Security Basics mailing list archives
Re: Securing Blackberries
From: "Jon Gucinski" <Jgucinski () midwestbank com>
Date: Mon, 23 Jan 2006 14:20:51 -0600
I'm currently working on a similar project myself, with more of a focus on PocketPC/WindowsMobile. I actually posted a similar inquiry last week, with no response as of yet. As far as the devices themselves, there's a number of ways you can secure them, albeit non-natively. Things to consider are password policy, device encryption, BT/WiFi/IrDA/SDCard restrictions, "poison pills" or remote wipe capabilities, remote PW resets and the like. From my research, Credant Technologies (www.credant.com) and TrustDigital (www.trustdigital.com) each make PDA security products that will encrypt and secure a BlackBerry. HTH, -Jon
Murad Talukdar <talukdar_m () subway com> 1/23/2006 1:27 am >>>
We are going to be rolling out Blackberries(ys?) to our mobile staff and I wanted to know if anyone knows of any white papers or advisories on securing them. We are already looking at the usual mobile device security practices we have in place but I would like something more specific for the device. We will be using the BIS service(ie no Exchange server run in-house, all mail goes via the provider's BB server.) Some would say this is inherently insecure but this is a financial reality that we have to live with. There is encryption between the device and the provider and vice versa but I'm not sure what type of encryption it will use--maybe AES or 3DES. I still have no definite answer. However, is there any native way of encrypting data on the device itself? Blackberry's site is thin for anything like this-it has plenty for the BES solution--I'm just unsure as to how different BIS will be in this respect. The provider's tech team has been a little sketchy too, they have only just begun to roll these out to customers so I'm guessing that they know as much as I do--which is not a huge amount.(I actually had to tell them that we would be able to use the BIS system when none of them knew if our pop3 server would be able to work with it.) Googling this seems to give me a lot of vague docs but nothing in the way of specifics. Kind Regards Murad Talukdar --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Securing Blackberries Murad Talukdar (Jan 23)
- Re: Securing Blackberries Jon Gucinski (Jan 24)
- Re: Securing Blackberries Shawn Badger (Jan 29)
- Re: Securing Blackberries Andre Ludwig (Jan 24)
- <Possible follow-ups>
- Re: Securing Blackberries nfanelli (Jan 24)
- RE: Securing Blackberries Murad Talukdar (Jan 24)
- Re: Securing Blackberries Jon Gucinski (Jan 24)