So that takes care of the actual mail delivery issue but there is a lurking issue with BIS access. That issue is users giving (or being comfortable with giving) their credentials to another company. Maybe we are just a little too paranoid over here? That is what I think most institutions are getting at when they decide to block BIS access. Don't get me wrong, its important to block new data from getting out onto a phone with no device management or policy enforcement. But the user is also a problem in those cases..
------------------------------------------ Josh Armour MobileOps - Sysadmin [email protected] (541) 205-4262 ------------------------------------------ On Tue, Jul 20, 2010 at 11:08 AM, Jonathan Evenden <[email protected]>wrote: > BES is outbound – just don’t block outbound and you’re fine. You’re > blocking inbound for OWA/BIS, which is what he said in an earlier post. > > > > -- > Jonathan Evenden > Director of IT Consulting > MCP - Microsoft Certified Professional > TNTMAX, LLC. > Technology Solutions by Design > 010101000100111001010100011011010110000101111000 > (201) 891-8686 Main > (201) 891-4672 Fax > > > > [email protected] > 253 Madison Ave, Wyckoff, NJ 07481 > > http://www.tntmax.com > __________________________________________________________________ > NOTICE OF CONFIDENTIALITY > > > > The information contained in this transmission is confidential and may be > privileged and/or contain confidential information that is legally protected > by > state and federal law. This information is intended only for the use of the > individual or organization to whom it is addressed. If it is not meant for > you please notify the sender immediately by telephone so arrangements may be > made to return the documents or destroy them. Use, disclosure, distribution > or copying of documents transmitted to you in error is strictly prohibited. > Thank you. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Darhl Thomason > *Sent:* Tuesday, July 20, 2010 1:43 PM > > *To:* A list for BES Admin's to discuss issues, etc. > *Subject:* Re: [Bes-admins] Prevent personal Blackberriesfrom accessing > company email > > > > HDawg, > > > > Your post shows these addresses as the BIS servers: > > BIS IP Range > > 206.51.26.0/24 > > 193.109.81.0/24 > > 204.187.87.0/24 > > 206.53.144.0/20 > > 216.9.240.0/20 > > 67.233.64.0/19 > > 93.186.16.0/20 > > 68.171.224.0/19 > > > > Another post on your site > http://www.port3101.org/featured-blackberry-kb-articles/793-kb03735-firewall-connection-requirements-blackberry-enterprise-server.htmlshows > the same IP range for BES: > > BES IP Range > > 206.51.26.0 /24 > > 193.109.81.0/24 > > 204.187.87.0/24 > > 216.9.240.0/20 > > 206.53.144.0/20 > > 67.223.64.0/19 > > 93.186.16.0/20 > > 68.171.224.0/19 > > > > Which means that I can’t block those IP’s or BES stops working as well. > > > > Back to the drawing board… > > > > *Darhl Thomason *| SysAdmin | Business Technology > > *Papa Murphy’s* Int'l. | *d* 360-449-4044 | *c* 360-607-5617 | > www.papamurphys.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Darhl Thomason > *Sent:* Tuesday, July 20, 2010 10:28 AM > *To:* A list for BES Admin's to discuss issues, etc. > *Subject:* Re: [Bes-admins] Prevent personal Blackberries from accessing > company email > > > > HDawg, > > > > This looks to be the most promising solution. Is there another list that > shows the BES IP’s? I’d want to make sure that they were allowed, the > ranges provided for BIS are pretty large and I wouldn’t be surprised if they > overlap to some degree. > > > > Thanks! > > > > *Darhl Thomason *| SysAdmin | Business Technology > > *Papa Murphy’s* Int'l. | *d* 360-449-4044 | *c* 360-607-5617 | > www.papamurphys.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *hdawg > *Sent:* Tuesday, July 20, 2010 10:13 AM > *To:* A list for BES Admin's to discuss issues, etc. > *Subject:* Re: [Bes-admins] Prevent personal Blackberries from accessing > company email > > > > BIS can also use OWA. See: > http://www.port3101.org/featured-blackberry-kb-articles/792-kb11036-firewall-connection-requirements-blackberry-internet-service.htmlfor > a list of what IP’s BIS connections are coming from. Block these > inbound connections at the firewall and you’ve blocked BIS. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Jonathan Barker > *Sent:* Tuesday, July 20, 2010 1:09 PM > *To:* A list for BES Admin's to discuss issues, etc. > *Subject:* Re: [Bes-admins] Prevent personal Blackberries from accessing > company email > > > > BIS uses IMAP and POP3. Are you sure it’s turned off? > > > > Other options include offline sync using Desktop manager or a 3rd-party > EAS bridge like AstraSync. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Darhl Thomason > *Sent:* Tuesday, July 20, 2010 9:55 AM > *To:* '[email protected]' > *Subject:* [Bes-admins] Prevent personal Blackberries from accessing > company email > > > > I just found out that we have people with personal Blackberries accessing > their company email, they are definitely not set up on my BES, so I’m > guessing they must be using BIS. How can I prevent them from accessing > their company email on their personal devices? I know it’s not via IMAP or > POP3, we have that turned off at the Exchange level. > > > > Thanks! > > > > *Darhl Thomason *| SysAdmin | Business Technology > > *Papa Murphy’s* Int'l. | *d* 360-449-4044 | *c* 360-607-5617 | > www.papamurphys.com > > ------------------------------------------------------------------------------------ > > Consumer-voted "Best Pizza Chain in America" 2003-2009 > > > > ------------------------------------------------------------------------------------ > > Consumer-voted "Best Pizza Chain in America" 2003-2009 > > > > ------------------------------------------------------------------------------------ > > Consumer-voted "Best Pizza Chain in America" 2003-2009 > > > > > _______________________________________________ > Bes-Admins mailing list > [email protected] > http://www.dataoutages.com/mailman/listinfo/bes-admins > http://www.dataoutages.com > http://www.dataoutagenews.com > RSS Feed: http://feeds.feedburner.com/Bes-admins > --------------------------------- > Bes-Admins mailing list is sponsored by Dataoutagenews.com. > http://www.dataoutagenews.com >
_______________________________________________ Bes-Admins mailing list [email protected] http://www.dataoutages.com/mailman/listinfo/bes-admins http://www.dataoutages.com http://www.dataoutagenews.com RSS Feed: http://feeds.feedburner.com/Bes-admins --------------------------------- Bes-Admins mailing list is sponsored by Dataoutagenews.com. http://www.dataoutagenews.com
