[DarthBBerry]

Quote:

Originally Posted by penguin3107

Jeez... that's a bit drastic.
I think you're making too much work for yourself.

Just wipe the data and reactivate it for a new user.

Nah... JL_CMDR is my friend. LOL

[juwaack68]

Quote:

Originally Posted by DarthBBerry

By the time I get a device back from the user, it's an older one with an older OS. Refresh, refurb and sanitized wipe later... it's good as new.

Yea, that I can understand. Although, in my case it's REALLY hard to upgrade the OS on a Nextel 7520 or 7100i since there isn't any newer software

However, if I get newer devices back (like the Sprint 8830's) I don't wipe the OS, just do a security wipe and toss it in a drawer for the next person.

[Sith_Apprentice]

wiping a device is not something that is done accidentally in *most* cases. Its the user forgot their password and instead of calling in and saying "can you reset my password for me" (which you can do) they keep trying, typing blackberry not once, but twice before the device resets.

[scott_perry]

Quote:

Originally Posted by Sith_Apprentice

wiping a device is not something that is done accidentally in *most* cases. Its the user forgot their password and instead of calling in and saying "can you reset my password for me" (which you can do) they keep trying, typing blackberry not once, but twice before the device resets.

You can reset the password without error only if content protection is not on.

[jsconyers]

Quote:

Originally Posted by scott_perry

You can reset the password without error only if content protection is not on.

Only if you are aware of there being an issue. If the user never contacts you, then they are SOL.

[Sith_Apprentice]

the new OS and new BES 4.1.5 fix the content protection issue. Or at least have for me.

[DarthBBerry]

The main problem I see with the end user giving themselves a new password is accessing the Setup Wizard. NONE of them ever see this as all devices come through me first. I do the setup for them and hide the Wizard icon after wireless OTA synch.

Methinks that iffin I implement an IT policy with password protection enabled, I'm gonna get a LOT busier resetting devices with forgotten passwords!

[juwaack68]

Are you saying you don't enforce a password on any of your devices?? EEK!

[DarthBBerry]

Not presently. It's kinda up to the end user. But we're changing out corporate outlook.

[Sith_Apprentice]

must not have anything on the devices you want to hide then. any lost BB means that anyone can get any information they want until the device is wiped.

[DarthBBerry]

Quote:

Originally Posted by Sith_Apprentice

must not have anything on the devices you want to hide then. any lost BB means that anyone can get any information they want until the device is wiped.

Most of my users call me when they lose their device; usually within 12 hours or less. Then it's a matter of [Click and Lock] from BES. We're looking at alternative options as more secure data is being stored on them.

[Sith_Apprentice]

force a password on the device. and 12 hours is a LONG time to get anything off an unprotected device. heck, they could backup the device. wipe it to get rid of the BES connection, then just restore the information on it, and there would be nothing you could do about it. if you force a password, and have a timeout of say 10min (also lock when holstered), then that is considerably more secure.

On select users on my BES i force a password, and 5 minutes of inactivity causes the device to lock. you could also set it so that it will prompt for the password even when you are using the device, and if the user fails to type in the password prompt it locks the device. (this is a bit overboard IMO, but works)

[DarthBBerry]

Quote:

Originally Posted by Sith_Apprentice

force a password on the device. and 12 hours is a LONG time to get anything off an unprotected device. heck, they could backup the device. wipe it to get rid of the BES connection, then just restore the information on it, and there would be nothing you could do about it. if you force a password, and have a timeout of say 10min (also lock when holstered), then that is considerably more secure.

On select users on my BES i force a password, and 5 minutes of inactivity causes the device to lock. you could also set it so that it will prompt for the password even when you are using the device, and if the user fails to type in the password prompt it locks the device. (this is a bit overboard IMO, but works)

I also remove the USB cable and desktop software before deployment.

[Sith_Apprentice]

those can be picked up anywhere. software is a free download, and the USB cable is a universal cable used for many digital cameras.

[DarthBBerry]

Quote:

Originally Posted by Sith_Apprentice

those can be picked up anywhere. software is a free download, and the USB cable is a universal cable used for many digital cameras.

Not wanting to put them down... but most of my users arent smart enough to figure that out. If it's not in the box, then it doesnt exist for them.

[scott_perry]

I don't think sith is concerned about your users, but rather, the person who took/found the device after your user lost it.

[DarthBBerry]

Quote:

Originally Posted by scott_perry

I don't think sith is concerned about your users, but rather, the person who took/found the device after your user lost it.

If thats the case, the BES push to lock and erase is the first step. Then I call the service provider's TSupport and suspend service to the line.
Mua-ha-ha! The Overlord strikes again!

[penguin3107]

Quote:

Originally Posted by DarthBBerry

If thats the case, the BES push to lock and erase is the first step. Then I call the service provider's TSupport and suspend service to the line.
Mua-ha-ha! The Overlord strikes again!

You're missing the point, DarthBBerry.
You said it can take up to 12 hours for you to be notified of a missing device.
Heck, a BB savvy person can own the device in a few minutes if they wanted to.

In that time, the person who took the device has probably already stolen the data from it, wiped it out, and made it their own. You can send all the lock/kill commands you want from the BES, but they're useless because the device is not likely connected to the BES anymore.

The thief who has your user's device is the one laughing at you... not the other way around.

You should really consider enforcing password use on your devices, and set the timeout to a short duration.
It's your responsibility as a BES Administrator.

[DarthBBerry]

Quote:

Originally Posted by penguin3107

You should really consider enforcing password use on your devices, and set the timeout to a short duration.
It's your responsibility as a BES Administrator.

Hence, why I'm doing this.

[John Clark]

It's a matter of how sensitive the data on the device is. For us, it's just our phone numbers and pins. They can have the emails from my wife asking me to pick up milk on the way home and that I have a trip next Tuesday. If it's not that important, let the users decide. If it's quite sensitive then force lock it.

Backing up a ways, I don't see the issue with the device wiping after incorrect passwords and allowing a new password to be set. The data was protected via wiping it. Sure the new user has access to the phone but that's not a security breach. The setup wizard can be used but to do what with? They can't connect to the BES with it. You still need an activation code that you, the BES Admin has to set. They could setup a BIS email account for their own email....Now they finally have that done and you lock the account because you just found out it's stolen. They didn't get very far. They can, however, put another sim card in it and away they go. You lost a $300 device. That's it.