monitors inbound and outbound network traffic and applies
access control on internet traffic. The other type is packet-
filtering firewall that monitors the network traffic based on
their TCP/IP header information [25].
Examples of existing Application-level firewall are
Symantec[21]’s Norton Personal Firewall, McAfee[11]’s
Personal Firewall and Zone Lab[23]’s ZoneAlarm. Prod-
ucts of Packet-filtering firewall are Network Flight
Recorder[17]’s BackOfficer Friendly and NetworkICE[22]’s
BlackICE Defender [25].
We refer the reader to [1] for a complete comparison
between the existing products.
4
Possible Solutions
To resolve problems described in section 1 and 2, there are
some possible solutions that can be deployed in handheld
devices. The first solution is to use a desktop computer to
act as a bastion host to protect the handheld device. In the
second proposed solution, we provide a better protection
mechanism, i.e. by incorporating a personal firewall for
handheld devices.
4.1
Desktop Computers Act as Bastion Hosts
One possible solution is let a desktop computer act as a bas-
tion host. ActiveSync 3.6 provides a feature, called Pass-
Through Connection, to enable a Pocket PC 2002 device ac-
cess the Internet while the device is connected to the desk-
top PC using serial, infrared, or USB connections. When
the Pocket PC is connected to a desktop PC, people can use
Interenet Explorer to browse web sites or check emails. As
a Pocket PC handheld device can connect to the Internet
via a TCP/IP connection with the assistance of a desktop
computer, we can have the desktop PC stand between the
handheld device and the Internet. Thus, the desktop PC
can control the handheld’s inbound and outbound network
traffic based on users’ security rules. The architecture is
shown in Figure 3. However, this scenario is not perfect as
the desktop PC must be trusted. Moreover, due to its mo-
bility feature, the handheld device can be carried anywhere
and to find a trusted desktop PC would create a problem.
Pocket PC
