Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email
The data that goes through rim is encrypted though from the phone to the server. -- Josh Armour MobileOps - Sysadmin jarm...@google.com (541) 205-4262 -- On Wed, Jul 21, 2010 at 2:39 AM, Sebastian Piech spi...@xanai.pl wrote: (It's my first post here so hello everybody) At 20.07.2010 20:06, Josh Armour wrote: That issue is users giving (or being comfortable with giving) their credentials to another company. Maybe we are just a little too paranoid over here? Josh, few posts before you also wrote that no matter how reputable the company, users should simply not be sharing their user and password. Generally you're right with this all but notice that using BlackBerry, regardless BIS or BES solution, means sending your data (not only credentials) to other parties: to the RIM company and then to wireless operators. However it's a little bit off-topic but not only BB makes such security issues. It's a part of general problem with using third party solutions to sharing company data (instant messaging, videoconference software, etc.). Best Regards Sebastian Piech Xanai Research ___ Bes-Admins mailing list Bes-Admins@dataoutages.com http://www.dataoutages.com/mailman/listinfo/bes-admins http://www.dataoutages.com http://www.dataoutagenews.com RSS Feed: http://feeds.feedburner.com/Bes-admins - Bes-Admins mailing list is sponsored by Dataoutagenews.com. http://www.dataoutagenews.com ___ Bes-Admins mailing list Bes-Admins@dataoutages.com http://www.dataoutages.com/mailman/listinfo/bes-admins http://www.dataoutages.com http://www.dataoutagenews.com RSS Feed: http://feeds.feedburner.com/Bes-admins - Bes-Admins mailing list is sponsored by Dataoutagenews.com. http://www.dataoutagenews.com
Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email
BES is outbound - just don't block outbound and you're fine. You're blocking inbound for OWA/BIS, which is what he said in an earlier post. -- Jonathan Evenden Director of IT Consulting MCP - Microsoft Certified Professional TNTMAX, LLC. Technology Solutions by Design 0101010001001110010101000110110101110000 (201) 891-8686 Main (201) 891-4672 Fax jeven...@tntmax.com 253 Madison Ave, Wyckoff, NJ 07481 http://www.tntmax.com __ NOTICE OF CONFIDENTIALITY The information contained in this transmission is confidential and may be privileged and/or contain confidential information that is legally protected by state and federal law. This information is intended only for the use of the individual or organization to whom it is addressed. If it is not meant for you please notify the sender immediately by telephone so arrangements may be made to return the documents or destroy them. Use, disclosure, distribution or copying of documents transmitted to you in error is strictly prohibited. Thank you. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 1:43 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email HDawg, Your post shows these addresses as the BIS servers: BIS IP Range 206.51.26.0/24 193.109.81.0/24 204.187.87.0/24 206.53.144.0/20 216.9.240.0/20 67.233.64.0/19 93.186.16.0/20 68.171.224.0/19 Another post on your site http://www.port3101.org/featured-blackberry-kb-articles/793-kb03735-fire wall-connection-requirements-blackberry-enterprise-server.html shows the same IP range for BES: BES IP Range 206.51.26.0 /24 193.109.81.0/24 204.187.87.0/24 216.9.240.0/20 206.53.144.0/20 67.223.64.0/19 93.186.16.0/20 68.171.224.0/19 Which means that I can't block those IP's or BES stops working as well. Back to the drawing board... Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.com http://www.papamurphys.com From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 10:28 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email HDawg, This looks to be the most promising solution. Is there another list that shows the BES IP's? I'd want to make sure that they were allowed, the ranges provided for BIS are pretty large and I wouldn't be surprised if they overlap to some degree. Thanks! Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.com http://www.papamurphys.com From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of hdawg Sent: Tuesday, July 20, 2010 10:13 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS can also use OWA. See: http://www.port3101.org/featured-blackberry-kb-articles/792-kb11036-fire wall-connection-requirements-blackberry-internet-service.html for a list of what IP's BIS connections are coming from. Block these inbound connections at the firewall and you've blocked BIS. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Jonathan Barker Sent: Tuesday, July 20, 2010 1:09 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS uses IMAP and POP3. Are you sure it's turned off? Other options include offline sync using Desktop manager or a 3rd-party EAS bridge like AstraSync. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 9:55 AM To: 'bes-admins@dataoutages.com' Subject: [Bes-admins] Prevent personal Blackberries from accessing company email I just found out that we have people with personal Blackberries accessing their company email, they are definitely not set up on my BES, so I'm guessing they must be using BIS. How can I prevent them from accessing their company email on their personal devices? I know it's not via IMAP or POP3, we have that turned off at the Exchange level. Thanks! Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.com http://www.papamurphys.com Consumer-voted Best Pizza Chain in America 2003-2009 Consumer-voted Best Pizza
Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email
I saw that. I had already sent this one before his reply hit my inbox. That's what I'm configuring now. Thanks everyone for the thoughts, ideas, and solutions. d Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.comhttp://www.papamurphys.com From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Jonathan Evenden Sent: Tuesday, July 20, 2010 11:08 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email BES is outbound - just don't block outbound and you're fine. You're blocking inbound for OWA/BIS, which is what he said in an earlier post. -- Jonathan Evenden Director of IT Consulting MCP - Microsoft Certified Professional TNTMAX, LLC. Technology Solutions by Design 0101010001001110010101000110110101110000 (201) 891-8686 Main (201) 891-4672 Fax jeven...@tntmax.commailto:jeven...@tntmax.com 253 Madison Ave, Wyckoff, NJ 07481 http://www.tntmax.com __ NOTICE OF CONFIDENTIALITY The information contained in this transmission is confidential and may be privileged and/or contain confidential information that is legally protected by state and federal law. This information is intended only for the use of the individual or organization to whom it is addressed. If it is not meant for you please notify the sender immediately by telephone so arrangements may be made to return the documents or destroy them. Use, disclosure, distribution or copying of documents transmitted to you in error is strictly prohibited. Thank you. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 1:43 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email HDawg, Your post shows these addresses as the BIS servers: BIS IP Range 206.51.26.0/24 193.109.81.0/24 204.187.87.0/24 206.53.144.0/20 216.9.240.0/20 67.233.64.0/19 93.186.16.0/20 68.171.224.0/19 Another post on your site http://www.port3101.org/featured-blackberry-kb-articles/793-kb03735-firewall-connection-requirements-blackberry-enterprise-server.html shows the same IP range for BES: BES IP Range 206.51.26.0 /24 193.109.81.0/24 204.187.87.0/24 216.9.240.0/20 206.53.144.0/20 67.223.64.0/19 93.186.16.0/20 68.171.224.0/19 Which means that I can't block those IP's or BES stops working as well. Back to the drawing board... Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.comhttp://www.papamurphys.com From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 10:28 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email HDawg, This looks to be the most promising solution. Is there another list that shows the BES IP's? I'd want to make sure that they were allowed, the ranges provided for BIS are pretty large and I wouldn't be surprised if they overlap to some degree. Thanks! Darhl Thomason | SysAdmin | Business Technology Papa Murphy's Int'l. | d 360-449-4044 | c 360-607-5617 | www.papamurphys.comhttp://www.papamurphys.com From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of hdawg Sent: Tuesday, July 20, 2010 10:13 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS can also use OWA. See: http://www.port3101.org/featured-blackberry-kb-articles/792-kb11036-firewall-connection-requirements-blackberry-internet-service.html for a list of what IP's BIS connections are coming from. Block these inbound connections at the firewall and you've blocked BIS. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Jonathan Barker Sent: Tuesday, July 20, 2010 1:09 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS uses IMAP and POP3. Are you sure it's turned off? Other options include offline sync using Desktop manager or a 3rd-party EAS bridge like AstraSync. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 9:55 AM To: 'bes-admins@dataoutages.com' Subject: [Bes-admins] Prevent personal Blackberries from accessing company email I just found out that we have people with personal Blackberries accessing their company email, they are definitely not set up on my BES, so I'm guessing they must be using BIS
Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email
I think you are just paranoid enough. From: Josh Armour jarm...@google.com To: A list for BES Admin's to discuss issues, etc. bes-admins@dataoutages.com Sent: Tue, July 20, 2010 11:06:53 AM Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email So that takes care of the actual mail delivery issue but there is a lurking issue with BIS access. That issue is users giving (or being comfortable with giving) their credentials to another company. Maybe we are just a little too paranoid over here? That is what I think most institutions are getting at when they decide to block BIS access. Don't get me wrong, its important to block new data from getting out onto a phone with no device management or policy enforcement. But the user is also a problem in those cases.. -- Josh Armour MobileOps - Sysadmin jarm...@google.com (541) 205-4262 -- On Tue, Jul 20, 2010 at 11:08 AM, Jonathan Evenden jeven...@tntmax.com wrote: BES is outbound – just don’t block outbound and you’re fine. You’re blocking inbound for OWA/BIS, which is what he said in an earlier post. -- Jonathan Evenden Director of IT Consulting MCP - Microsoft Certified Professional TNTMAX, LLC. Technology Solutions by Design 0101010001001110010101000110110101110000 (201) 891-8686 Main (201) 891-4672 Fax jeven...@tntmax.com 253 Madison Ave, Wyckoff, NJ 07481 http://www.tntmax.com __ NOTICE OF CONFIDENTIALITY The information contained in this transmission is confidential and may be privileged and/or contain confidential information that is legally protected by state and federal law. This information is intended only for the use of the individual or organization to whom it is addressed. If it is not meant for you please notify the sender immediately by telephone so arrangements may be made to return the documents or destroy them. Use, disclosure, distribution or copying of documents transmitted to you in error is strictly prohibited. Thank you. From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 1:43 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email HDawg, Your post shows these addresses as the BIS servers: BIS IP Range 206.51.26.0/24 193.109.81.0/24 204.187.87.0/24 206.53.144.0/20 216.9.240.0/20 67.233.64.0/19 93.186.16.0/20 68.171.224.0/19 Another post on your site http://www.port3101.org/featured-blackberry-kb-articles/793-kb03735-firewall-connection-requirements-blackberry-enterprise-server.html shows the same IP range for BES: BES IP Range 206.51.26.0 /24 193.109.81.0/24 204.187.87.0/24 216.9.240.0/20 206.53.144.0/20 67.223.64.0/19 93.186.16.0/20 68.171.224.0/19 Which means that I can’t block those IP’s or BES stops working as well. Back to the drawing board… Darhl Thomason | SysAdmin | Business Technology Papa Murphy’sInt'l. | d360-449-4044 | c360-607-5617 | www.papamurphys.com From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 10:28 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email HDawg, This looks to be the most promising solution. Is there another list that shows the BES IP’s? I’d want to make sure that they were allowed, the ranges provided for BIS are pretty large and I wouldn’t be surprised if they overlap to some degree. Thanks! Darhl Thomason | SysAdmin | Business Technology Papa Murphy’sInt'l. | d360-449-4044 | c360-607-5617 | www.papamurphys.com From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of hdawg Sent: Tuesday, July 20, 2010 10:13 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS can also use OWA. See: http://www.port3101.org/featured-blackberry-kb-articles/792-kb11036-firewall-connection-requirements-blackberry-internet-service.html for a list of what IP’s BIS connections are coming from. Block these inbound connections at the firewall and you’ve blocked BIS. From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Jonathan Barker Sent: Tuesday, July 20, 2010 1:09 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS uses IMAP and POP3. Are you sure it’s turned off? Other options include offline sync using Desktop manager or a 3rd-party EAS bridge like AstraSync. From:bes-admins-boun
Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email
There is no IT Policy to simply disable BIS? From: Darhl Thomason dar...@papamurphys.com To: A list for BES Admin's to discuss issues, etc. bes-admins@dataoutages.com Sent: Tue, July 20, 2010 2:03:18 PM Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email I saw that. I had already sent this one before his reply hit my inbox. That’s what I’m configuring now. Thanks everyone for the thoughts, ideas, and solutions. d Darhl Thomason | SysAdmin | Business Technology Papa Murphy’sInt'l. | d360-449-4044 | c360-607-5617 | www.papamurphys.com From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Jonathan Evenden Sent: Tuesday, July 20, 2010 11:08 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email BES is outbound – just don’t block outbound and you’re fine. You’re blocking inbound for OWA/BIS, which is what he said in an earlier post. -- Jonathan Evenden Director of IT Consulting MCP - Microsoft Certified Professional TNTMAX, LLC. Technology Solutions by Design 0101010001001110010101000110110101110000 (201) 891-8686 Main (201) 891-4672 Fax jeven...@tntmax.com 253 Madison Ave, Wyckoff, NJ 07481 http://www.tntmax.com __ NOTICE OF CONFIDENTIALITY The information contained in this transmission is confidential and may be privileged and/or contain confidential information that is legally protected by state and federal law. This information is intended only for the use of the individual or organization to whom it is addressed. If it is not meant for you please notify the sender immediately by telephone so arrangements may be made to return the documents or destroy them. Use, disclosure, distribution or copying of documents transmitted to you in error is strictly prohibited. Thank you. From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 1:43 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email HDawg, Your post shows these addresses as the BIS servers: BIS IP Range 206.51.26.0/24 193.109.81.0/24 204.187.87.0/24 206.53.144.0/20 216.9.240.0/20 67.233.64.0/19 93.186.16.0/20 68.171.224.0/19 Another post on your site http://www.port3101.org/featured-blackberry-kb-articles/793-kb03735-firewall-connection-requirements-blackberry-enterprise-server.html shows the same IP range for BES: BES IP Range 206.51.26.0 /24 193.109.81.0/24 204.187.87.0/24 216.9.240.0/20 206.53.144.0/20 67.223.64.0/19 93.186.16.0/20 68.171.224.0/19 Which means that I can’t block those IP’s or BES stops working as well. Back to the drawing board… Darhl Thomason | SysAdmin | Business Technology Papa Murphy’sInt'l. | d360-449-4044 | c360-607-5617 | www.papamurphys.com From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 10:28 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email HDawg, This looks to be the most promising solution. Is there another list that shows the BES IP’s? I’d want to make sure that they were allowed, the ranges provided for BIS are pretty large and I wouldn’t be surprised if they overlap to some degree. Thanks! Darhl Thomason | SysAdmin | Business Technology Papa Murphy’sInt'l. | d360-449-4044 | c360-607-5617 | www.papamurphys.com From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of hdawg Sent: Tuesday, July 20, 2010 10:13 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS can also use OWA. See: http://www.port3101.org/featured-blackberry-kb-articles/792-kb11036-firewall-connection-requirements-blackberry-internet-service.html for a list of what IP’s BIS connections are coming from. Block these inbound connections at the firewall and you’ve blocked BIS. From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Jonathan Barker Sent: Tuesday, July 20, 2010 1:09 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS uses IMAP and POP3. Are you sure it’s turned off? Other options include offline sync using Desktop manager or a 3rd-party EAS bridge like AstraSync. From:bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 9:55 AM To: 'bes-admins@dataoutages.com' Subject: [Bes-admins
Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email
There is a great way to find out: http://docs.blackberry.com/en/admin/deliverables/16679/BlackBerry_Enterprise_Server-Policy_Reference_Guide-T323212-1063796-0616124539-001-5.0.2-US.pdf or, yes, there is a way to do this via IT Policy. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of steveaschett...@yahoo.com Sent: Tuesday, July 20, 2010 3:43 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email There is no IT Policy to simply disable BIS? _ From: Darhl Thomason dar...@papamurphys.com To: A list for BES Admin's to discuss issues, etc. bes-admins@dataoutages.com Sent: Tue, July 20, 2010 2:03:18 PM Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email I saw that. I had already sent this one before his reply hit my inbox. That’s what I’m configuring now. Thanks everyone for the thoughts, ideas, and solutions. d Darhl Thomason | SysAdmin | Business Technology Papa Murphy’s Int'l. | d 360-449-4044 | c 360-607-5617 | http://www.papamurphys.com/ www.papamurphys.com From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Jonathan Evenden Sent: Tuesday, July 20, 2010 11:08 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email BES is outbound – just don’t block outbound and you’re fine. You’re blocking inbound for OWA/BIS, which is what he said in an earlier post. -- Jonathan Evenden Director of IT Consulting MCP - Microsoft Certified Professional TNTMAX, LLC. Technology Solutions by Design 0101010001001110010101000110110101110000 (201) 891-8686 Main (201) 891-4672 Fax jeven...@tntmax.com 253 Madison Ave, Wyckoff, NJ 07481 http://www.tntmax.com http://www.tntmax.com/ __ NOTICE OF CONFIDENTIALITY The information contained in this transmission is confidential and may be privileged and/or contain confidential information that is legally protected by state and federal law. This information is intended only for the use of the individual or organization to whom it is addressed. If it is not meant for you please notify the sender immediately by telephone so arrangements may be made to return the documents or destroy them. Use, disclosure, distribution or copying of documents transmitted to you in error is strictly prohibited. Thank you. From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 1:43 PM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberriesfrom accessing company email HDawg, Your post shows these addresses as the BIS servers: BIS IP Range 206.51.26.0/24 193.109.81.0/24 204.187.87.0/24 206.53.144.0/20 216.9.240.0/20 67.233.64.0/19 93.186.16.0/20 68.171.224.0/19 Another post on your site http://www.port3101.org/featured-blackberry-kb-articles/793-kb03735-firewall-connection-requirements-blackberry-enterprise-server.html shows the same IP range for BES: BES IP Range 206.51.26.0 /24 193.109.81.0/24 204.187.87.0/24 216.9.240.0/20 206.53.144.0/20 67.223.64.0/19 93.186.16.0/20 68.171.224.0/19 Which means that I can’t block those IP’s or BES stops working as well. Back to the drawing board… Darhl Thomason | SysAdmin | Business Technology Papa Murphy’s Int'l. | d 360-449-4044 | c 360-607-5617 | http://www.papamurphys.com/ www.papamurphys.com From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of Darhl Thomason Sent: Tuesday, July 20, 2010 10:28 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email HDawg, This looks to be the most promising solution. Is there another list that shows the BES IP’s? I’d want to make sure that they were allowed, the ranges provided for BIS are pretty large and I wouldn’t be surprised if they overlap to some degree. Thanks! Darhl Thomason | SysAdmin | Business Technology Papa Murphy’s Int'l. | d 360-449-4044 | c 360-607-5617 | http://www.papamurphys.com/ www.papamurphys.com From: bes-admins-boun...@dataoutages.com [mailto:bes-admins-boun...@dataoutages.com] On Behalf Of hdawg Sent: Tuesday, July 20, 2010 10:13 AM To: A list for BES Admin's to discuss issues, etc. Subject: Re: [Bes-admins] Prevent personal Blackberries from accessing company email BIS can also use OWA. See: http://www.port3101.org/featured-blackberry-kb-articles/792-kb11036-firewall-connection-requirements-blackberry-internet-service.html for a list of what IP’s BIS connections are coming from. Block