AOH :: ISNQ4745.HTM

Navy tightens grip on BlackBerrys

Navy tightens grip on BlackBerrys
Navy tightens grip on BlackBerrys


http://www.gcn.com/online/vol1_no1/45301-1.html 

By John Rendleman
GCN
October 25, 2007

The Navy has implemented tougher security settings for BlackBerry 
devices used by naval personnel. Administrators for the Navy-Marine 
Corps Intranet activated the new settings Oct. 17 for the Navy and Oct.
23 for the Marine Corps.

The Office of the Department of the Navys Chief Information Officer 
based its strengthened security configuration on Wireless Security 
Technical Implementation Guide (STIG) BlackBerry Security Checklist v5, 
Release 1.2, published May 23 by the Defense Information Systems Agency, 
and on additional guidance from the Marine Corps and Navy Designated 
Approving Authority. The new settings work with readers used to access 
the Navy-Marine Corps Intranet with Common Access Cards, according to 
the CIOs office.

The changes to the Navys BlackBerry security settings were implemented 
to protect the devices against unauthorized access and to turn off 
features that potentially compromised their security. Users received a 
message on their devices that the new settings had taken effect, and 
that users did not have to change the settings because the Navy would 
automatically reset the security settings of all of its devices through 
updates on the Navys BlackBerry Enterprise Server.

The devices will still require a five-character password, incorporating 
at least one alpha and one numeric character, which users must change 
every 90 days.

The new settings disabled several instant messaging, unencrypted 
peer-to-peer messaging services, the BlackBerry Instant Messenger tool, 
the Global Positioning System tracking feature, and the application 
loader and third-party application download capability.

In addition, the Navy strengthened the lock-and-erase feature on the 
devices so that after five unsuccessful log-in attempts they will enter 
lock mode and erase all locally stored data. Once a device is locked, 
its owner will have to contact the Navys service desk to access the 
device and reset its password. While the devices are locked, users will 
be allowed to make and receive phone calls, although access to the 
devices stored phone book will be blocked.

Also, the increased security settings will turn off the devices antennae 
while they are connected to a desktop computer via a USB cable to 
disable phone and e-mail communications. While the devices are connected 
all phone calls will go directly to a users voice mail, and all pending 
e-mails will be delivered after the device is disconnected.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com

Site design & layout copyright © 1986- CodeGods