Is there an easy way to pull a custom report from the BES database? Or do I
need to go directly to the tables and figure out what tables/columns everything
is in? Is there a reference for where that data is located in the tables?
I need a report that shows:
User Name
Model
ESN
PIN
Carrier
OS
I just found out that we have people with personal Blackberries accessing their
company email, they are definitely not set up on my BES, so I'm guessing they
must be using BIS. How can I prevent them from accessing their company email
on their personal devices? I know it's not via IMAP or
We allow people to do that here, they configure it as a webmail account
like a Yahoo or gmail
From: bes-admins-boun...@dataoutages.com
[mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason
Sent: Tuesday, July 20, 2010 12:55 PM
To: 'bes-admins@dataoutages.com'
Subject:
You are correct, it would be BIS - configured at the store they
purchased the phone from.
I was at Verizon the other day and this is the conversation that I
heard...
TECH:Sure, you don't need the $45 dollar (data) plan, just get the
$30 buck one and Ill show you how to access your
BIS uses IMAP and POP3. Are you sure it's turned off?
Other options include offline sync using Desktop manager or a 3rd-party EAS
bridge like AstraSync.
From: bes-admins-boun...@dataoutages.com
[mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason
Sent: Tuesday, July 20,
They're using Outlook Web Access to sync. Not sure you can prevent that
but if possible I would look in IIS without disabling OWA entirely.
From: bes-admins-boun...@dataoutages.com
[mailto:bes-admins-boun...@dataoutages.com] On Behalf Of DOWER, BRIAN
Sent:
BIS can also use OWA. See:
http://www.port3101.org/featured-blackberry-kb-articles/792-kb11036-firewall-connection-requirements-blackberry-internet-service.htm
l for a list of what IP's BIS connections are coming from. Block these inbound
connections at the firewall and you've blocked BIS.
Yes, its usually IMAP/POP3 for BIS access.
I have considered identifying RIM's BIS IP range and blocking at the
firewall level. If those IP's are only used for BIS email access and I dont
want that.
What about IT Policy that blocks the service book? I think that this would
only block the
Ugh!
Is there any way to prevent BIS from accessing corporate email? I set up a
test account and it looks like it is accessing via OWA, but I cannot turn off
OWA as that is the main method our stores use to get email.
Darhl Thomason | SysAdmin | Business Technology
Papa Murphy's Int'l. | d
Yes:
http://www.port3101.org/featured-blackberry-kb-articles/793-kb03735-firewall-connection-requirements-blackberry-enterprise-server.ht
ml.
Keep in mind that all you have to do is explicitly deny port 80/443 to these IP
addresses to block access to OWA. Also, keep in
mind that with BES
The ONLY way is by users' hardcoding username/password combos on BBs.
This is a complete security meltdown. My CIO is melting in his chair
now while hearing the words in this thread.
It basically comes down to policy. Not only is it a security issue for
corporate data and such, you also
There is a difference though between the user providing their credential to
the OWA service themselves and giving their credentials to RIM or the
Carrier to check the email for them.
--
Josh Armour
MobileOps - Sysadmin
jarm...@google.com
(541) 205-4262
HDawg,
Your post shows these addresses as the BIS servers:
BIS IP Range
206.51.26.0/24
193.109.81.0/24
204.187.87.0/24
206.53.144.0/20
216.9.240.0/20
67.233.64.0/19
93.186.16.0/20
68.171.224.0/19
Another post on your site
BES is outbound - just don't block outbound and you're fine. You're
blocking inbound for OWA/BIS, which is what he said in an earlier post.
--
Jonathan Evenden
Director of IT Consulting
MCP - Microsoft Certified Professional
TNTMAX, LLC.
Technology Solutions by Design
Just saw that, didn't realize that BES was outbound initiated, but good to know
that I can block the inbound 80/443 from that IP range to block the BIS.
Thanks!
Darhl Thomason | SysAdmin | Business Technology
Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 |
The documentation that RIM puts out is pretty good. Problem being . most
people don't take the time to read through it. It gives
you recommendations on ways to meet your security requirements; just need to
put in the effort.
From: bes-admins-boun...@dataoutages.com
I saw that. I had already sent this one before his reply hit my inbox.
That's what I'm configuring now.
Thanks everyone for the thoughts, ideas, and solutions.
d
Darhl Thomason | SysAdmin | Business Technology
Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 |
Yes, I got it, sorry. I had sent this before your other message hit my inbox.
I was just too quick on the reply.
d
Darhl Thomason | SysAdmin | Business Technology
Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 |
www.papamurphys.comhttp://www.papamurphys.com
From:
I think you are just paranoid enough.
From: Josh Armour jarm...@google.com
To: A list for BES Admin's to discuss issues, etc.
bes-admins@dataoutages.com
Sent: Tue, July 20, 2010 11:06:53 AM
Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing
nothing - we use 2 factor auth to a reverse proxy - no public OWA without.
- Original Message
From: wrbdec...@gmail.com wrbdec...@gmail.com
To: A list for BES Admin's to discuss issues, etc.
bes-admins@dataoutages.com
Sent: Tue, July 20, 2010 11:11:19 AM
Subject: Re: [Bes-admins]
Exactly my point. If you open OWA you run a huge risk regardless. Anyone can go
to any pc with an internet connection and log in. Anyone can get credentials.
Sent via BlackBerry by ATT
-Original Message-
From: Don Andrews don.andrews_safe...@yahoo.com
Date: Tue, 20 Jul 2010 11:48:53
There is no IT Policy to simply disable BIS?
From: Darhl Thomason dar...@papamurphys.com
To: A list for BES Admin's to discuss issues, etc.
bes-admins@dataoutages.com
Sent: Tue, July 20, 2010 2:03:18 PM
Subject: Re: [Bes-admins] Prevent personal
There is a great way to find out:
http://docs.blackberry.com/en/admin/deliverables/16679/BlackBerry_Enterprise_Server-Policy_Reference_Guide-T323212-1063796-0616124539-001-5.0.2-US.pdf
or, yes, there is a way to do this via IT Policy.
From: bes-admins-boun...@dataoutages.com
23 matches
Mail list logo