By John Rendleman
October 25, 2007
The Navy has implemented tougher security settings for BlackBerry
devices used by naval personnel. Administrators for the Navy-Marine
Corps Intranet activated the new settings Oct. 17 for the Navy and Oct.
23 for the Marine Corps.
The Office of the Department of the Navys Chief Information Officer
based its strengthened security configuration on Wireless Security
Technical Implementation Guide (STIG) BlackBerry Security Checklist v5,
Release 1.2, published May 23 by the Defense Information Systems Agency,
and on additional guidance from the Marine Corps and Navy Designated
Approving Authority. The new settings work with readers used to access
the Navy-Marine Corps Intranet with Common Access Cards, according to
the CIOs office.
The changes to the Navys BlackBerry security settings were implemented
to protect the devices against unauthorized access and to turn off
features that potentially compromised their security. Users received a
message on their devices that the new settings had taken effect, and
that users did not have to change the settings because the Navy would
automatically reset the security settings of all of its devices through
updates on the Navys BlackBerry Enterprise Server.
The devices will still require a five-character password, incorporating
at least one alpha and one numeric character, which users must change
every 90 days.
The new settings disabled several instant messaging, unencrypted
peer-to-peer messaging services, the BlackBerry Instant Messenger tool,
the Global Positioning System tracking feature, and the application
loader and third-party application download capability.
In addition, the Navy strengthened the lock-and-erase feature on the
devices so that after five unsuccessful log-in attempts they will enter
lock mode and erase all locally stored data. Once a device is locked,
its owner will have to contact the Navys service desk to access the
device and reset its password. While the devices are locked, users will
be allowed to make and receive phone calls, although access to the
devices stored phone book will be blocked.
Also, the increased security settings will turn off the devices antennae
while they are connected to a desktop computer via a USB cable to
disable phone and e-mail communications. While the devices are connected
all phone calls will go directly to a users voice mail, and all pending
e-mails will be delivered after the device is disconnected.
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com