BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   Secure way to only give MDS access with BES? (http://www.blackberryforums.com/bes-admin-corner/4143-secure-way-only-give-mds-access-bes.html)

Luch 03-01-2005 01:31 PM

Secure way to only give MDS access with BES?
 
We have some consultats working for us that have blackberrys and we want to give them access to MDS only. We do not want to allow them to be able to get company e-mails and or send e-mails using the companies address.

When activating a black berry on a BES server using your handheld, you enter in your e-mail address and activation password. But after they do this, can we disable them from being able to use our companies e-mail address?
We want them to be able to use the browser and other products like verichat but not our e-mail. But we want them to be able to use the webclient part so they can still recieve there e-mails to there handhelds....

Whats the best way to do this?


Thanks in advance for any help...

acnst 03-01-2005 04:21 PM

What kind of email system are you using? As far as I remember e.g. MS Exchange allows you to disable sending and receiving emails. This should be possible with other groupware software too.

Luch 03-01-2005 06:02 PM

running microsoft exchange 2k3...

is there any options in the blackberry server?

what other risks will we be taking by allowing them to access MDS through our BES?

xmorpheus 03-02-2005 05:50 AM

Just tried this on our BES (V3.6) and it does seem to work. You'll still have to have exchange mailboxes for them though.

Add them in as normal users and then right click on the name. Disable redirection and Enable MDS.

You should be able to put additional protections on the mailboxes through exchange. I've only tested this briefly so I can't stand over it, only say that it's possible.

As for making MDS available, bear in mind that if your BES is not in a DMZ configuration (which, as it's not supported, I'm assuming it isn't! :) ) then in theory, they can use the browser service to get to any web enabled server on your LAN.

They'd need the IP or address of the server and presumably an appropriate login, but it can be done. This was one of our main reasons for switching MDS off while we examined the security features in more detail.

To be honest, I'd be extremely wary of doing this unless you have no other option.

Hope this is of some help.

bfrye 03-02-2005 07:08 AM

I believe you can also setup MDS properties in IT Policies. As far as restricting browser access, restricting access to the internal/external network, etc...


All times are GMT -5. The time now is 12:36 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.