[oagitm] Re: Securing/Hardening of the Blackberry BES platform

• From: "Larouche, Chip" <clarouche@xxxxxxxxxxxxxxx>
• To: "sarbuckle@xxxxxxxxxxxxx" <sarbuckle@xxxxxxxxxxxxx>, "oagitm@xxxxxxxxxxxxx" <oagitm@xxxxxxxxxxxxx>
• Date: Mon, 15 Aug 2011 15:27:01 -0700

Since Blackberry does not support running in a VPN.

http://docs.blackberry.com/en/admin/deliverables/17844/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Technical_Note--1226616-0723035932-001-5.0.2-US.pdf
  (Page 3, para. 3).

Instead they want each BES component on a separate server with a router between 
each server.

Might be time to deep six blackberry and convince users to use droid or Iphone. 
 I'm not crazy about running ONE Blackberry server.  I'm not going to run three!


v/r
Chip

From: oagitm-bounce@xxxxxxxxxxxxx [mailto:oagitm-bounce@xxxxxxxxxxxxx] On 
Behalf Of Sandi Arbuckle
Sent: Monday, August 15, 2011 9:39 AM
To: oagitm@xxxxxxxxxxxxx
Subject: [oagitm] Securing/Hardening of the Blackberry BES platform


RIM has announced an image processing vulnerability (RIM KB27244) that details 
a way to compromise server security by simply sending a carefully crafted TIFF 
or PNG file to any BES user. The vulnerability is present in several versions 
of BES for Exchange and RIM has issued patches. Successful exploitation of 
these vulnerabilities may allow an attacker to gain access to and execute code 
on the BES server at the privilege-level of the BES service account.  What 
steps have other counties already taken or plan to take to isolate BES servers 
on their networks to limit the scope of this and future threats? RIM suggests 
BES could be placed on an isolated DMZ segment to limit the scope of successful 
attacks in addition to applying the security patch that replaces the affected 
image-processing DLL.

Feedback from other counties on their view of this issue and solutions under 
consideration would be helpful.

Links to related information:
https://threatpost.com/en_us/blogs/severe-remote-flaw-fixed-blackberry-enterprise-server-081211
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244
http://docs.blackberry.com/en/admin/deliverables/25734/BlackBerry_Enterprise_Server-Security_Note--1395142-0307061517-001-5.0.3-US.pdf

Thanks,

Sandi Arbuckle
Information Technology Director
Coos County Courthouse
(541)756.8618
(541)404.5319 (c)
sarbuckle@xxxxxxxxxxxxx

"To give anything less than your best, is to sacrifice the gift."  - Steve 
Prefontaine


________________________________
PUBLIC RECORDS LAW DISCLOSURE
This e-mail is a public record of the City of Lake Oswego and is subject to 
public disclosure unless exempt from disclosure under Oregon Public Records 
Law. This email is subject to the State Retention Schedule.

• References:
  • [oagitm] Securing/Hardening of the Blackberry BES platform
    • From: Sandi Arbuckle

Other related posts:

• » [oagitm] Securing/Hardening of the Blackberry BES platform- Sandi Arbuckle
• » [oagitm] Re: Securing/Hardening of the Blackberry BES platform - Larouche, Chip
• » [oagitm] Re: Securing/Hardening of the Blackberry BES platform- Palacios Dan A

1. Home
2. oagitm
3. Archive
4. 08-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---