Re: Securing Blackberries

[Chris Barber <cmbarber () gmail com>]

Murad,

    I know that if you password protect the Blackberry you can set the
number of failed tries.  Once the limit is reached the unit wipes
itself, and removes ALL DATA.  I have work on several DOD sites where
this is a requirement.  I recommend that you try to get the budget to
purchase the Blackberry Enterprise Server so that you can manage the
devices remotely.  There is so much you can do with it, especially if
your mobile staff is large.

Chris.

On 1/23/06, Murad Talukdar <talukdar_m () subway com> wrote:
> We are going to be rolling out Blackberries(ys?) to our mobile staff and I
> wanted to know if anyone knows of any white papers or advisories on securing
> them.
>
> We are already looking at the usual mobile device security practices we have
> in place but I would like something more specific for the device.
>
> We will be using the BIS service(ie no Exchange server run in-house, all
> mail goes via the provider's BB server.) Some would say this is inherently
> insecure but this is a financial reality that we have to live with.
>
> There is encryption between the device and the provider and vice versa but
> I'm not sure what type of encryption it will use--maybe AES or 3DES. I still
> have no definite answer.
>
> However, is there any native way of encrypting data on the device itself?
>
> Blackberry's site is thin for anything like this-it has plenty for the BES
> solution--I'm just unsure as to how different BIS will be in this respect.
>
> The provider's tech team has been a little sketchy too, they have only just
> begun to roll these out to customers so I'm guessing that they know as much
> as I do--which is not a huge amount.(I actually had to tell them that we
> would be able to use the BIS system when none of them knew if our pop3
> server would be able to work with it.)
> Googling this seems to give me a lot of vague docs but nothing in the way of
> specifics.
>
> Kind Regards
> Murad Talukdar
>
>
>
>
>
>
> ---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------