2

How does a Blackberry device connect to BlackBerry Enterprise Server (BES) for the first time? What are the security mechanisms used to protect against a rogue BlackBerry handheld trying to connect to BES?

lisa17
  • 1,958
  • 7
  • 21
  • 43

1 Answers1

2

This should help you out: http://docs.blackberry.com/en/admin/deliverables/25762/BlackBerry_Enterprise_Solution-Security_Technical_Overview--1315426-0302055542-001-5.0.3-US.pdf

The basic idea is a new device is provisioned on BES with an activation code that is communicated to the user. The user enters the activation code and BES generates a device transport key when it connects. The device transport key takes care of authentication after enrollment.

A rogue device could possibly connect if the activation password is intercepted and the rogue device is connected first. The only problem with the scenario is the administrator would have an indicator that a rogue device is connected when the end user complains that the enrollment did not work.

The BES architecture is well thought out. BES attachment handling has been the achiles heal.

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118

securityishard
  • 731
  • 5
  • 3