Blackberry Enterprise Server is a service hosted internally or externally to allow people to receive emails through their Blackberry enabled handhelds. This is a similar function to MS Push Mail service.
In Windows Mobile, Exchange users are requested to key in a password before they can connect to their mailboxes and read stuff. In Blackberry for Exchange and Notes they don’t have to.
This is why (for Exchange, im not sure of Notes tho, this applies to BES, not BIS bcs BIS needs passwords to logon to POP/IMAP accounts)
- Blackberry already uses a service which has read only mailbox access across the entire mailbox which this service has permission to
- This gives BB configuration person unauthenticated full access to a person’s mailbox by simply associating the BB unit to a mailbox.
- Configuration people can also re-associate mailboxes to other BB devices therefore giving them access to the mailboxes they wish to view.
This leads us to two primary things to consider:
- The security on the BES (Blackberry Enterprise Server)
- The Blackberry device itself (both during configuration and after)
Organizations should be aware of this powerful access and should control the way BB devices are distributed and BB servers are configured.
Here’s my view on a possible way to mitigate and control this “issue”
For item 1 – Security on the BES
- The access level on BES servers should be well defined, i.e. read only access vs. full access
- The username and password used to access the BES server should be controlled at least by two people (i.e. two or more people should have parts of the password for example)
- Any logon attempt to the BES server should immediately be logged (enable full logging in any which way possible
For item 2 – Security on the handheld
- When provisioning the device, have someone else (a neutral party) physically seeing the operations of the person configuring
- If anyone gets “disconnected” or “unconfigured” on their BB devices to their Exchange/Notes, let them notify someone immediately, perform investigation afterwards and do a remote wipe if someone else is configured to use the mailbox on their handhelds apart from the original owner of that mailbox