The BES must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users (e.g., Remedy ticket notification system).

From BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide

Part of BES set up for trusted connect to servers

SV-21090r3_rule The BES must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users (e.g., Remedy ticket notification system).

Vulnerability discussion

Only authorized servers should be able to push content to BlackBerry devices.

Check content

Verify the site has configured the BES to require trusted connections to push enclave application or web servers, using the following procedure: -On the BAS, go to Servers and components >> BlackBerry Solution topology >> BlackBerry Domain >> MDS Connection Service. -Click "Edit components". -Click the "HTTPS" tab. -Verify "Allow Untrusted Servers" is set to "No". -Click the "TLS" tab. -Verify "Allow Untrusted Servers" is set to "No". If any of these settings are not correct, this is a finding. Verify a keystore file has been set up (webserver.keystore) at the following location on the BES: :\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\webserver. Look for the keystore file. - If the keystore file is not found, this is a finding.

Fix text

The BES must be configured to accept only trusted connections to back-office enclave application or web push servers.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.