access public information? Please correct me if I am 
wrong or missing something.

In general, If there is a sensitive or private resource, it should not 
be sitting outside your firewall(ed)/vpn(ed) network and should not be 
using plain text passwords.

Cheers,
Ashish Popli

ttate () ctscorp com wrote:

 I understand that a firewall on the mobile device prevents accessing 
resources *on* that device. I also understand that a vpn will encrypt 
traffic to/from that device and an organization's private network. But 
what about those times when the user doesn't turn on the VPN? What about 
the times they use organization resources that are exposed to the 
general public and enter private credentials to gain access to those 
resources? How do you help your wireless users be paranoid about what 
they are accessing when using wireless access? How do you prepare them 
to handle vari
>  ous activities that they may want or need to perform using those wireless devices? 
> I appreciate your comments on this issue and hope it will answer some significant questions that my organization has about allowing users to use mobile wireless devices outside of our facilities.
> Troy Tate
> Corporate Network Manager
> CTS Corp.
> 574-293-7511 x397
> 574-294-5718 fax