[Dshield] Thoughts on Blackberry Security?

Ian Cottrell ian.cottrell at rogers.com
Thu Oct 7 04:34:51 GMT 2004

> It seems the latest trend is for everyone to buy a blackberry and use it for
> accessing corporate email.  I'm researching the security of such devices.
> >From what I read on the net, RIM uses a blackberry enterprise server
> (required) to encrypt corporate email through the firewall, where's it
> decrypted on the local device.  So far so good.  But is it really end-to-end
> encrypted?  

Yup, with the Enterprise Server, encryption is end-to-end.  BES also allows 
you to set 'global' policies (my BB MUST have a password and 'closes' after 
10 min of inactivity - I can change the pw, but cannot lengthen the timeout 
although I can shorten it).  Also, stolen BB's can be 'cleared' via the BES 
console.  We've never had to use this, but I believe that it wipes the BB 
memory clean when someone 'opens' it.

Currently running BES 3.x (think it's 3.4, but don't quote me) which allows 
wireless synching of messages and calendar (we use Exchange 2000).  Also 
allows me to accept or decline meeting invites wirelessly.  I hardly ever 
'cradle' the thing anymore.  We should be moving to ver 4.0 soon, which will 
also synch memos and to-do lists wirelessly.  It will also allow you to 
'tentatively' accept a meeting invite.

All-in-all, it's pretty neat.  But you must use the 'enterprise' model BB, 
not the 'Internet' version.  We vigorously discourage the use of 'pin-to-pin' 
communications between users, since this bypasses BES and is sent clear text. 
 However, pin-to-pin will be very useful to us in the event of a disaster or 
when some of my techs are trying to figure out why the BES suddenly quite 
working! (something that it very rarely does).

Most this should be available on RIM web site (and probably more).  As usual, 
I am not an employee of RIM, etc., etc.
Ian Cottrell                            e-mail: ian.cottrell at justice.gc.ca 
Manager, Engineering	        office: (613) 941-5233
Department of Justice            
Ottawa, ON, Canada

More information about the list mailing list