BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 07-19-2006, 07:36 AM   #1 (permalink)
Thumbs Must Hurt
 
Jim Bond's Avatar
 
Join Date: May 2005
Location: Toronto
Model: 9700
Carrier: Bell
Posts: 94
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default IT Policies and security

Please Login to Remove!

We are having discussions about how to set up BB security using policies on the BES server.

I've been asked to see what some of the "best practices" on passwords are, and what reasoning would be behind forced password changes etc.

What are your own companies doing with in this area?

What reference materials are available that describe best practices in relation to password policies on Blackberry's etc...

Thanks!
__________________
Crackberry Neophyte
Offline  
Old 07-19-2006, 07:46 AM   #2 (permalink)
Retired BlackBerryForums.com Moderator
 
d_fisher's Avatar
 
Join Date: Oct 2005
Location: Columbus, OH
Model: 9700
OS: SID 6.7
Carrier: AT&T
Posts: 4,455
Post Thanks: 0
Thanked 2 Times in 1 Post
Default

At my employeer, a password is required (non-expiring) with a timeout of 60 minutes. No complexity requirements other than ones the handheld enforces (ie. 1234, abcd, etc.)
__________________
Doug

Remember, please try searching first!

Need a screenshot? ... Like JavaLoader?
Try using BBscreen .....Use JL_Cmder!
or BBScreenShooter!

[SIGPIC][/SIGPIC]
Offline  
Old 07-19-2006, 09:42 AM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Jul 2006
Model: 7290
Carrier: T-Mobile
Posts: 36
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

It all depends on the sensitivity of your data...

Here are good references for Gov or private sector dealing with Gov standards.

csrc.nist.gov/publications/nistpubs/800-53/SP800-53.pdf
csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
Offline  
Old 07-19-2006, 10:18 AM   #4 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

We use a forced password, minimum 6 characters, must have 1 letter and 1 number. Users cannot disable the password, but are able to set the timeout to the maximum of 1 hour.
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 07-19-2006, 11:42 AM   #5 (permalink)
Thumbs Must Hurt
 
Jim Bond's Avatar
 
Join Date: May 2005
Location: Toronto
Model: 9700
Carrier: Bell
Posts: 94
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the replies so far... Boy, that government publication will make good bedtime reading!! LOL
To pontificate profusely... On the issues of security, do most people feel that a forced password change is a good thing?
How about "hacking" of a network with a blackberry? Anyone know how / if it's been done?
__________________
Crackberry Neophyte
Offline  
Old 07-19-2006, 11:55 AM   #6 (permalink)
Knows Where the Search Button Is
 
Join Date: Jul 2006
Model: 7290
Carrier: T-Mobile
Posts: 36
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yeah, that stuff will knock you out faster than NyQuill.

The main point is that since BB's have a lock and reset after 10 failed attempts the password has a stronger entropy. Meaning that even if you have a shorter password and a longer time between forced password changes it can still meet levels 1 and 2 for low to moderate impact systems.

There are some stipulations if you are using content protection, but otherwise I would go with around 8+ chars w/ 1 special and force reset every 90 days or so. Although twice a year would probably work too.

I've never read about any specific hacks, but if you are using MDS there are some pretty big concerns. Once again it really depends on the sensitivity of the data you operate with.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.