Check: WIR1315-03
BlackBerry Enterprise Server, Part 2:
WIR1315-03
(in versions v2 r10 through v2 r8)
Title
The BES must be configured to accept only trusted connections to back-office enclave application or web push servers. Push servers are set up to push content to BlackBerry users (e.g., Remedy ticket notification system). (Cat III impact)
Discussion
Only authorized servers should be able to push content to BlackBerry devices.
Check Content
Verify the site has configured the BES to require trusted connections to push enclave application or web servers, using the following procedure: -On the BAS, go to Servers and components >> BlackBerry Solution topology >> BlackBerry Domain >> MDS Connection Service. -Click "Edit components". -Click the "HTTPS" tab. -Verify "Allow Untrusted Servers" is set to "No". -Click the "TLS" tab. -Verify "Allow Untrusted Servers" is set to "No". If any of these settings are not correct, this is a finding. Verify a keystore file has been set up (webserver.keystore) at the following location on the BES: <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\webserver. Look for the keystore file. - If the keystore file is not found, this is a finding.
Fix Text
The BES must be configured to accept only trusted connections to back-office enclave application or web push servers.
Additional Identifiers
Rule ID: SV-21090r3_rule
Vulnerability ID: V-19201
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |