From BlackBerry Enterprise Server (version 5.x), Part 2 Security Technical Implementation Guide
Part of Disable BES MDS CS document search -01
The BES MDS Connection Service allows BlackBerry users to search the enclave for files and documents of interest to the user without any authentication requirements to the enclave. Access control requirements of the network can be bypassed.
Detailed Policy Requirements: The BES must be configured so that all network file share access by BlackBerry users has been blocked. A high-level "deny all" Access Control Rule policy must be set up and assigned to each user or group account. Check Procedures: Verify all user and group accounts have been assigned an Access Control Rule. On the BES, do the following: Select at least 20 user/group accounts at random from different offices/sites. Go to each selected user/group account: BAS >> BlackBerry solution management >> User >> Manage users >> select user >> Access control rules tab. Verify each user has been assigned an Access Control Rule. Write down the name of each Access Control Rule assigned to each account (the settings of each rule will be verified in WIR1350-02). If any user or group account has not been assigned an Access Control Rule, this is a finding.
The BES MDS Connection Service will be configured to disable browsing on the enclave for files and documents of interest. Each user and group account is assigned an Access Control Rule.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer