BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 10-12-2004, 09:46 AM   #1 (permalink)
New Member
 
Join Date: Oct 2004
Location: Dublin, Ireland
Model: 7100V
Carrier: carrier
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default BES server in a DMZ?

Please Login to Remove!

Folks,

I am setting up a BES server with Lotus Domino. Having read all the technical specifications, it states that a BES server should not be set up in a DMZ, but rather on our LAN. But there is no mention of why it shold not be set up on a DMZ.

This is causing me some concerns over security. IS there anyone who can tell me why I can't set up a DMZ for the BES server to reside in.

Thanks.

Alan.
Offline  
Old 10-12-2004, 10:02 AM   #2 (permalink)
Thumbs Must Hurt
 
emale's Avatar
 
Join Date: Sep 2004
Model: 8800
Carrier: Rogers
Posts: 156
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

You can put a BES in a DMZ but there are security risks with names.nsf being in a dmz. Lotus has information with regards to this and you may want to consider speaking with them. There really isn't any good reasons to put the BES in the DMZ because you still have to open ports (1723) etc to allow the BES to talk to the internal mail servers. Your best bet is to keep the BES on the lan and open 3101 as suggested by BlackBerry. You can review the @Stake Security Assesment at http://www.blackberry.com/knowledgec...0&vernum=0

This decribes how secure the BES is on a lan. This security assesment discourages companies from placing a BES in a DMZ as there is no benifits from doing so, only potential security risks.
Offline  
Old 10-12-2004, 10:35 AM   #3 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by emale
This security assesment discourages companies from placing a BES in a DMZ as there is no benifits from doing so, only potential security risks.


if the whole point of the BES environment, Exchange or Lotus environments, etc are for productivity and security, then you should likely lean on the latter as a definitive clue as to expose the BES (and the rest of your mail environment) to potential security risks.

with that said, if your Lotus environment is currently setup in a DMZ, then i think you should follow suit with the BES. but with that said (heh.. new fave phrase, i tell ya), you may want to go back and look at the reasons for putting a secure mail environment in an insecure zone...
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.