RE: Securing Blackberries

[Murad Talukdar <talukdar_m () subway com>]

Thanks Mike--I have been following the whole thing with interest--luckily we
live in Australia so the patent laws do not apply here--even though there is
the Free Trade Agreement going through parliament at the moment which could
see patents(for drugs at least) having weight here even though they were
created under the US Patent acts.

I have been assured that this won't affect RIM's use of the tech out
here(whether I feel assured is a different matter). Not only that, I flagged
this with management/directors etc and they didn't seem to really care. If
the money gets spent and the Patents apply here and they have to ditch
them--hey, I did make some noise <<shrug>>. Obviously I can't see that
happening here for at least three- four years.

Regards
Murad Talukdar

-----Original Message-----
From: Murray, Mike [mailto:MMurray () csuchico edu] 
Sent: Tuesday, January 24, 2006 9:59 AM
To: Murad Talukdar
Subject: RE: Securing Blackberries

You may want to read this before spending money on a bunch of
Blackberries...

http://news.yahoo.com/s/ap/20060123/ap_on_hi_te/scotus_blackberry_battle
_6 

-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m () subway com] 
Sent: Sunday, January 22, 2006 11:27 PM
To: security-basics () securityfocus com
Subject: Securing Blackberries

We are going to be rolling out Blackberries(ys?) to our mobile staff and
I
wanted to know if anyone knows of any white papers or advisories on
securing
them.

We are already looking at the usual mobile device security practices we
have
in place but I would like something more specific for the device.

We will be using the BIS service(ie no Exchange server run in-house, all
mail goes via the provider's BB server.) Some would say this is
inherently
insecure but this is a financial reality that we have to live with.

There is encryption between the device and the provider and vice versa
but
I'm not sure what type of encryption it will use--maybe AES or 3DES. I
still
have no definite answer.

However, is there any native way of encrypting data on the device
itself?

Blackberry's site is thin for anything like this-it has plenty for the
BES
solution--I'm just unsure as to how different BIS will be in this
respect.

The provider's tech team has been a little sketchy too, they have only
just
begun to roll these out to customers so I'm guessing that they know as
much
as I do--which is not a huge amount.(I actually had to tell them that we
would be able to use the BIS system when none of them knew if our pop3
server would be able to work with it.)
Googling this seems to give me a lot of vague docs but nothing in the
way of
specifics.

Kind Regards
Murad Talukdar


 



------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---





---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------