RE: Corporate E-Mail on Personal Devices

["alexander.bolante" <alexander.bolante () yahoo com>]

That's true.  In fact, in addition to Blackberry Enterprise servers/mobile devices, most organizations that are already 
AD/Exchange shops typically implement a "mobile device" group/security policy -- all users would effectively be 
required to download that security policy configuration onto their mobile device the first time (one time push) they 
configure mobile email (e.g. Outlook Email) and connect (e.g. via ActiveSync) to a corporate mail server (e.g. 
Exchange).  It literally changes the security configs of your mobile device.

Based on the configured security policy (e.g. PIN required, auto-lock device after 2 min idle, hard reset phone memory 
upon 5 failed password attempts), it can wipe all corporate data on that phone (Caveat: corporate data managed by 
security policy).

And as you can imagine, the functional design is the same across Windows Mobile phone and iPhones supporting Outlook 
w/ActiveSync.

Cheers,
Alex

Sent from my Windows® phone

-----Original Message-----
From: olufemimogaji () gmail com
Sent: Thursday, January 27, 2011 9:52 AM
To: černý klobouk <cerny.klobouk () gmail com>; listbounce () securityfocus com; security-basics () securityfocus com
Subject: Re: Corporate E-Mail on Personal Devices

Hey cerny,

Blackberries can be configured to be wiped, but you'll have to make sure users lock their phones, both manually and 
after a timeout. The wipe happens after a wrong password is entered a certain amount of times. I think iPhones also 
have this capability. It all boils down to the mobile device being used. Security policy should have it that only users 
of mobile devices with acceptable security capabilities can access corporate info remotely.

Hope that helped a bit.

Regards,

Femi M.
IT/Information Security,
BCNL, Nigeria.

Sent from my BlackBerry wireless device from MTN

-----Original Message-----
From: černý klobouk <cerny.klobouk () gmail com>
Sender: listbounce () securityfocus com
Date: Thu, 27 Jan 2011 10:26:01 
To: <security-basics () securityfocus com>
Subject: Corporate E-Mail on Personal Devices

I've recently bee charged with customizing a policy to enable personal
devices(Cell Phones) to access corporate e-mail.

Given the fact that there is likely to be a degree of information that
I wouldn't want people to walk away with/ able to access in the event
that the device is stolen; I'm looking into 3rd party apps to be able
to wipe the device\ remove the corporate information.

Any ideas?

Jeremy

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at 

[The entire original message is not included]

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------