|
|
|
04-25-2008, 06:41 PM
|
#41
|
Retired BBF Moderator
Join Date: Aug 2005
Model: 9000
OS: 4.6.0.xxx
Carrier: AT&T
Posts: 10,149
|
Please Login to Remove!
And suspending service doesnt mean crap on a GSM device. All they have to do is unlock it, pop a new SIM in and they can use it all they want.
|
Offline
|
|
04-25-2008, 06:42 PM
|
#42
|
BBF Moderator
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,720
|
In the end, all that is lost is the device if there was a password on it. Just depends on how sensitive the data is.
|
Offline
|
|
04-28-2008, 10:05 AM
|
#43
|
Talking BlackBerry Encyclopedia
Join Date: May 2005
Location: Huntsville, AL
Model: 9930
Carrier: Verizon
Posts: 335
|
Darth, you can bank on the fact that enabling passwords on your devices will increase your BB calls. (if I had a dollar for every password reset request we got a day....) It's a worthwhile price to pay for a little security. We get some complaints, but hey, that's security for you. Our policy is to allow 5 attempts not the default 10 and the device locks every 15 minutes whether you are using it or not. (can't even count the number of times I get a user that can't enter their password correctly, only to find that the BB is requesting them to type "blackberry" first). I wish we got notified as soon as 12 hours after someone losing their BB. Sometimes a user will wait a week to let us know. By that time the BBs battery may have run down. (contemplating suggesting that we add wipe on battery drain option).
All in all the password is your friend on the BB. (as is JL_CMDR).
__________________
AlanM
Exchange\Blackberry Admin
4 - BES Servers (5.0.3),
~1500 BB Users, and a headache.
War Eagle!!
|
Offline
|
|
04-28-2008, 01:17 PM
|
#44
|
BBF War Game Mod
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
|
Quote:
Originally Posted by DarthBBerry
Not wanting to put them down... but most of my users arent smart enough to figure that out. If it's not in the box, then it doesnt exist for them.
|
Never underestimate users. They sometimes know more than they let on!
__________________
Jadey : Infrastructure Architect, Denver CO
|
Offline
|
|
04-28-2008, 01:23 PM
|
#45
|
BBF War Game Mod
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
|
It's not just data on BBs that need consideration for protection. If you are running enterprise collaboration services (sametime, office messenger or whatever it is called) and/or MDS then the person who stole/found the BB has 2 routes into your network. Last thing you need is someone playing with what data they can get in/out via the BB.
The other major problem for me is identity theft - if someone steals the CEOs BB, the last thing I need is them sending an email to his PA saying "could you fax the next quarter results network to an analyst at +1 303 xxx" etc - in 12 hours you can lose shed loads of data, and it doesn't have to be on the BB - how many people/PAs/other managers would actually query an email from the CEO?
So I lock after a period of inactivity. I also lock after a period of continuous use - if someone deliberately steals the CEOs BB, last thing I need is them keeping it alive for ages by key presses. I can't trust my users to IMMEDIATELY notice someone lifting their device from them in an airport - also, minus the BB, how do they call me if there is no phone nearby? It's all just too risky.
__________________
Jadey : Infrastructure Architect, Denver CO
|
Offline
|
|
04-28-2008, 01:43 PM
|
#46
|
BlackBerry Extraordinaire
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
|
Quote:
Originally Posted by penguin3107
You should really consider enforcing password use on your devices, and set the timeout to a short duration.
It's your responsibility as a BES Administrator.
|
Actually, it's my responsibility to implement/enforce corporate policy. I can suggest the need for passwords, but if the idea is rejected by those in a higher pay grade, there's nothing I can do.
|
Offline
|
|
04-28-2008, 02:09 PM
|
#47
|
Talking BlackBerry Encyclopedia
Join Date: Jun 2007
Location: Edmonton AB, Canada
Model: 9630
Carrier: Telus
Posts: 300
|
Quote:
Originally Posted by CanuckBB
Actually, it's my responsibility to implement/enforce corporate policy. I can suggest the need for passwords, but if the idea is rejected by those in a higher pay grade, there's nothing I can do.
|
This.
While I am the administrator, I cannot go above corporate policy, and I cannot just on a whim put a policy in that would affect users without approval. When I first got put into the BB admin role, we did not enforce passwords on our BB's. It took 7 months, but between myself and my IT manager we were able to convince the management team that we need a policy in place to protect the data on the the blackberries. We even had to make some compromises, there is no lock after constant use, but it does lock after 10 minutes of non use.
|
Offline
|
|
04-28-2008, 02:40 PM
|
#48
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
Sounds like I got lucky. When we first started rolling them out and only had 20, I told my manager we needed to have an IT Policy with a password. He said ok, and off I went. At that time, it was all executive management that had the devices (including the company owner) and not once did they complain about the passwords.
I now use that to my advantage when people complain - if the owner of the company doesn't complain, why should they?
__________________
No longer a BES Admin, but it was fun while it lasted!
Last edited by juwaack68; 04-28-2008 at 02:51 PM..
|
Offline
|
|
04-28-2008, 02:49 PM
|
#49
|
BBF Moderator
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,720
|
having the device lock while I'm using it would be quite annoying, though.
|
Offline
|
|
04-28-2008, 03:12 PM
|
#50
|
Talking BlackBerry Encyclopedia
Join Date: Jun 2007
Location: Edmonton AB, Canada
Model: 9630
Carrier: Telus
Posts: 300
|
Quote:
Originally Posted by juwaack68
Sounds like I got lucky. When we first started rolling them out and only had 20, I told my manager we needed to have an IT Policy with a password. He said ok, and off I went. At that time, it was all executive management that had the devices (including the company owner) and not once did they complain about the passwords.
I now use that to my advantage when people complain - if the owner of the company doesn't complain, why should they?
|
Ya, I use that argument now myself. Our company president, after about a day of the policy going in place, decided that that policy was a really good idea, and couldn't' believe that they said no before. It really wasn't as obtrusive as he thought it would be, and he decided it was probably the best idea I could have come up with.
I now tell anyone who complains about it to go talk to the president about it if they don't like it
|
Offline
|
|
04-30-2008, 12:54 PM
|
#51
|
New Member
Join Date: Apr 2008
Model: 8830
PIN: N/A
Carrier: Verizon
Posts: 5
|
When the device is entered incorrect password more than 10x, it will be wiped out. All data on the device will be lost and the user will have to enter a new device password after the wipe process is complete.
Can a BES Admin recover the device password to avoid the wipe out? Yes. with BES 4.1.5, you can issue a new device password and the user won't be prompted to enter the old password (which he/she already forgot). This will work even the Content Protection is enabled in the IT policy.
Hope this helps.
|
Offline
|
|
04-30-2008, 02:19 PM
|
#52
|
Talking BlackBerry Encyclopedia
Join Date: Apr 2008
Location: Western NY, USA
Model: iPn4S
OS: iOS 7.0.1
PIN: 76E5A626
Carrier: Verizon
Posts: 243
|
Hmm... You guys are making me think I should bring this up to my manager. We currently have no password policy. But then again, up until just a few months ago we were on BES 2.2. I am not even sure that was doable on that. Since I replaced the guy who was admin of the last BES (he did not set it up though, so he didn't know much) I got the great task of upgrading and managing it (with no experience mind you).
But things are great now and I am learning more and more. I set a basic policy on my own berry. Seems ok. Considering 17 of my users are executives, I think maybe passwords are a good idea.
__________________
Technical Engineer III
BES was decommissioned. Currently using iPhones with Lotus Notes Traveler 9.0.
|
Offline
|
|
05-01-2008, 04:27 AM
|
#53
|
BBF War Game Mod
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
|
Quote:
Originally Posted by Gray_Berry
When the device is entered incorrect password more than 10x, it will be wiped out.
|
Small point, but this number is not always 10. It is whatever is in the policy - and half that value if duress notifications are enabled.
__________________
Jadey : Infrastructure Architect, Denver CO
|
Offline
|
|
05-01-2008, 05:08 AM
|
#54
|
Thumbs Must Hurt
Join Date: May 2005
Location: US
Model: 9860
Carrier: AT&T
Posts: 72
|
Quote:
Originally Posted by wunderbar
This.
While I am the administrator, I cannot go above corporate policy, and I cannot just on a whim put a policy in that would affect users without approval. When I first got put into the BB admin role, we did not enforce passwords on our BB's. It took 7 months, but between myself and my IT manager we were able to convince the management team that we need a policy in place to protect the data on the the blackberries. We even had to make some compromises, there is no lock after constant use, but it does lock after 10 minutes of non use.
|
We have a password policy that matches our IS Security Policy. But set to wipe after 7 incorrect attempts. this works good for me, but you will allways have those NEW users, that will question the password policy when they first receive their devices, and try to make a stink. when you send them to corporate security to justify their wanted change they mostly have second thoughts. better to work the policy out when planning the environment, before deploying your first device.
Last edited by kerry6; 05-01-2008 at 05:09 AM..
|
Offline
|
|
|
|