Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Especificações descarregar pdf (Página 8)

Attack Surface Analysis of BlackBerry Devices

It's worth mentioning that the signing keys are encrypted on the host by default, and the user must enter a

password in order to decrypt the keys and initiate the code signing process. Offline brute force cracking of

this key is not possible, because the only way to know if the key has been decrypted correctly is to initiate

code signing with RIM across the network and to wait and see if it has been successful. The code signing

process is monitored by RIM for anomalies such as a significant number of failed signing attempts

, so

attempts to crack the password online would be noticed. However, if the signing host was sufficiently com-

promised, other methods such as keystroke logging spyware could be used to obtain the password.

Mitigation Strategies

As mentioned previously, consumer devices are generally configured to use BlackBerry Internet Service

(BIS), while enterprise devices are generally configured to use BlackBerry Enterprise Server (BES). Outlined

below are the general settings and options that can be used to secure a BlackBerry device in either config-

uration. Each of the attacks in this document is additionally accompanied by a section describing how to

mitigate that attack using the settings described below.

For more information see "Protecting the BlackBerry device platform against malware"

and "BlackBerry

Application Control"

from RIM. See "Placing the BlackBerry Enterprise Server in a segmented network"

for information on using a DMZ configuration to further lower the risk posed by a potential compromise.

Note that Symantec does not recommend applying any of the mitigations strategies described in this docu-

ment unless the scope and impact of those changes have been thoroughly explored and understood.

Individual deployments vary widely in their configuration and requirements, and the settings described

herein may not be suitable for certain deployments. This information is a guideline only.

BIS Deployment

Application Permissions

Default permissions or permissions for specific applications can be set on the BlackBerry by going to the

following menu:

Options > Security Options > Application Permissions

The user is then presented with a list of installed applications as in Figure 2. By pressing the menu key

(Figure 3), the user can then edit the permissions for a chosen application, or change the default permis-

sions for all third-party applications. Permissions can be set for three broad areas: "Connections"

"Interactions" and "User Data". These can be set to "Allow" or "Deny". Alternatively they can be set to

"Custom", in which case more granular permissions are set for individual areas, as described in the table

below and Figure 4 and Figure 5.

1 2 3 4 5 6 7 8 9 10 11 12 13 ... 38 39

Sem comentários

Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Especificações Página 8