Title

The BlackBerry Device Service server must support administrator authentication to the server via the Enterprise Authentication Mechanism's authentication. (Cat II impact)

Discussion

In the DoD, Administrator credential requirements for authentication are defined by CTO 07-115Rev1, which is usually enforced by the Enterprise Authentication Mechanism. Non-complaint credential enforcement mechanisms make the DoD IS vulnerable to attack.

Check Content

Local authentication rules are handled by the host Operating system. Remote connection via web browser can be configured to use Microsoft Active Directory authentication during the installation of the BlackBerry Device Server. See the "Install the BlackBerry Device Service software" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 6.2, Installation and Configuration Guide. To ensure correct configuration: 1. Have the BlackBerry Device Service (BDS) Administrator logon to the BDS Server, and ensure authentication was performed via Active Directory. If access to the server is not being authenticated via this method, this is a finding.

Fix Text

Configure the BlackBerry Device Service server to support administrator authentication to the server via the Enterprise Authentication Mechanism's authentication.

Additional Identifiers

Rule ID:

Vulnerability ID: BBDS-00-000305

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.