How does a Blackberry device connect to BlackBerry Enterprise Server (BES) for the first time? What are the security mechanisms used to protect against a rogue BlackBerry handheld trying to connect to BES?
-
Can you clarify the question? What do you mean by "rogue"? – David Schwartz Aug 25 '11 at 13:12
-
I mean by rogue device a non-authorized one – lisa17 Aug 25 '11 at 17:07
1 Answers
This should help you out: http://docs.blackberry.com/en/admin/deliverables/25762/BlackBerry_Enterprise_Solution-Security_Technical_Overview--1315426-0302055542-001-5.0.3-US.pdf
The basic idea is a new device is provisioned on BES with an activation code that is communicated to the user. The user enters the activation code and BES generates a device transport key when it connects. The device transport key takes care of authentication after enrollment.
A rogue device could possibly connect if the activation password is intercepted and the rogue device is connected first. The only problem with the scenario is the administrator would have an indicator that a rogue device is connected when the end user complains that the enrollment did not work.
The BES architecture is well thought out. BES attachment handling has been the achiles heal.
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
- 731
- 5
- 3