BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-12-2008, 08:33 AM   #1 (permalink)
New Member
 
Join Date: Feb 2008
Model: 8130
PIN: N/A
Carrier: Verizon
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default The Worse That Could Happen?

Please Login to Remove!

Hi all,

I'm managing a small BES environment (15 users) and my boss is getting many complaints form users about the password lock. I have it set now at 30 minutes and I have suggested to my boss that it not be extended.

The biggest complaint is about access to the device for making calls. Given that I don't believe access to phone features is a major concern I have already allowed calls without unlocking the phone. For users this just means having to push one extra button to get to phone features but still some are complaining about that.

I need to know what is the worse that can happen if some unscrupulous person were to steal or find one of our blackberries?

Another concern we have is the Navigator software on each device and I will admit is it a pain when you are driving and using the software and the bb keeps locking and you can no longer see the screen. Is there a way to prevent the phone form locking while running certain applications like Navigator?

Thanks

Brian

Last edited by 82whiskey : 08-12-2008 at 12:29 PM.
Offline  
Old 08-12-2008, 09:08 AM   #2 (permalink)
Thumbs Must Hurt
 
Join Date: Mar 2005
Model: Torch
Carrier: ATT
Posts: 179
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Worse that can happen? Someone accesses some data that allows them to sue your company and it folds. Bet your end users don't like to enter a password on their laptops either, why not disable them too?

Here's a KB article about preventing the password timeout from locking while Telenav is running:

Livelink - Redirection
Offline  
Old 08-12-2008, 09:18 AM   #3 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

Some interesting threads:

How many of you actually implement security on your corporate Blackberries?

Content Protection

Enable Content Protection through policy
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 08-12-2008, 09:23 AM   #4 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

Also have a look at Password Lock Time

There are differing views about lots of aspects of BES/BB security, particularly things like content protection. However, for the majority of BES Admins, device passwords are non negotiable. Apart from the data on the device, you have routes through the LAN depending on how MDS is configured. You also have the risk of identity theft, whoever steals the BB pretending to be the CEO and sending emails that will mess up the company (for example)
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 08-12-2008, 12:17 PM   #5 (permalink)
New Member
 
Join Date: Feb 2008
Model: 8130
PIN: N/A
Carrier: Verizon
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Mark, Thanks for the link but I'm not understanding something. Here is what I clipped from the page:

In BlackBerry Device Software 4.3, for the Backlight.enable method or the EventInjector method to prevent the Lock screen from being shown, the following criteria must be met:

For BlackBerry device users that have an account on the BlackBerry® Enterprise Server, an IT policy called SecurityPolicy.ALLOW_RESET_IDLE_TIMER must be set to true. By default this IT policy is set to false. No action is required for BlackBerry device users that have a BlackBerry® Internet Service account and who are not on a BlackBerry Enterprise Server.
For both BlackBerry Enterprise Server and BlackBerry Internet Service users, the Security Timer Reset application control must be set to Allow. By default, this control is set to Deny. BlackBerry device users may change this setting on their BlackBerry devices using one of the following methods:
Go to Options > Advanced Options > Applications, and select Edit Permissions from the menu.
Go to Options > Security Options > Application Permissions , and select Edit Permissions from the menu.
Regardless of whether the above criteria have been met, the Backlight.enable and EventInjector methods will continue to perform their primary function of enabling the backlight and injecting keyboard and trackball/trackwheel events. No exceptions will be thrown if these criteria are not met; the BlackBerry device will simply display the Lock screen after the security timeout value has been reached.


When I go to the menu locations above on my Blackberry I find Navigator in the applications lsit but I'm not sure what I'm supposed to do or see once I get to Applications and Edit Permissions???

Brian

Last edited by 82whiskey : 08-12-2008 at 12:32 PM.
Offline  
Old 08-12-2008, 12:27 PM   #6 (permalink)
BlackBerry Extraordinaire
 
Frank Castle's Avatar
 
Join Date: Jul 2005
Location: MA
Model: 9930
PIN: PM Me!
Carrier: VZW
Posts: 1,073
Post Thanks: 0
Thanked 4 Times in 3 Posts
Default

I'd just put it at the max and be done with it (1 hour) .. then they have nothing to complain about.

Haven't heard of a way to stop the auto lock .. that would be interesting but would have battery life implications.
Offline  
Old 08-12-2008, 12:58 PM   #7 (permalink)
Talking BlackBerry Encyclopedia
 
wunderbar's Avatar
 
Join Date: Jun 2007
Location: Edmonton AB, Canada
Model: 9630
Carrier: Telus
Posts: 300
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

we see these kinds of threads in here probably once every couple of months. the advice is always the same. When you are talking about company data that could potentially be worth thousands, millions, or even billions of dollars, you NEED to ensure that that data is protected.

We instituted a password policy on our blackberries on my recommendation after a lunch meeting with our company president. He got up to go to the bathroom, left his Blackberry on the table. I took it and put in my pocket. When he came back he started freaking out becuase the last email he had looked at had an excel attachment with the entire company financial structure. When I gave him the device back and explained to him that a simple 4 digit password could prevent that from happening, the policy went into effect that afternoon.

I wouldn't recommend trying that paticular scare tactic though. We're a really close knit company, almost like an (admittedly dysfunctional) family. I didn't get into trouble for that stunt, actually got praise for opening his eyes. If I was working anywhere else I would have been in huge trouble for pulling a stunt like that.
__________________
Blackberry Admin
BES 5.0.2 MR4
Exchange 2010 SP1 RU2
Blackberry 9630
WES 2008 Alumni
Offline  
Old 08-12-2008, 01:26 PM   #8 (permalink)
BlackBerry Extraordinaire
 
Frank Castle's Avatar
 
Join Date: Jul 2005
Location: MA
Model: 9930
PIN: PM Me!
Carrier: VZW
Posts: 1,073
Post Thanks: 0
Thanked 4 Times in 3 Posts
Default

That's pretty funny.
Offline  
Old 08-12-2008, 01:52 PM   #9 (permalink)
Thumbs Must Hurt
 
Join Date: Mar 2005
Model: Torch
Carrier: ATT
Posts: 179
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Brian - Once you click Edit Permissions, you need to make sure the Security Timer Reset is set to Allow.
It's important to note that after you change this setting, if you were to have Navigator running and lost the device, the security timer will not start until you exit Navigator. That could give someone with malicious intentions a 30 minute window (as your IT Policy is set) to access your company data.
Ideally, when you exited Navigator, the device would be locked.
Offline  
Old 08-12-2008, 02:04 PM   #10 (permalink)
New Member
 
Join Date: Feb 2008
Model: 8130
PIN: N/A
Carrier: Verizon
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm unable to find this in our IT policy:

ALLOW_RESET_IDLE_TIMER IT policy

Is it not available in 4.1.2?

Thanks
Brian
Offline  
Old 08-12-2008, 02:31 PM   #11 (permalink)
Thumbs Must Hurt
 
Join Date: Mar 2005
Model: Torch
Carrier: ATT
Posts: 179
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Brian - That I don't know. We have 4.1.4 and it's in the Security Policy Group, near the bottom

cheers
Offline  
Old 08-12-2008, 03:05 PM   #12 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Passp
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,757
Post Thanks: 274
Thanked 296 Times in 280 Posts
Default

Quote:
Originally Posted by wunderbar View Post
We instituted a password policy on our blackberries on my recommendation after a lunch meeting with our company president. He got up to go to the bathroom, left his Blackberry on the table. I took it and put in my pocket. When he came back he started freaking out becuase the last email he had looked at had an excel attachment with the entire company financial structure. When I gave him the device back and explained to him that a simple 4 digit password could prevent that from happening, the policy went into effect that afternoon.

.
That is awsome,
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Passport, Z30, Z10 and Q10
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.