Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securing Blackberries

from [Shawn Badger] Network Security [Permanent Link]
Subject: Re: Securing Blackberries
Date: Tue, 24 Jan 2006 11:50:41 -0700 
Novell Zen has a PDA portion for managing PDA's, including software
installs and many other options.


On Mon, 2006-01-23 at 14:20 -0600, Jon Gucinski wrote:

I'm currently working on a similar project myself, with more of a focus
on PocketPC/WindowsMobile.  I actually posted a similar inquiry last
week, with no response as of yet.

As far as the devices themselves, there's a number of ways you can
secure them, albeit non-natively.  Things to consider are password
policy, device encryption, BT/WiFi/IrDA/SDCard restrictions, "poison
pills" or remote wipe capabilities, remote PW resets and the like.  From
my research, Credant Technologies (www.credant.com) and TrustDigital
(www.trustdigital.com) each make PDA security products that will encrypt
and secure a BlackBerry.  

HTH,

-Jon


Murad Talukdar <talukdar_m@subway.com> 1/23/2006 1:27 am >>>

We are going to be rolling out Blackberries(ys?) to our mobile staff
and I
wanted to know if anyone knows of any white papers or advisories on
securing
them.

We are already looking at the usual mobile device security practices we
have
in place but I would like something more specific for the device.

We will be using the BIS service(ie no Exchange server run in-house,
all
mail goes via the provider's BB server.) Some would say this is
inherently
insecure but this is a financial reality that we have to live with.

There is encryption between the device and the provider and vice versa
but
I'm not sure what type of encryption it will use--maybe AES or 3DES. I
still
have no definite answer.

However, is there any native way of encrypting data on the device
itself?

Blackberry's site is thin for anything like this-it has plenty for the
BES
solution--I'm just unsure as to how different BIS will be in this
respect.

The provider's tech team has been a little sketchy too, they have only
just
begun to roll these out to customers so I'm guessing that they know as
much
as I do--which is not a huge amount.(I actually had to tell them that
we
would be able to use the BIS system when none of them knew if our pop3
server would be able to work with it.)
Googling this seems to give me a lot of vague docs but nothing in the
way of
specifics.

Kind Regards
Murad Talukdar


 



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus 
---------------------------------------------------------------------------


NOTICE: This electronic mail message and any files transmitted with 
it are intended exclusively for the individual or entity to which it 
is addressed. The message, together with any attachment, may contain 
confidential and/or privileged information. Any unauthorized review, 
use, printing, saving, copying, disclosure or distribution is 
strictly prohibited. If you have received this message in error, 
please immediately advise the sender by reply email and delete all 
copies.


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------





---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SSH server under attack..., Juan Hernandez
Next by Date:  RE: University Degree or CISSP, Craig Wright
Previous by Thread:  Re: Securing Blackberries, Jon Gucinski
Next by Thread:  Re: Securing Blackberries, Andre Ludwig
Indexes:  [Date] [Thread] [Top] [All Lists]