Security Basics mailing list archives

RE: Blackberry Security concerns

From: Jason.Burzenski () americanhm com
Date: Thu, 14 Apr 2005 23:17:08 -0400

If you review the blackberry security documentation, they advise it not be
placed in the DMZ so it is more protected from attack.  We just completed an
assessment of a blackberry enterprise server and the weak points were
identified on the exchange side and on the mobile device side.  The BES
never actually sees any data because the end-to-end encryption is between
the exchange component and the device.   

Let me know if you need any help.  I can send you some docs we used to
facilitate the assessment in the morning.  Blackberry's own security
documentation and the assessment performed by eEye were most useful. 

Jason Burzenski

-----Original Message-----
From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com] 
Sent: Thursday, April 14, 2005 4:44 PM
To: Eric McCarty; Nicholas Timperio; security-basics () securityfocus com
Subject: RE: Blackberry Security concerns

I would have to agree. We did not need to open any incoming ports on our
firewall to make the software work.

-----Original Message-----
From: Eric McCarty [mailto:eric () piteduncan com]
Sent: Thursday, April 14, 2005 12:25 PM
To: Nicholas Timperio; security-basics () securityfocus com
Subject: RE: Blackberry Security concerns


Blackberry Enterprise server initiates the connection so no additional
incoming ports need to be opened.  

-----Original Message-----
From: Nicholas Timperio [mailto:ntimperio () hitechnique com] 
Sent: Thursday, April 14, 2005 9:10 AM
To: security-basics () securityfocus com
Subject: Blackberry Security concerns

Security-Basics -

We have a client that is thinking about having Blackberry Enterprise
Server installed on their Small Business Server.  My first thought is,
since this requires punching a hole through the firewall that we do not
have an application layer proxy for, that this should exist on a
demilitarized zone.  Has anyone deployed the Blackberry Enterprise
Server in a manner that they felt was secure?  If so, what was done.

Thanks,

- Nicholas

------------------------------------------------------------------------
---
Earn your MS in Information Security ONLINE Organizations worldwide are
in need of highly qualified information security professionals.  Norwich
University is fulfilling this demand with its MS in Information Security
offered online.  Recognized by the NSA as an academically excellent
program, NU offers you the opportunity to earn your degree without
disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
------------------------------------------------------------------------
----


------------------------------------------------------------------------
---
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information
security 
professionals.  Norwich University is fulfilling this demand with its MS
in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn
your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security

professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------

Current thread:

Blackberry Security concerns Nicholas Timperio (Apr 14)
- <Possible follow-ups>
- RE: Blackberry Security concerns Nicholas Timperio (Apr 14)
- RE: Blackberry Security concerns Eric McCarty (Apr 14)
- RE: Blackberry Security concerns Beauford, Jason (Apr 14)
- RE: Blackberry Security concerns Dan Denton (Apr 14)
- Re: RE: Blackberry Security concerns pajustice (Apr 15)
- RE: Blackberry Security concerns Jason . Burzenski (Apr 15)
- RE: Blackberry Security concerns Jason . Burzenski (Apr 18)
  - Re: Blackberry Security concerns Cesar Diaz (Apr 19)