Security Technical Overview

Local Navigation

Best practice: Protecting plain text messages that a device sends over the wireless network

Plain text messages include SMS text messages, MMS messages, and PIN messages. A BlackBerry® device can send SMS text messages and MMS messages over a wireless TCP/IP connection.

Best practice

Description

Prevent a user from sending, forwarding, or replying to specific types of message on the device.

Consider the following guidelines:
  • Prevent a user from forwarding or replying to a message using a BlackBerry® Enterprise Server that did not deliver the original message.
  • Prevent a user from using an email account to forward or reply to a PIN message or reply to an email message with a PIN message.

To apply this best practice, you can use the Disable Forwarding Between Services IT policy rule.

Prevent external connections to a device.

Consider preventing applications on a device from opening external connections (for example, to WAP, SMS, MMS, or other public gateways).

To apply this best practice, you can use the Allow External Connections IT policy rule.

Require S/MIME encryption or PGP® encryption for PIN messages.

Consider preventing a user from sending PIN messages that are not S/MIME encrypted or PGP encrypted if your organization uses a highly secure messaging solution such as the S/MIME Support Package for BlackBerry® smartphones or the PGP® Support Package for BlackBerry® smartphones.

To apply this best practice, you can use the Disable Peer-to-Peer Normal Send IT policy rule.

Prevent a device from using the global PIN encryption key.

Considering the following guidelines:
  • Limit the number of devices in your organization’s environment that can receive BlackBerry® Messenger messages and PIN messages that use the global PIN encryption key.
  • Limit the number of devices in your organization that can receive PIN messages that use the PIN encryption key that is specific to your organization, the global PIN encryption key, or both.

To apply this best practice, you can use the Firewall Block Incoming Messages IT policy rule.

Require a user to verify whether the user wants to send a message.

Consider configuring the device so that the user must verify whether the user wants to send an email message, SMS text message, MMS message, or PIN message.

To apply this best practice, you can use the Confirm on Send IT policy rule.

Turn off unsecured messaging on the device.

Consider turning off unsecured messaging to make sure that all communication for the device that starts in your organization travels through your organization’s messaging environment.

To turn off SMS text messaging, you can use the Allow SMS IT policy rule.

To turn off MMS messaging, you can use the Disable MMS IT policy rule.

To turn off PIN messaging, you can use the Allow Peer-to-Peer Messages IT policy rule. When you turn off PIN messaging, a user can receive PIN messages on the device but cannot send PIN messages from the device.


Was this information helpful? Send us your comments.