BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 04-25-2008, 06:41 PM   #41 (permalink)
Retired BBF Moderator
 
Sith_Apprentice's Avatar
 
Join Date: Aug 2005
Model: 9000
OS: 4.6.0.xxx
Carrier: AT&T
Posts: 10,149
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Please Login to Remove!

And suspending service doesnt mean crap on a GSM device. All they have to do is unlock it, pop a new SIM in and they can use it all they want.
Offline  
Old 04-25-2008, 06:42 PM   #42 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,667
Post Thanks: 1
Thanked 84 Times in 65 Posts
Default

In the end, all that is lost is the device if there was a password on it. Just depends on how sensitive the data is.
Offline  
Old 04-28-2008, 10:05 AM   #43 (permalink)
Talking BlackBerry Encyclopedia
 
AlanM's Avatar
 
Join Date: May 2005
Location: Huntsville, AL
Model: 9930
Carrier: Verizon
Posts: 335
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

Darth, you can bank on the fact that enabling passwords on your devices will increase your BB calls. (if I had a dollar for every password reset request we got a day....) It's a worthwhile price to pay for a little security. We get some complaints, but hey, that's security for you. Our policy is to allow 5 attempts not the default 10 and the device locks every 15 minutes whether you are using it or not. (can't even count the number of times I get a user that can't enter their password correctly, only to find that the BB is requesting them to type "blackberry" first). I wish we got notified as soon as 12 hours after someone losing their BB. Sometimes a user will wait a week to let us know. By that time the BBs battery may have run down. (contemplating suggesting that we add wipe on battery drain option).

All in all the password is your friend on the BB. (as is JL_CMDR).
__________________
AlanM
Exchange\Blackberry Admin
4 - BES Servers (5.0.3),
~1500 BB Users, and a headache.
War Eagle!!
Offline  
Old 04-28-2008, 01:17 PM   #44 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

Quote:
Originally Posted by DarthBBerry View Post
Not wanting to put them down... but most of my users arent smart enough to figure that out. If it's not in the box, then it doesnt exist for them.
Never underestimate users. They sometimes know more than they let on!
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 04-28-2008, 01:23 PM   #45 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

It's not just data on BBs that need consideration for protection. If you are running enterprise collaboration services (sametime, office messenger or whatever it is called) and/or MDS then the person who stole/found the BB has 2 routes into your network. Last thing you need is someone playing with what data they can get in/out via the BB.

The other major problem for me is identity theft - if someone steals the CEOs BB, the last thing I need is them sending an email to his PA saying "could you fax the next quarter results network to an analyst at +1 303 xxx" etc - in 12 hours you can lose shed loads of data, and it doesn't have to be on the BB - how many people/PAs/other managers would actually query an email from the CEO?

So I lock after a period of inactivity. I also lock after a period of continuous use - if someone deliberately steals the CEOs BB, last thing I need is them keeping it alive for ages by key presses. I can't trust my users to IMMEDIATELY notice someone lifting their device from them in an airport - also, minus the BB, how do they call me if there is no phone nearby? It's all just too risky.
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 04-28-2008, 01:43 PM   #46 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by penguin3107 View Post
You should really consider enforcing password use on your devices, and set the timeout to a short duration.
It's your responsibility as a BES Administrator.
Actually, it's my responsibility to implement/enforce corporate policy. I can suggest the need for passwords, but if the idea is rejected by those in a higher pay grade, there's nothing I can do.
Offline  
Old 04-28-2008, 02:09 PM   #47 (permalink)
Talking BlackBerry Encyclopedia
 
wunderbar's Avatar
 
Join Date: Jun 2007
Location: Edmonton AB, Canada
Model: 9630
Carrier: Telus
Posts: 300
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by CanuckBB View Post
Actually, it's my responsibility to implement/enforce corporate policy. I can suggest the need for passwords, but if the idea is rejected by those in a higher pay grade, there's nothing I can do.
This.

While I am the administrator, I cannot go above corporate policy, and I cannot just on a whim put a policy in that would affect users without approval. When I first got put into the BB admin role, we did not enforce passwords on our BB's. It took 7 months, but between myself and my IT manager we were able to convince the management team that we need a policy in place to protect the data on the the blackberries. We even had to make some compromises, there is no lock after constant use, but it does lock after 10 minutes of non use.
Offline  
Old 04-28-2008, 02:40 PM   #48 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

Sounds like I got lucky. When we first started rolling them out and only had 20, I told my manager we needed to have an IT Policy with a password. He said ok, and off I went. At that time, it was all executive management that had the devices (including the company owner) and not once did they complain about the passwords.

I now use that to my advantage when people complain - if the owner of the company doesn't complain, why should they?
__________________
No longer a BES Admin, but it was fun while it lasted!

Last edited by juwaack68 : 04-28-2008 at 02:51 PM.
Offline  
Old 04-28-2008, 02:49 PM   #49 (permalink)
BBF Moderator
 
John Clark's Avatar
 
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,667
Post Thanks: 1
Thanked 84 Times in 65 Posts
Default

having the device lock while I'm using it would be quite annoying, though.
Offline  
Old 04-28-2008, 03:12 PM   #50 (permalink)
Talking BlackBerry Encyclopedia
 
wunderbar's Avatar
 
Join Date: Jun 2007
Location: Edmonton AB, Canada
Model: 9630
Carrier: Telus
Posts: 300
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by juwaack68 View Post
Sounds like I got lucky. When we first started rolling them out and only had 20, I told my manager we needed to have an IT Policy with a password. He said ok, and off I went. At that time, it was all executive management that had the devices (including the company owner) and not once did they complain about the passwords.

I now use that to my advantage when people complain - if the owner of the company doesn't complain, why should they?
Ya, I use that argument now myself. Our company president, after about a day of the policy going in place, decided that that policy was a really good idea, and couldn't' believe that they said no before. It really wasn't as obtrusive as he thought it would be, and he decided it was probably the best idea I could have come up with.

I now tell anyone who complains about it to go talk to the president about it if they don't like it
Offline  
Old 04-30-2008, 12:54 PM   #51 (permalink)
New Member
 
Join Date: Apr 2008
Model: 8830
PIN: N/A
Carrier: Verizon
Posts: 5
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

When the device is entered incorrect password more than 10x, it will be wiped out. All data on the device will be lost and the user will have to enter a new device password after the wipe process is complete.

Can a BES Admin recover the device password to avoid the wipe out? Yes. with BES 4.1.5, you can issue a new device password and the user won't be prompted to enter the old password (which he/she already forgot). This will work even the Content Protection is enabled in the IT policy.

Hope this helps.
Offline  
Old 04-30-2008, 02:19 PM   #52 (permalink)
Talking BlackBerry Encyclopedia
 
TreeDude's Avatar
 
Join Date: Apr 2008
Location: Western NY, USA
Model: iPn4S
OS: iOS 7.0.1
PIN: 76E5A626
Carrier: Verizon
Posts: 243
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hmm... You guys are making me think I should bring this up to my manager. We currently have no password policy. But then again, up until just a few months ago we were on BES 2.2. I am not even sure that was doable on that. Since I replaced the guy who was admin of the last BES (he did not set it up though, so he didn't know much) I got the great task of upgrading and managing it (with no experience mind you).

But things are great now and I am learning more and more. I set a basic policy on my own berry. Seems ok. Considering 17 of my users are executives, I think maybe passwords are a good idea.
__________________
Technical Engineer III

BES was decommissioned. Currently using iPhones with Lotus Notes Traveler 9.0.
Offline  
Old 05-01-2008, 04:27 AM   #53 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

Quote:
Originally Posted by Gray_Berry View Post
When the device is entered incorrect password more than 10x, it will be wiped out.
Small point, but this number is not always 10. It is whatever is in the policy - and half that value if duress notifications are enabled.
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 05-01-2008, 05:08 AM   #54 (permalink)
Thumbs Must Hurt
 
kerry6's Avatar
 
Join Date: May 2005
Location: US
Model: 9860
Carrier: AT&T
Posts: 72
Post Thanks: 0
Thanked 1 Time in 1 Post
Red face

Quote:
Originally Posted by wunderbar View Post
This.

While I am the administrator, I cannot go above corporate policy, and I cannot just on a whim put a policy in that would affect users without approval. When I first got put into the BB admin role, we did not enforce passwords on our BB's. It took 7 months, but between myself and my IT manager we were able to convince the management team that we need a policy in place to protect the data on the the blackberries. We even had to make some compromises, there is no lock after constant use, but it does lock after 10 minutes of non use.
We have a password policy that matches our IS Security Policy. But set to wipe after 7 incorrect attempts. this works good for me, but you will allways have those NEW users, that will question the password policy when they first receive their devices, and try to make a stink. when you send them to corporate security to justify their wanted change they mostly have second thoughts. better to work the policy out when planning the environment, before deploying your first device.

Last edited by kerry6 : 05-01-2008 at 05:09 AM.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.