Securing the Blackberry
I have been a Blackberry user for some time now. On of the reasons that I first received a Blackberry was to start testing the security of the device. Years ago, when DoD was first rolling out PKI, secure email (S/MIME) was the killer app. Although it took some working with Microsoft and the other email vendors to get proper S/MIME support (don’t get me started about Lotus Notes though…still have nightmares on that one), we eventually got most of the kinks ironed out. The next frontier we wanted to tackle was mobile devices, and Blackberry was a logical choice. At first we started with just getting S/MIME support. RIM actually was a ahead of the ball on this one and fairly quickly released a package for their devices (granted I think it was $150-200 at first…it is now a free download).
However, the device itself had some security holes that needed to be filled. DoD has continued to test and verify the security of the Blackberry and has worked closely with RIM to release a Secure Technical Implementation Guide (STIG) for Blackberries and other devices. The STIG walks administrators through the entire Blackberry meta-system to ensure security for the BES and the device itself. A new version of the Blackberry STIG was released in Feb 2009 and applies to any enterprise using Blackberries, not just DoD.
I also ran across a GCN webcast entitled “Best Practices for Hardening your Agencys BlackBerry Wireless Platform“. I haven’t actually watched it and it is probably trying to sell something, but probably worth a quick glance (and if you do watch it and it has value please comment on this post).
Kevin Heald
Recent Comments