BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 12-15-2008, 02:59 PM   #1 (permalink)
New Member
 
Join Date: Mar 2006
Model: 9000
Carrier: Orange UK
Posts: 11
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Anyone got a good prepared argument AGAINST content protection?

Please Login to Remove!

The company i work for has decided that in light of recent stories in the UK press about data going missing they want ALL external media encrypted. this meant a mass rollout of PGP desktop to the laptop users, and the banning of non-encrypted mobile data storage (ie USB sticks)

someone thought it would be a good idea to include the blackberrys...

...whilst those of us with any sort of knowledge on the subject know that this is pretty much a POINTLESS idea (no we don't work for the Military) someone in a management position decided it was to be rolled out and enforced on all our devices. (the same guy who came up great ideas like "let's move all our servers to linux to save money")

i put together a brief argument against this policy a while ago which appeared to be ignored without even being read, so now it's been a few months i'm looking for a well put together argument against content protection, can anyone help me? presumably somoene somewhere has written up sometihng detialed on the subject as i'm sure ours isnt the first company to toy with the idea.
Offline  
Old 12-15-2008, 03:11 PM   #2 (permalink)
No longer Registered.
 
Join Date: Jun 2007
Model: 9530
OS: 4.7.0.XXX
PIN: G Pong Champ
Carrier: T-Mobile U.S.
Posts: 5,515
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Jim Galbally View Post
...whilst those of us with any sort of knowledge on the subject know that this is pretty much a POINTLESS idea
I guess I have no knowledge then. I see protecting data as vital. Even an address book.
Offline  
Old 12-15-2008, 03:27 PM   #3 (permalink)
iPhone Mod!
 
zerog46's Avatar
 
Join Date: May 2007
Location: In a House
Model: 9650
Carrier: VZW Bold
Posts: 6,753
Post Thanks: 18
Thanked 6 Times in 6 Posts
Default

Same here I even have my personnel BB Protected.
__________________
Life is not holding a good hand. Life is playing a poor hand well.
Offline  
Old 12-15-2008, 08:13 PM   #4 (permalink)
Knows Where the Search Button Is
 
Join Date: Dec 2007
Model: 9630
PIN: N/A
Carrier: Sprint
Posts: 44
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

what do you see as a down side to having it?
We run it on all of ours, and well, the only down side we see is one hour wipe if they forget the Password. on the plus side they learn there passwords better.
Offline  
Old 12-16-2008, 01:19 AM   #5 (permalink)
Knows Where the Search Button Is
 
Neo3000's Avatar
 
Join Date: Jul 2008
Model: 9000
PIN: N/A
Carrier: TMO
Posts: 32
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

We are on introducing content protection, mainly because of corporate IT security requirements.
Personally, I also think that encryption is vital and one of the outstanding advantages of Blackberry compared to the competitors (Iphone, ...)

We came up with the following risks to expect:
  • There is no simple way back: if you later deactivate the enforcement, the users have to manually switch it off.
  • Older devices (7xxx; OS 4.0x) get very slow and especially if the memory is nearly full, they are virtually too slow to use.
  • Password reset impossible => more service desk calls, complaints
  • Wipe takes waaaays longer => more service desk calls, inacceptable for top management guys
  • Adressbook encryption means that incoming calls are not resolved => loss of convenience, complaints

To mitigate, we plan to introduce it as follows:
  • Replace 7xxx+OS 4.0x devices with Curve 8900
  • Establish a special "Service Policy" so that (top management) service personell is able to disable content protection for a quicker wipe
  • Awareness and information activities

I hope that I will survive the switch ...
__________________
BES 4.1.7 (20 servers), Domino 7.0.3 with 19000+ users
BES 5.0.2 (8 server), Exchange 2010 SP1 with 1000+ users
Offline  
Old 12-16-2008, 06:55 AM   #6 (permalink)
Wireless Sith Lord
 
DarthBBerry's Avatar
 
Join Date: Jan 2007
Location: Online
Model: iOS 6
Carrier: Verizon x2
Posts: 1,458
Post Thanks: 2
Thanked 27 Times in 22 Posts
Default

Being in IT, we are SUPPOSED to be paranoid about security. We know the true amount of daily intrusion attempts on our networks. You can't have too much security, even on mobile devices. Encrypt, secure and lock 'em down because if there is one incident in the future where data is compromised and could've been prevented with Content Encryption, management will point the finger at you.
__________________
DarthBBerry
6-Time BlackBerry World Champion (2007-2012)
BlackBerry® Certified Support Specialist v5.0
BlackBerry® Certified System Administrator v5.0
Offline  
Old 12-16-2008, 07:20 AM   #7 (permalink)
Talking BlackBerry Encyclopedia
 
TreeDude's Avatar
 
Join Date: Apr 2008
Location: Western NY, USA
Model: iPn4S
OS: iOS 7.0.1
PIN: 76E5A626
Carrier: Verizon
Posts: 243
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I thought there was some level of encryption already on the Blackberry... Can anyone point me in the direction of the settings for such a feature? We are currently in the process of encrypting all portable devices, I thought I didn't need to worry about our Blackberries...
__________________
Technical Engineer III

BES was decommissioned. Currently using iPhones with Lotus Notes Traveler 9.0.
Offline  
Old 12-16-2008, 07:47 AM   #8 (permalink)
Wireless Sith Lord
 
DarthBBerry's Avatar
 
Join Date: Jan 2007
Location: Online
Model: iOS 6
Carrier: Verizon x2
Posts: 1,458
Post Thanks: 2
Thanked 27 Times in 22 Posts
Default

Quote:
Originally Posted by TreeDude View Post
I thought there was some level of encryption already on the Blackberry... Can anyone point me in the direction of the settings for such a feature? We are currently in the process of encrypting all portable devices, I thought I didn't need to worry about our Blackberries...
Data is encrypted at the transport layer with 3DES or AES depending on your settings. There is no encryption on the device unless you set the policy.
__________________
DarthBBerry
6-Time BlackBerry World Champion (2007-2012)
BlackBerry® Certified Support Specialist v5.0
BlackBerry® Certified System Administrator v5.0
Offline  
Old 12-16-2008, 07:51 AM   #9 (permalink)
iPhone Mod!
 
zerog46's Avatar
 
Join Date: May 2007
Location: In a House
Model: 9650
Carrier: VZW Bold
Posts: 6,753
Post Thanks: 18
Thanked 6 Times in 6 Posts
Default

Options Security. BB are very secure, all you have to do is set it up.
__________________
Life is not holding a good hand. Life is playing a poor hand well.
Offline  
Old 12-16-2008, 08:14 AM   #10 (permalink)
Thumbs Must Hurt
 
misterbulldog's Avatar
 
Join Date: Feb 2006
Location: D.C Metro Area
Model: 9630
OS: 5.0.0.975
Carrier: Verizon
Posts: 163
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by DarthBBerry View Post
Being in IT, we are SUPPOSED to be paranoid about security. We know the true amount of daily intrusion attempts on our networks. You can't have too much security, even on mobile devices. Encrypt, secure and lock 'em down because if there is one incident in the future where data is compromised and could've been prevented with Content Encryption, management will point the finger at you.
I couldn't have said it better myself. We in the IT field shoud be looking for ways to secure all of our systems.
Offline  
Old 12-16-2008, 08:20 AM   #11 (permalink)
Talking BlackBerry Encyclopedia
 
TreeDude's Avatar
 
Join Date: Apr 2008
Location: Western NY, USA
Model: iPn4S
OS: iOS 7.0.1
PIN: 76E5A626
Carrier: Verizon
Posts: 243
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ah I see it. Thanks guys. It's too bad I still have not gotten the go ahead to implement our IT policy. But at least mine is safe now .

Any benefit to having the wireless encryption the same as the handheld? I see ours is 3DES right now and would require a reactivation of all the BBs to change it to AES.
__________________
Technical Engineer III

BES was decommissioned. Currently using iPhones with Lotus Notes Traveler 9.0.
Offline  
Old 12-16-2008, 08:34 AM   #12 (permalink)
BlackBerry Extraordinaire
 
Frank Castle's Avatar
 
Join Date: Jul 2005
Location: MA
Model: 9930
PIN: PM Me!
Carrier: VZW
Posts: 1,073
Post Thanks: 0
Thanked 4 Times in 3 Posts
Default

Well considering there is pending regulation in a number of states that include mobile devices you will see a rapid deployment of encryption in large businesses. I would think the majority of F500 already is there.

For Blackberry we have the device on Strong (default) which is encrypted when the device is locked. You go higher and you need to roll out passwords of 12 and 24 character length. I doubt any user could remember anything like that. I've yet to see a Blackberry cracked so until then Strong is sufficient.

The MicroSD card we have encrypted to the Security password as users are always upgrading devices so that allows portablity.

I guess arguerment against having any of these measures depends on how your company handles their data - be it their own or customer related.
Offline  
Old 12-16-2008, 01:14 PM   #13 (permalink)
Thumbs Must Hurt
 
Join Date: Apr 2007
Model: 9700
Carrier: AT&T
Posts: 155
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Anyone out there have content protection turned on for a large scale (500+) users? From the general lack of discussion on these boards about content protection I imagine most people don't use it depending on the industry/data they have.
Offline  
Old 12-16-2008, 01:28 PM   #14 (permalink)
Talking BlackBerry Encyclopedia
 
TreeDude's Avatar
 
Join Date: Apr 2008
Location: Western NY, USA
Model: iPn4S
OS: iOS 7.0.1
PIN: 76E5A626
Carrier: Verizon
Posts: 243
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by icontech View Post
Anyone out there have content protection turned on for a large scale (500+) users? From the general lack of discussion on these boards about content protection I imagine most people don't use it depending on the industry/data they have.
Almost every admin I met at WES had a least password policy in place. I am not 100% sure on encryption, but I would imagine most of them would have that turned on as well. When you are talking about 500+ users, data security is a very big deal, especially for executive emails.
__________________
Technical Engineer III

BES was decommissioned. Currently using iPhones with Lotus Notes Traveler 9.0.
Offline  
Old 12-17-2008, 06:36 AM   #15 (permalink)
Wireless Sith Lord
 
DarthBBerry's Avatar
 
Join Date: Jan 2007
Location: Online
Model: iOS 6
Carrier: Verizon x2
Posts: 1,458
Post Thanks: 2
Thanked 27 Times in 22 Posts
Default

Quote:
Originally Posted by icontech View Post
Anyone out there have content protection turned on for a large scale (500+) users? From the general lack of discussion on these boards about content protection I imagine most people don't use it depending on the industry/data they have.
Yes, we have it enabled. The device and external media is encrypted to the device password.
__________________
DarthBBerry
6-Time BlackBerry World Champion (2007-2012)
BlackBerry® Certified Support Specialist v5.0
BlackBerry® Certified System Administrator v5.0
Offline  
Old 12-17-2008, 08:57 AM   #16 (permalink)
New Member
 
Join Date: Mar 2006
Model: 9000
Carrier: Orange UK
Posts: 11
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

ok guys maybe i'm missing the point then. the major problems have already been discussed above (the imability to efficiently support a large environment) as well as the issues with the speed of the devices and things like it auto-locking when playing media etc.

now can anyone tell me what someone would have to do to a password protected, non-encrypted blackberry in order to get the data off of it? yes thats right, take the thing apart, pry off the memory chips, slap em on chip readers, decode the bumpft and then read the data off.

hardly something the average joe who found the phone on the train is going to be doing.

in my opinion password protection is SUFFICIENT and content protection is overkill.

as for encrypting addressbook entries, why on earth would people turn this on if it is not a regulatory requirement? it was only included for certain MOD/DOD requirements in the US
Offline  
Old 12-17-2008, 09:31 AM   #17 (permalink)
BlackBerry Extraordinaire
 
Frank Castle's Avatar
 
Join Date: Jul 2005
Location: MA
Model: 9930
PIN: PM Me!
Carrier: VZW
Posts: 1,073
Post Thanks: 0
Thanked 4 Times in 3 Posts
Default

It's a bit outdated but the lone paper I've seen on this that did forensic discovery on a Blackberry (attached)

Also the review of the recent report by Fraunhofer Institute SIT
Offline  
Old 12-17-2008, 10:00 AM   #18 (permalink)
Talking BlackBerry Encyclopedia
 
TreeDude's Avatar
 
Join Date: Apr 2008
Location: Western NY, USA
Model: iPn4S
OS: iOS 7.0.1
PIN: 76E5A626
Carrier: Verizon
Posts: 243
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Jim Galbally View Post
ok guys maybe i'm missing the point then. the major problems have already been discussed above (the imability to efficiently support a large environment) as well as the issues with the speed of the devices and things like it auto-locking when playing media etc.

now can anyone tell me what someone would have to do to a password protected, non-encrypted blackberry in order to get the data off of it? yes thats right, take the thing apart, pry off the memory chips, slap em on chip readers, decode the bumpft and then read the data off.

hardly something the average joe who found the phone on the train is going to be doing.

in my opinion password protection is SUFFICIENT and content protection is overkill.

as for encrypting addressbook entries, why on earth would people turn this on if it is not a regulatory requirement? it was only included for certain MOD/DOD requirements in the US
What if your CEO is targeted and the berry stolen rather than lost? The information on that device could be worth a lot to a competitor.

The performance impact of the encryption is minimal. It really only makes the log in time take an extra few seconds.
__________________
Technical Engineer III

BES was decommissioned. Currently using iPhones with Lotus Notes Traveler 9.0.
Offline  
Old 12-17-2008, 10:08 AM   #19 (permalink)
Wireless Sith Lord
 
DarthBBerry's Avatar
 
Join Date: Jan 2007
Location: Online
Model: iOS 6
Carrier: Verizon x2
Posts: 1,458
Post Thanks: 2
Thanked 27 Times in 22 Posts
Default

@ Jim Galbally
You've gotten a lot of opinions regarding Content Protection; most of them are FOR it yet you continue to argue against. It seems like anything we say is shot down. It's like you didn't get what you wanted to hear so you continue asking but in a differnet manner.

When it comes down to it, Content Protection/Encryption cannot harm you, it can only help you. It provides another layer of security.

Take it or leave it.
__________________
DarthBBerry
6-Time BlackBerry World Champion (2007-2012)
BlackBerry® Certified Support Specialist v5.0
BlackBerry® Certified System Administrator v5.0
Offline  
Old 12-18-2008, 12:38 AM   #20 (permalink)
Knows Where the Search Button Is
 
Neo3000's Avatar
 
Join Date: Jul 2008
Model: 9000
PIN: N/A
Carrier: TMO
Posts: 32
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Jim Galbally View Post
now can anyone tell me what someone would have to do to a password protected, non-encrypted blackberry in order to get the data off of it? yes thats right, take the thing apart, pry off the memory chips, slap em on chip readers, decode the bumpft and then read the data off.

hardly something the average joe who found the phone on the train is going to be doing.

in my opinion password protection is SUFFICIENT and content protection is overkill.

as for encrypting addressbook entries, why on earth would people turn this on if it is not a regulatory requirement? it was only included for certain MOD/DOD requirements in the US
First, Sometime ago, I worked at a well-known but now gone mobile phone manufacturer. Here, we had special attachment toolkits, which looked like a set of needles. With such a toolkit you can attach directly to the flash chips on embedded devices. You do not have to separate the chip from the board through this. So no sophisticated technology here and quite common in mobile phone industry ...

Second, Blackberry will use standard flash chips by the common vendors (Samsung, Intel, Hynix, ...). Access protocols are well known here - so the last obstacle might be indeed the file system. Just an ASCII dump might give you valuable information ...

Third, It might be worth encrypting the adress book as there are industries where contacts are worth hard cash (potential customers, competitors, ...).

But your mileage may vary - security is always strongly connected to risk analysis and should never be considered as an end in itself. So, if your data is not that important, the problems or restrictions introduced with content protection might have more impact than the actual gain in security ...

Just my 2ct ...
__________________
BES 4.1.7 (20 servers), Domino 7.0.3 with 19000+ users
BES 5.0.2 (8 server), Exchange 2010 SP1 with 1000+ users
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.