Re: Securing Blackberries

["Jon Gucinski" <Jgucinski () midwestbank com>]

I'm currently working on a similar project myself, with more of a focus
on PocketPC/WindowsMobile.  I actually posted a similar inquiry last
week, with no response as of yet.

As far as the devices themselves, there's a number of ways you can
secure them, albeit non-natively.  Things to consider are password
policy, device encryption, BT/WiFi/IrDA/SDCard restrictions, "poison
pills" or remote wipe capabilities, remote PW resets and the like.  From
my research, Credant Technologies (www.credant.com) and TrustDigital
(www.trustdigital.com) each make PDA security products that will encrypt
and secure a BlackBerry.  

HTH,

-Jon

> > > Murad Talukdar <talukdar_m () subway com> 1/23/2006 1:27 am >>>
We are going to be rolling out Blackberries(ys?) to our mobile staff
and I
wanted to know if anyone knows of any white papers or advisories on
securing
them.

We are already looking at the usual mobile device security practices we
have
in place but I would like something more specific for the device.

We will be using the BIS service(ie no Exchange server run in-house,
all
mail goes via the provider's BB server.) Some would say this is
inherently
insecure but this is a financial reality that we have to live with.

There is encryption between the device and the provider and vice versa
but
I'm not sure what type of encryption it will use--maybe AES or 3DES. I
still
have no definite answer.

However, is there any native way of encrypting data on the device
itself?

Blackberry's site is thin for anything like this-it has plenty for the
BES
solution--I'm just unsure as to how different BIS will be in this
respect.

The provider's tech team has been a little sketchy too, they have only
just
begun to roll these out to customers so I'm guessing that they know as
much
as I do--which is not a huge amount.(I actually had to tell them that
we
would be able to use the BIS system when none of them knew if our pop3
server would be able to work with it.)
Googling this seems to give me a lot of vague docs but nothing in the
way of
specifics.

Kind Regards
Murad Talukdar


 



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus 
---------------------------------------------------------------------------


NOTICE: This electronic mail message and any files transmitted with 
it are intended exclusively for the individual or entity to which it 
is addressed. The message, together with any attachment, may contain 
confidential and/or privileged information. Any unauthorized review, 
use, printing, saving, copying, disclosure or distribution is 
strictly prohibited. If you have received this message in error, 
please immediately advise the sender by reply email and delete all 
copies.


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------