BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 01-20-2011, 07:07 AM   #1
KapsBB
New Member
 
Join Date: Jan 2006
Location: Parsippany, NJ
Model: 8700c
PIN: 203D93F4
Carrier: AT&T
Posts: 10
Question Best Security Practices for a Bank Holding Company

Please Login to Remove!

I work at a bank holding company, so we have many users with very sensitive data on their BlackBerry. I am wondering what would be the best policies and restrictions to implement in order to make sure all the data is secure on the BB especially if it is lost. These are our current security policies in place. We are running BES 5.0.

Password
Password Pattern Checks - No Restrictions
Maximum Password Age - 90 Days
Maximum Security Timeout - 15 Minutes
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
Maximum Password Attempts - 8
Password Timeout - 15 Minutes

Security
Disallow Third Party Applications Downloads - No
Offline  
Old 01-20-2011, 07:55 AM   #2
Dubdub
Appleinator
 
Dubdub's Avatar
 
Join Date: Nov 2005
Location: New Hampshire
Model: App6+
OS: AJBR549
PIN: Ask
Carrier: ATT & Verizon
Posts: 20,038
Default Re: Best Security Practices for a Bank Holding Company

Moved to the BES Admin section - probably a better spot for your question.
__________________
-->>BB FAQ

-->>Stinsonddog's Tip Site!

-->>Twitter


If someone helps, tell them by clicking the Thanks button.!!
Offline  
Old 01-20-2011, 10:05 AM   #3
knottyrope
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: DT60
OS: 123456789
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 7,325
Default Re: Best Security Practices for a Bank Holding Company

Quote:
Originally Posted by KapsBB View Post
I work at a bank holding company, so we have many users with very sensitive data on their BlackBerry. I am wondering what would be the best policies and restrictions to implement in order to make sure all the data is secure on the BB especially if it is lost. These are our current security policies in place. We are running BES 5.0.

Password
Password Pattern Checks - Set it so no simple pass like 1234 or qwer can be used.
Maximum Password Age - 30 Days
Maximum Security Timeout - 15 Minutes
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
Maximum Password Attempts - 8
Password Timeout - 15 Minutes

Security
Disallow Third Party Applications Downloads - yes
Just how sensative is it?

also might want to make sure they cant forward an email to another account as well.

maybe even disbale BBM or at least set a peer to peer encryption key so only BES users to BES users can BBM.
__________________
I had to fall
To lose it all
But in the end
It doesn't even matter

Rocking the Motion with out lotion.
Offline  
Old 01-20-2011, 10:40 AM   #4
KapsBB
New Member
 
Join Date: Jan 2006
Location: Parsippany, NJ
Model: 8700c
PIN: 203D93F4
Carrier: AT&T
Posts: 10
Default Re: Best Security Practices for a Bank Holding Company

Quote:
Originally Posted by knottyrope View Post
Just how sensative is it?

also might want to make sure they cant forward an email to another account as well.

maybe even disbale BBM or at least set a peer to peer encryption key so only BES users to BES users can BBM.
Everything is regulated by the Federal Reserve. So it is mostly just making sure there are no incidents so we don't get fined.

I don't think it is necessary to disable forwarding as we can forward in Outlook. It seems to be more about making sure non-employees can't get any information from the device. Not stopping people from communicating with others in the company.

Although there are some groups that must keep all data in case there are legal issues. They aren't even allowed to use BBM.
Offline  
Old 01-20-2011, 11:22 AM   #5
DarthBBerry
Wireless Sith Lord
 
DarthBBerry's Avatar
 
Join Date: Jan 2007
Location: Online
Model: iOS 6
Carrier: Verizon x2
Posts: 1,458
Default Re: Best Security Practices for a Bank Holding Company

Password
Password Pattern Checks - No Restrictions
Maximum Password Age - 90 Days
Maximum Security Timeout - 15 Minutes
With sensitive data, you may want to change that to less; like 5 minutes of inactivity.
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
This is debatable. If your user can't remember the password, perhaps actually seeing it on the screen will help. (I've had users say they set the password to 1234567654321 when in actuality is is "wersdfzfdsrew". They were looking at the numbers but not using the ALT key.)
Maximum Password Attempts - 8
If the end user can't remember their password after 6 attempts, they sure as heck ain't gonna get it at 8. My policy is set to 6.
Password Timeout - 15 Minutes

I also recommend that you put a Forbidden Password policy in place. 911 is a no-no in my environment. If you happen to have 911 in part of your password, your device may call 911 Emergency.

Security
Disallow Third Party Applications Downloads - No
You may be opening up for some strange 3rd party apps on devices. I've seen some really bizarre things make an OS go "POOF."

You may want to add:
User Can Change Timeout: No
Content Protection Strength: Strong
External File System Encryption Level: Encrypt to User Password (including multi-media directories)

Some type of password/encryption requirement for Bluetooth if allowed. Otherwise, disable it completely.
Same goes for Smart Card Readers.

__________________
DarthBBerry
6-Time BlackBerry World Champion (2007-2012)
BlackBerry® Certified Support Specialist v5.0
BlackBerry® Certified System Administrator v5.0
Offline  
Old 01-20-2011, 12:37 PM   #6
KapsBB
New Member
 
Join Date: Jan 2006
Location: Parsippany, NJ
Model: 8700c
PIN: 203D93F4
Carrier: AT&T
Posts: 10
Default Re: Best Security Practices for a Bank Holding Company

Quote:
Originally Posted by DarthBBerry View Post
Password
Password Pattern Checks - No Restrictions
Maximum Password Age - 90 Days
Maximum Security Timeout - 15 Minutes
With sensitive data, you may want to change that to less; like 5 minutes of inactivity.
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
This is debatable. If your user can't remember the password, perhaps actually seeing it on the screen will help. (I've had users say they set the password to 1234567654321 when in actuality is is "wersdfzfdsrew". They were looking at the numbers but not using the ALT key.)
Maximum Password Attempts - 8
If the end user can't remember their password after 6 attempts, they sure as heck ain't gonna get it at 8. My policy is set to 6.
Password Timeout - 15 Minutes

I also recommend that you put a Forbidden Password policy in place. 911 is a no-no in my environment. If you happen to have 911 in part of your password, your device may call 911 Emergency.

Security
Disallow Third Party Applications Downloads - No
You may be opening up for some strange 3rd party apps on devices. I've seen some really bizarre things make an OS go "POOF."

You may want to add:
User Can Change Timeout: No
Content Protection Strength: Strong
External File System Encryption Level: Encrypt to User Password (including multi-media directories)

Some type of password/encryption requirement for Bluetooth if allowed. Otherwise, disable it completely.
Same goes for Smart Card Readers.

Thanks! That is some good information.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads for: Best Security Practices for a Bank Holding Company
Thread Thread Starter Forum Replies Last Post
I.M Security zerog46 Aftermarket Software 11 06-09-2008 07:29 PM
Sync Error....What could it be? kurrupt_1 General 8300 Series Discussion - Curve 7 11-22-2007 07:41 PM
Blackberry and bank security defdef General BlackBerry Discussion 2 08-09-2007 05:53 PM
Let's recap what we know about the "8300" ETPhoneHome General 8300 Series Discussion - Curve 19 03-12-2007 11:04 PM
How do you and your company handle security? Vads BES Admin Corner 7 09-02-2005 07:10 AM


Johnson Controls Metasys MS-NAE5510-0 BAS Network Controller picture

Johnson Controls Metasys MS-NAE5510-0 BAS Network Controller

$224.99



Johnson Controls Metasys MS-NAE3510-2 Network Controller picture

Johnson Controls Metasys MS-NAE3510-2 Network Controller

$999.88



Johnson Controls Metasys MS-NAE5510-1 Controller NAE 5510 Version 5.0 picture

Johnson Controls Metasys MS-NAE5510-1 Controller NAE 5510 Version 5.0

$190.00



ACROMAG 4683-TTM-3F RS-485 to RS-485 Network Repeater BACnet Metasys NEW picture

ACROMAG 4683-TTM-3F RS-485 to RS-485 Network Repeater BACnet Metasys NEW

$199.00



JOHNSON CONTROLS AS-VAVDPT1-1 Controller picture

JOHNSON CONTROLS AS-VAVDPT1-1 Controller

$199.88



Johnson Controls Nu-ncm350-8 Metasys Network Controller picture

Johnson Controls Nu-ncm350-8 Metasys Network Controller

$299.88







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.