Security Basics mailing list archives
RE: Blackberry Security concerns
From: Jason.Burzenski () americanhm com
Date: Thu, 14 Apr 2005 23:17:08 -0400
If you review the blackberry security documentation, they advise it not be placed in the DMZ so it is more protected from attack. We just completed an assessment of a blackberry enterprise server and the weak points were identified on the exchange side and on the mobile device side. The BES never actually sees any data because the end-to-end encryption is between the exchange component and the device. Let me know if you need any help. I can send you some docs we used to facilitate the assessment in the morning. Blackberry's own security documentation and the assessment performed by eEye were most useful. Jason Burzenski -----Original Message----- From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com] Sent: Thursday, April 14, 2005 4:44 PM To: Eric McCarty; Nicholas Timperio; security-basics () securityfocus com Subject: RE: Blackberry Security concerns I would have to agree. We did not need to open any incoming ports on our firewall to make the software work. -----Original Message----- From: Eric McCarty [mailto:eric () piteduncan com] Sent: Thursday, April 14, 2005 12:25 PM To: Nicholas Timperio; security-basics () securityfocus com Subject: RE: Blackberry Security concerns Blackberry Enterprise server initiates the connection so no additional incoming ports need to be opened. -----Original Message----- From: Nicholas Timperio [mailto:ntimperio () hitechnique com] Sent: Thursday, April 14, 2005 9:10 AM To: security-basics () securityfocus com Subject: Blackberry Security concerns Security-Basics - We have a client that is thinking about having Blackberry Enterprise Server installed on their Small Business Server. My first thought is, since this requires punching a hole through the firewall that we do not have an application layer proxy for, that this should exist on a demilitarized zone. Has anyone deployed the Blackberry Enterprise Server in a manner that they felt was secure? If so, what was done. Thanks, - Nicholas ------------------------------------------------------------------------ --- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- Blackberry Security concerns Nicholas Timperio (Apr 14)
- <Possible follow-ups>
- RE: Blackberry Security concerns Nicholas Timperio (Apr 14)
- RE: Blackberry Security concerns Eric McCarty (Apr 14)
- RE: Blackberry Security concerns Beauford, Jason (Apr 14)
- RE: Blackberry Security concerns Dan Denton (Apr 14)
- Re: RE: Blackberry Security concerns pajustice (Apr 15)
- RE: Blackberry Security concerns Jason . Burzenski (Apr 15)
- RE: Blackberry Security concerns Jason . Burzenski (Apr 18)
- Re: Blackberry Security concerns Cesar Diaz (Apr 19)