The different technologies today for providing IP-access over the air to handheld devices all pose some interesting questions about traditional securitywork. How to firewall? What is the physical differences of being on the "inside" versus the "outside" of the firewall? How to implement prudent securitymeasures if there is no security on the physical layer? Today, we can conclude that most base-stations used for Radio LAN:s, regardless of technology (Bluetooth or IEEE 802.11) have coverage outside the building. This means that if someone is in the parking lot, with a PC and a RadioLAN connection, one is connected to the office LAN...
The presentation suggests some architechtureal workarounds to some of these problems, namely for example to put all handheld devices on their OWN "demilitarized" network, and not on the "inside" of the firewall. Other suggestions are made on how to implement some security on the handheld devices themselves, in order to protect them from compromising the whole network, as an unsecured "endpoint" in such a network would do. The topic of personal firewalls and automated virus-scanners for handheld devices comes in at this level.
Some issues regarding implementing cryptography in different layers of the OSI-model are discussed, as is both risks and verified securityholes with current cryptographical implementations on the link-layer (such as WEP). A brief discussion on cryptographical protection and the impact on intrusion detection (the sensors can't see what happens if the traffic is encrypted) and virus-scanners (scanners can't scan encrypted mail) in included as well.
It is not in the scope of the presentation to suggest a best practice, but rather to give some information on the threats of these new echnologies, so that risk management can make their own decisions based on that.