The BlackBerry Device Service server must be configured so the connection between the BlackBerry Device Service server and the mobile device is initiated based on an out-bound connection request from the BlackBerry Device Service server only.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| BBDS-00-000335 | BBDS-00-000335 | BBDS-00-000335_rule | Low |
| Description |
|---|
| By configuring the BlackBerry Device Service server to connect to the mobile device on an out-bound connection, the traffic is segregated which made it more difficult for an intruder to compromise the device management session. |
| STIG | Date |
|---|---|
| BlackBerry Device Service 6.2 STIG | 2013-05-03 |
Details
| Check Text ( C-BBDS-00-000335_chk ) |
|---|
| By default, the connection between the BlackBerry Device Service server and the mobile device is initiated based on an out-bound connection request from the BlackBerry Device Service server only. No configuration or modification is required on the server; however, the corporate firewall must be configured for this connection. See the Firewall configuration settings in the "Architecture: BlackBerry Device Service" section of the Blackberry Enterprise Service 10 BlackBerry Device Service Solution Version: 6.2 Security Technical Overview document. If the system has not been configured so the connection between the BlackBerry Device Service server and the mobile device is initiated based on an out-bound connection request from the BlackBerry Device Service server only, this is a finding. |
| Fix Text (F-BBDS-00-000335_fix) |
|---|
| Configure the system so the connection between the BlackBerry Device Service server and the mobile device is initiated based on an out-bound connection request from the BlackBerry Device Service server only. |