Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

Reply
Contributor
arcastor
Posts: 17
Registered: ‎06-13-2008

Secure BES implementation

Hi all,

 

I need again your advices :smileywink:

 

What is the most secure BES implementation?

 

Router in DMZ and all other components in my LAN? In this case what should I open in the firewall? 3101 in outbound for router but between router and BES?

 

Thanks by advance

Arcastor 

Please use plain text.
Contributor
amey
Posts: 28
Registered: ‎04-14-2008

Re: Secure BES implementation

Hi,

 

It is a good move to keep the BlackBerry router in the DMZ.

 

Here what you are expected to do:

 1) BES with all of its components services in the internal LAN network. (You may also be including the router service)

2) Second BES application with only router service installed between two firewalls.

3) BES communicating with the router BES on 3101 port and internal IP address (A).

4) Router BES communicating with Relay server IP address (B) through the firewall on port 3101.

 {BES (with all service)} -|-(Firewall) - - {BES (with only router service)(A)} - - (Firewall) -int|ext -{BlackBerry Relay Server(B))

 

Cheers ..........."_"

 

 

Please use plain text.
Forums Veteran II
AndyDufresne
Posts: 2,745
Registered: ‎04-01-2008

Re: Secure BES implementation

... make sure to put the server in a rack, and lock the rack.  Put a door on the room that the server rack is in and put a lock on it.  Secure it with biometrics too.

 

Are you using Exchange BES?  You could lock down the RPC ports being used ... perhaps use IPSec.

 

Are you looking to secure end to end?  using content encryption?  two factor auth on everything?

 

There are so many different things here, what are you looking to really do?  What do you want to secure?  If "everything", I'm guessing you really haven't thought about it well enough; be specific and state what you're looking to secure.

------------------------------
If you've found a solution through a post; please mark it as a solution.
If someone's was particularly helpful, give them kudo's!.


Get busy living, or get busy dying.

http://blog.port3101.org/hdawg/
Please use plain text.