Home page logo

basics logo Security Basics mailing list archives

Securing Blackberries
From: Murad Talukdar <talukdar_m () subway com>
Date: Mon, 23 Jan 2006 17:27:02 +1000

We are going to be rolling out Blackberries(ys?) to our mobile staff and I
wanted to know if anyone knows of any white papers or advisories on securing

We are already looking at the usual mobile device security practices we have
in place but I would like something more specific for the device.

We will be using the BIS service(ie no Exchange server run in-house, all
mail goes via the provider's BB server.) Some would say this is inherently
insecure but this is a financial reality that we have to live with.

There is encryption between the device and the provider and vice versa but
I'm not sure what type of encryption it will use--maybe AES or 3DES. I still
have no definite answer.

However, is there any native way of encrypting data on the device itself?

Blackberry's site is thin for anything like this-it has plenty for the BES
solution--I'm just unsure as to how different BIS will be in this respect.

The provider's tech team has been a little sketchy too, they have only just
begun to roll these out to customers so I'm guessing that they know as much
as I do--which is not a huge amount.(I actually had to tell them that we
would be able to use the BIS system when none of them knew if our pop3
server would be able to work with it.)
Googling this seems to give me a lot of vague docs but nothing in the way of

Kind Regards
Murad Talukdar


The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]