|
|
05-04-2005, 04:23 PM
|
#1
|
Thumbs Must Hurt
Join Date: Feb 2005
Location: Jefferson Ga.
Model: 8900
PIN: 20F7C0E8
Carrier: TMO
Posts: 151
|
Anyone know a link to some good IT policy information?
Please Login to Remove!
Thanks!
__________________
Pin: 20F7C0E8
TMO 8900 - Exchange 2007 SP1 - BES 4.1.6
|
Offline
|
|
05-04-2005, 08:59 PM
|
#2
|
Talking BlackBerry Encyclopedia
Join Date: Feb 2005
Model: 7280
Carrier: cingular, no wait, AT&T
Posts: 300
|
What do you mean? Best practices, how to do it, what?
|
Offline
|
|
05-04-2005, 09:55 PM
|
#3
|
BlackBerry God
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
|
you could read the administration PDF. it pretty much goes into detail what each option does and doesn't do.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
|
Offline
|
|
05-05-2005, 07:03 AM
|
#4
|
Thumbs Must Hurt
Join Date: Feb 2005
Location: Jefferson Ga.
Model: 8900
PIN: 20F7C0E8
Carrier: TMO
Posts: 151
|
Yeah best practices. Sorry I wasn't clear.
__________________
Pin: 20F7C0E8
TMO 8900 - Exchange 2007 SP1 - BES 4.1.6
|
Offline
|
|
05-05-2005, 11:44 AM
|
#5
|
Talking BlackBerry Encyclopedia
Join Date: Feb 2005
Model: 7280
Carrier: cingular, no wait, AT&T
Posts: 300
|
Quote:
Originally Posted by djbeenie
Yeah best practices. Sorry I wasn't clear.
|
Best practices... well, forcing passwords is a good idea. Preventing 3rd party apps from being loaded will prevent unnecessary junk from getting installed by your end-users (but, oh, they will complain... THEY WILL COMPLAIN!).
Anyhow, after that, you have to figure out what you want. The IT Policy is quite detailed...
I can't make the decisions for you, so you need to know what you want the users able to do, and unable to do. SMS text messages? Phone calls? Do either of those have an impact on the bottom line?
|
Offline
|
|
05-05-2005, 01:47 PM
|
#6
|
Talking BlackBerry Encyclopedia
Join Date: Mar 2005
Location: McKinney, Texas
Model: 7100g
Posts: 236
|
The admin guide has "Sample IT Policies" at the end of Appendix A
__________________
Me? 7130C/BES
Who says they can't teach an 'old dog' new tricks!
|
Offline
|
|
05-05-2005, 03:03 PM
|
#7
|
BlackBerry God
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
|
Not to mention that a 'best practices' should likely be applied using your current security policy as a guide. Just my two cents.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
|
Offline
|
|
05-05-2005, 03:16 PM
|
#8
|
Thumbs Must Hurt
Join Date: Feb 2005
Location: Jefferson Ga.
Model: 8900
PIN: 20F7C0E8
Carrier: TMO
Posts: 151
|
Quote:
Originally Posted by DoomBringer
Best practices... well, forcing passwords is a good idea. Preventing 3rd party apps from being loaded will prevent unnecessary junk from getting installed by your end-users (but, oh, they will complain... THEY WILL COMPLAIN!).
Anyhow, after that, you have to figure out what you want. The IT Policy is quite detailed...
I can't make the decisions for you, so you need to know what you want the users able to do, and unable to do. SMS text messages? Phone calls? Do either of those have an impact on the bottom line?
|
Well I was looking at the IT Policy, only thing I really see valuable is the passwords and restricting 3rd party apps. But hey they bought their own BB's, so what gives me the right to lock down any of them. lol
Cool guys, thanks for the info.
Regards,
Bryan
__________________
Pin: 20F7C0E8
TMO 8900 - Exchange 2007 SP1 - BES 4.1.6
|
Offline
|
|
05-05-2005, 03:33 PM
|
#9
|
BlackBerry God
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
|
Quote:
Originally Posted by djbeenie
But hey they bought their own BB's, so what gives me the right to lock down any of them.
|
c'mon now bryan. you're an admin, so you're supposed to have a powertrip from time to time. but to answer that question, despite them having their own purchased handhelds, they still are on your network and still present a potential security risk by being open. i'm not sure where you're working now, but at your previous job, i can guarantee that they would agree with me.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
|
Offline
|
|
05-05-2005, 03:56 PM
|
#10
|
Talking BlackBerry Encyclopedia
Join Date: Mar 2005
Location: McKinney, Texas
Model: 7100g
Posts: 236
|
Not specific to BBs, but to PDAs in general, go here:
http://www.rimroad.com/articles/2005...rity-Part.html
__________________
Me? 7130C/BES
Who says they can't teach an 'old dog' new tricks!
|
Offline
|
|
05-05-2005, 10:11 PM
|
#11
|
Thumbs Must Hurt
Join Date: Mar 2005
Location: Toronto
Model: 8700
Carrier: Rogers
Posts: 121
|
Quote:
Originally Posted by djbeenie
But hey they bought their own BB's, so what gives me the right to lock down any of them.
|
Well, the usual logic is that if they want to connect their device to your network, they have to abide by your policies... As a consultant, I find more and more of my clients implementing "Foreign Equipment Policies" which my own personal notebook has to conform to before I'm allowed to plug it into a piece of their Ethernet cable.
In the case of a Blackberry, there are two important factors... Firstly, it contains corporate e-mail, which in most organizations is easily deemed to be the property of the corporation. Secondly, if you have MDS enabled, the MDS Browser can access any web services inside your firewall, which makes the devices an even further security risk.
|
Offline
|
|
05-06-2005, 09:46 AM
|
#12
|
Thumbs Must Hurt
Join Date: Feb 2005
Location: Jefferson Ga.
Model: 8900
PIN: 20F7C0E8
Carrier: TMO
Posts: 151
|
Quote:
Originally Posted by jdh
Well, the usual logic is that if they want to connect their device to your network, they have to abide by your policies... As a consultant, I find more and more of my clients implementing "Foreign Equipment Policies" which my own personal notebook has to conform to before I'm allowed to plug it into a piece of their Ethernet cable.
In the case of a Blackberry, there are two important factors... Firstly, it contains corporate e-mail, which in most organizations is easily deemed to be the property of the corporation. Secondly, if you have MDS enabled, the MDS Browser can access any web services inside your firewall, which makes the devices an even further security risk.
|
Good point! I didnt realize all the factors that could be at risk. Thank you for the pointers. Forgive me I am still learning as I go.
Quote:
c'mon now bryan. you're an admin, so you're supposed to have a powertrip from time to time. but to answer that question, despite them having their own purchased handhelds, they still are on your network and still present a potential security risk by being open. i'm not sure where you're working now, but at your previous job, i can guarantee that they would agree with me.
|
HAHA I know, Got to understand this company. This whole company is spoiled rotten, they get what they want. HAHA But that is no excuse. Thank you for the advice. I will be pushing out policys now. Thank you!
Regards,
Bryan
__________________
Pin: 20F7C0E8
TMO 8900 - Exchange 2007 SP1 - BES 4.1.6
|
Offline
|
|
05-06-2005, 10:08 AM
|
#13
|
Thumbs Must Hurt
Join Date: Feb 2005
Location: Jefferson Ga.
Model: 8900
PIN: 20F7C0E8
Carrier: TMO
Posts: 151
|
Well another thing, MDS is connected directly to the internet, not to any internal sites other than the exchange.
__________________
Pin: 20F7C0E8
TMO 8900 - Exchange 2007 SP1 - BES 4.1.6
|
Offline
|
|
05-06-2005, 12:09 PM
|
#14
|
Talking BlackBerry Encyclopedia
Join Date: Feb 2005
Model: 7280
Carrier: cingular, no wait, AT&T
Posts: 300
|
Quote:
Originally Posted by djbeenie
Well another thing, MDS is connected directly to the internet, not to any internal sites other than the exchange.
|
If MDS is on the corporate LAN, then it can access any of the intranet sites. Try it. You should be able to resolve any internal sites from the BB that has MDS enabled.
|
Offline
|
|
|
|