http://www.gcn.com/online/vol1_no1/45301-1.html By John Rendleman GCN October 25, 2007 The Navy has implemented tougher security settings for BlackBerry devices used by naval personnel. Administrators for the Navy-Marine Corps Intranet activated the new settings Oct. 17 for the Navy and Oct. 23 for the Marine Corps. The Office of the Department of the Navys Chief Information Officer based its strengthened security configuration on Wireless Security Technical Implementation Guide (STIG) BlackBerry Security Checklist v5, Release 1.2, published May 23 by the Defense Information Systems Agency, and on additional guidance from the Marine Corps and Navy Designated Approving Authority. The new settings work with readers used to access the Navy-Marine Corps Intranet with Common Access Cards, according to the CIOs office. The changes to the Navys BlackBerry security settings were implemented to protect the devices against unauthorized access and to turn off features that potentially compromised their security. Users received a message on their devices that the new settings had taken effect, and that users did not have to change the settings because the Navy would automatically reset the security settings of all of its devices through updates on the Navys BlackBerry Enterprise Server. The devices will still require a five-character password, incorporating at least one alpha and one numeric character, which users must change every 90 days. The new settings disabled several instant messaging, unencrypted peer-to-peer messaging services, the BlackBerry Instant Messenger tool, the Global Positioning System tracking feature, and the application loader and third-party application download capability. In addition, the Navy strengthened the lock-and-erase feature on the devices so that after five unsuccessful log-in attempts they will enter lock mode and erase all locally stored data. Once a device is locked, its owner will have to contact the Navys service desk to access the device and reset its password. While the devices are locked, users will be allowed to make and receive phone calls, although access to the devices stored phone book will be blocked. Also, the increased security settings will turn off the devices antennae while they are connected to a desktop computer via a USB cable to disable phone and e-mail communications. While the devices are connected all phone calls will go directly to a users voice mail, and all pending e-mails will be delivered after the device is disconnected. __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Fri Oct 26 2007 - 00:43:37 PDT