Add to del.icio.us     Digg this

March 11, 2008

According to Internet security and penetration testing firm NTA Monitor, organizations running the BlackBerry eMail service with Microsoft Exchange are using unencrypted ports and could potentially be the targets of attackers. NTA reveals that most of its customers running the BlackBerry Server with Microsoft Exchange were taking the path of least resistance by opening unencrypted ports from the heart of their network to service providers.

In turn, the service providers opened a return back to the BES that would pass through firewalls but without any policies being applied, which would greatly circumvent the firewall's protection against an attack from the public Internet.

NTA Monitor warns that this leaves the network wide open on several levels, including session hijacking, IP spoofing, or just simply the interception of unencrypted traffic, which could greatly compromise the transmission of sensitive documents and eMails in organizations that simply cannot and should not take that kind of risk.

"The open configuration was no accident of poor implementation, accounting for a sizeable 10-15 of the company's enterprise-level customers using BlackBerry handhelds. (About 70 to 80 percent of the total base NTA surveyed). The commonest cause was simply overall cost," said NTA Monitor's technical manager, Adrian Goodhead.

Roy Hills, NTA's technical director added that "a potential hacker could use this back channel to move around inside an organization totally undetected, removing or sharing confidential information or installing malware on to the network. And this could probably go on for many days before getting detected."

"You have to add various software and hardware. People are trying to keep costs down," added Goodhead.

NTA strongly recommends implementing a BES in a DMZ (demilitarized zone), which would greatly insulate attacks against the server from the public network. But this is a lot of added complexity, and added complexity represents considerable added costs to build and maintain the network.

Overall, NTA characterizes the security hole as low-to-medium in severity because "it requires a fair amount of knowledge" to exploit, but nevertheless one that still needed to be addressed rapidly!

NTA Monitor, which recently found holes in VPNs, offers several general security recommendations for organizations using BES. These include using SSL encryption, enabling content protection on the handheld, disallowing non-approved applications -- including P2P messaging -- and turning off Bluetooth on the handheld.

Goodhead also criticized some service providers for not explaining that a more expensive implementation was usually necessary for important security considerations. For its part, BlackBerry provided a few details on how to implement its technology securely, he said, and so RIM (Research in Motion, the company that developed the BlackBerry) couldn't be blamed.

At least that's what one of RIM's representative claimed recently.

Add to del.icio.us     Digg this

Source: NTA Monitor.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.