BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 02-21-2005, 05:22 PM   #1 (permalink)
Thumbs Must Hurt
 
Join Date: Sep 2004
Model: 8703e
Carrier: Verizon
Posts: 66
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default What do you have your Security Timeout set to?

Please Login to Remove!

So what have other BES admins found to be an acceptable IT policy for the security timeout on a device?

Too short and you run the risk of making users angry.

Too long and it does no good.

I hear arguements for 30 minutes, 2 hours, 8 hours, 1 week. All valid pros/cons.

I would like to hear what has worked for your org and why...thx
Offline  
Old 02-21-2005, 06:04 PM   #2 (permalink)
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: i5s
Carrier: AT&T
Posts: 27,798
Post Thanks: 33
Thanked 441 Times in 381 Posts
Default

60 minutes. Not too short; not too long.
Offline  
Old 02-21-2005, 06:52 PM   #3 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default Re: What do you have your Security Timeout set to?

Quote:
Originally Posted by tafische
Too short and you run the risk of making users angry.
one thing i think its very important for an administrator to learn is that you need to enforce security policies as you see fit - not what will make your users comfortable. granted, i do think 5 mins would be an overkill, but anything in the 30-60 minute range would be more than sufficient.

set expectations early on and don't let your guard down. if someone wants to question the security of confidential information, then they best never think about working for a large public corporation that complies within federal regulations.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 02-21-2005, 06:55 PM   #4 (permalink)
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: i5s
Carrier: AT&T
Posts: 27,798
Post Thanks: 33
Thanked 441 Times in 381 Posts
Default

For those of us that may still have some old 950/957s hanging around. You have to upgrade them to 2.7. With the older 2.6 OS, the 60 minute security lockout is handled like 60 seconds. And that is a greast way to piss off your customers!
Offline  
Old 02-21-2005, 11:28 PM   #5 (permalink)
Thumbs Must Hurt
 
Join Date: Sep 2004
Model: 8703e
Carrier: Verizon
Posts: 66
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
one thing i think its very important for an administrator to learn is that you need to enforce security policies as you see fit - not what will make your users comfortable.
I agree. But you do have to have a balance. You have to do what makes sense for the business looking at all aspects. I am in a situation where there has been no forced locking for years. Someone is now trying to force out a 30 minute policy which is making the Execs who pay the bill very unhappy.

There is a middle ground here, which I think would be from 1-2 hours.
Offline  
Old 02-22-2005, 03:39 AM   #6 (permalink)
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: i5s
Carrier: AT&T
Posts: 27,798
Post Thanks: 33
Thanked 441 Times in 381 Posts
Default

Or you document and exclude the executives.....
Offline  
Old 02-23-2005, 09:53 AM   #7 (permalink)
Thumbs Must Hurt
 
Join Date: Aug 2004
Location: West Palm Beach, FL
Model: 8100
Carrier: T-Mobile
Posts: 122
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am using a 20 minute lockout at my company... i get a little grief every now and then but once i talk with the end user one on one they understand.

As an IT Admin's Data integrity is our biggest responsibility. Let just one sensitive email get into the hands of the public becuase an exec left his blackberry at a diner and see if he doesnt wish it was set to lock earlier.
Offline  
Old 02-23-2005, 10:22 AM   #8 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by dshearon
As an IT Admin's Data integrity is our biggest responsibility. Let just one sensitive email get into the hands of the public becuase an exec left his blackberry at a diner and see if he doesnt wish it was set to lock earlier.
couldn't have said it better myself.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 02-23-2005, 10:28 AM   #9 (permalink)
Knows Where the Search Button Is
 
Join Date: Feb 2005
Location: Ireland
Posts: 16
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

15 mins here - and we have a particularly stringent security policy as well for exactly the same reasons as dshearon states.

In general if anyone complains:
"if you're important enough to have a Blackberry, then your data is too important to just give to some bloke in the airport" :p
__________________
The thread killer apparently :s
Offline  
Old 02-24-2005, 09:31 AM   #10 (permalink)
Knows Where the Search Button Is
 
Join Date: Oct 2004
Location: Las Vegas, NV
Model: 8100
OS: 4.5.0.xx
Carrier: T-Mobile
Posts: 45
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

We use 30 minutes. We would have liked to go shorter but it does have a big impact especially for those who use the device as their #1 email client.

Now, with that said, imposing a timeout and security policy is easier thanks to Paris Hilton. Even though her actual sidekick itself was not what was hacked, most of the news sites were reporting it that way and it gets people thinking about what they have on their phone/pda.
Offline  
Old 02-25-2005, 04:00 AM   #11 (permalink)
Thumbs Must Hurt
 
Join Date: Oct 2004
Location: London
Model: 9780
Carrier: Vodafone UK
Posts: 56
Post Thanks: 3
Thanked 0 Times in 0 Posts
Default

Ours is set to 10 minutes, it was set to 5 originally but the users got too shirty about it
__________________
Singularity is near
Offline  
Old 04-11-2005, 08:51 PM   #12 (permalink)
Thumbs Must Hurt
 
tgray's Avatar
 
Join Date: Apr 2005
Location: Fort Worth, TX
Model: 8310
PIN: 243b354f
Carrier: AT&T
Posts: 148
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Our security team is requesting 10 minutes because they advise it is a security standard in our industry. I will be arguing for perhaps 15 minutes - the same as our workstations.
Offline  
Old 04-12-2005, 11:34 AM   #13 (permalink)
Thumbs Must Hurt
 
Join Date: Apr 2005
Location: St. Louis
Model: 7750
Posts: 66
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

What I have done is mirror our LAN login password policies as closely as possible. The password characteristics, the amount of retries, the time length to expire of the password, etc... all mirror our LAN policies. As far as this timeout policy, mine is set to 10 minutes, since that is the time when our desktop/laptops' screensavers kick in and lock up the PCs - if it's passed through my company's security group to get on the LAN policy I figure I'm covered by emulating it on the BES...
-Brian
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.