BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 10-29-2007, 04:22 PM   #1 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2006
Model: 7100
Carrier: at&t
Posts: 23
Post Thanks: 0
Thanked 0 Times in 0 Posts
Question Re:authentication/data security question

Please Login to Remove!

Hello all
We have about 6 users with BB's using BIS (I believe this is the case since they no longer require a redirector on their pc's)
anyways, they all access email (on our exch 2003 server)
Since i am not all that familiar with BB's can someone explain to me if the communications between BB's and exchange is encrypted and or what type authentication takes place?
We are a small office and to date haven't paid too much attention to the security aspects of using these devices

thank you for any info/input
Offline  
Old 10-30-2007, 02:18 PM   #2 (permalink)
Thumbs Must Hurt
 
Join Date: May 2007
Model: 9800
PIN: N/A
Carrier: Rogers
Posts: 68
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Like a BES, a BIS is the front end for the BlackBerry infrastructure. Every bit of data that goes over the infrastructure is definitely encrypted.

After asking a friend at a carrier, who asked a friend at RIM, all messages from the BIS to the handheld are also encrypted with the same algorithm.

From Exchange to the infrastructure is handled by your company.
Between BB's everything is encrypted.
Offline  
Old 11-05-2007, 12:06 PM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2006
Model: 7100
Carrier: at&t
Posts: 23
Post Thanks: 0
Thanked 0 Times in 0 Posts
Question thx

for your reply

Would you happen to know how TLS works with BB's?
If i set it up on my exchange server, will the devices require any special config?
Offline  
Old 11-05-2007, 03:30 PM   #4 (permalink)
Thumbs Must Hurt
 
Join Date: May 2007
Model: 9800
PIN: N/A
Carrier: Rogers
Posts: 68
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well with TLS you need to exchange certificates proving your identity. You would most probably have to set up a PKI infrastructure and issue certificates to your Exchange server and each of your BB clients.

If you are running windows 2003 server there is a Certificate Authority included with it that will tie into your Active Directory and Exchange for certificate exchange.



Cheers.

Last edited by tricky_ott : 11-05-2007 at 03:31 PM.
Offline  
Old 11-05-2007, 03:36 PM   #5 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2006
Model: 7100
Carrier: at&t
Posts: 23
Post Thanks: 0
Thanked 0 Times in 0 Posts
Question actually

I think what i would do is buy a 3rd party certificate
but what has me confused is how the whole thing works with BIS (essentially being a middleman)
if encryption is already in place for comm between BIS (servers) and the device, then how would the cert be presented to the BB's?
sorry, i'm new to this stuff
and again, thx for your help
Offline  
Old 11-06-2007, 09:11 AM   #6 (permalink)
Thumbs Must Hurt
 
Join Date: Jul 2006
Model: 9550
Carrier: VZW
Posts: 139
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

It all depends how you are having BIS access your Exchange server.

The connection to the BIS <-> Handhelds is always encrypted, so let's take that out of the equation.

Now the other component is how is BIS accessing your Exchange server. Three choices, OWA, POP, or IMAP. My guess, and the way it is configured by default is through OWA. Now if your OWA server requires SSL, then BIS will HAVE to use SSL just like any other user connecting. So then you have your end to end connection totally encrypted. If you don't have SSL set up on OWA then you need to get a Cert signed by a CA, and configure it. There is plenty of help on the internet to get you Exchange server setup for that...

If you are having BIS use POP or IMAP to access the Exchange server (no real reason not to use the default OWA type connection though), then you need to configure and require TLS on those services on your Exchange front-end (or single server I'm guessing). It is usually just easier to use the OWA method.

The main advantage you gain by making sure the connection between the BIS and your Exchange organization are encrypted, is that passwords are NOT sent in the clear and any email that flows within your organization stays private the entire time.
Offline  
Old 11-06-2007, 01:33 PM   #7 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2006
Model: 7100
Carrier: at&t
Posts: 23
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Bis

hi, thx
i checked on user's BIS page setup and apparently it's using IMAP
Now, i'm ok with that since we do nor use OWA
but if i check that TLS requirement checkbox then i will still need to get a certificate right?
and how will the BIS server deal with my certificate?
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.