Since Blackberry does not support running in a VPN. http://docs.blackberry.com/en/admin/deliverables/17844/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Technical_Note--1226616-0723035932-001-5.0.2-US.pdf (Page 3, para. 3). Instead they want each BES component on a separate server with a router between each server. Might be time to deep six blackberry and convince users to use droid or Iphone. I'm not crazy about running ONE Blackberry server. I'm not going to run three! v/r Chip From: oagitm-bounce@xxxxxxxxxxxxx [mailto:oagitm-bounce@xxxxxxxxxxxxx] On Behalf Of Sandi Arbuckle Sent: Monday, August 15, 2011 9:39 AM To: oagitm@xxxxxxxxxxxxx Subject: [oagitm] Securing/Hardening of the Blackberry BES platform RIM has announced an image processing vulnerability (RIM KB27244) that details a way to compromise server security by simply sending a carefully crafted TIFF or PNG file to any BES user. The vulnerability is present in several versions of BES for Exchange and RIM has issued patches. Successful exploitation of these vulnerabilities may allow an attacker to gain access to and execute code on the BES server at the privilege-level of the BES service account. What steps have other counties already taken or plan to take to isolate BES servers on their networks to limit the scope of this and future threats? RIM suggests BES could be placed on an isolated DMZ segment to limit the scope of successful attacks in addition to applying the security patch that replaces the affected image-processing DLL. Feedback from other counties on their view of this issue and solutions under consideration would be helpful. Links to related information: https://threatpost.com/en_us/blogs/severe-remote-flaw-fixed-blackberry-enterprise-server-081211 http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244 http://docs.blackberry.com/en/admin/deliverables/25734/BlackBerry_Enterprise_Server-Security_Note--1395142-0307061517-001-5.0.3-US.pdf Thanks, Sandi Arbuckle Information Technology Director Coos County Courthouse (541)756.8618 (541)404.5319 (c) sarbuckle@xxxxxxxxxxxxx "To give anything less than your best, is to sacrifice the gift." - Steve Prefontaine ________________________________ PUBLIC RECORDS LAW DISCLOSURE This e-mail is a public record of the City of Lake Oswego and is subject to public disclosure unless exempt from disclosure under Oregon Public Records Law. This email is subject to the State Retention Schedule.