1. greatgadsden's Avatar
    I run a BB 8530 on Sprint BIS. What I am most concerned about with security is my login and password for my email accounts. I don't work in some sort of top secret facility that needs all my email to be encrypted, but I want to know that my login and password are safe. If at all possible, I want the email content itself to also be secure, but I understand that I am not in control of that data once it is delivered to the recipient and quite possibly well before it gets delivered. So, I don't put anything in an email that I wouldn't mind someone else seeing.

    I will admit that I don't understand very much about how email works behind the scenes. On my computer, I have all of my email account set up using SSL incoming and outgoing. I assume that is safe, but like I said I really don't understand how it all works. BIS only allows me to set SSL for incoming servers, so I assume I am just using BIS as my outgoing server, right? I have read about sniffers taking login information from emails while in transit, and want to know if this is something I should be concerned about.

    So, how safe is BIS email?
    01-29-11 07:44 PM
  2. Fubaz's Avatar
    you can start your knowledge journey here

    BlackBerry - Wireless Network Security for Corporate Data
    01-29-11 07:50 PM
  3. n8ter#AC's Avatar
    SSL is safe enough for consumer email. For business email it's a joke especially when you have hackers and the like always trying to get the goods.

    BES is ridiculously secure. BIS is about as secure as an ActiveSync connection (the SSL, I mean, since BIS isn't a dead server connection, but PIN Pushed).
    01-29-11 10:11 PM
  4. greatgadsden's Avatar
    I am in the process of setting up PGP on my work computers. I am pretty concerned about the data on the computers. The emails, like I said, I don't send anything that I wouldn't want anyone else to see. So, my main concern really is just the login credentials. Is that at least secure?
    01-29-11 11:56 PM
  5. Laura Knotek's Avatar
    I am in the process of setting up PGP on my work computers. I am pretty concerned about the data on the computers. The emails, like I said, I don't send anything that I wouldn't want anyone else to see. So, my main concern really is just the login credentials. Is that at least secure?
    Are you running Exchange? If so, you could use BESX. BlackBerry Enterprise Server Express: Frequently Asked Questions | Inside BlackBerry
    01-30-11 12:09 AM
  6. greatgadsden's Avatar
    We use a shared server, so we don't have much control there. Maybe in the next year or so we will be able to step up to our own server, but until then it's cost prohibitive.
    01-30-11 12:17 AM
  7. greatgadsden's Avatar
    So, are you suggesting that my SSL login credentials aren't safe using BIS? Can they be sniffed?
    01-30-11 01:46 PM
  8. pbflash's Avatar
    Login information is not transmitted with emails. Your credentials are used to check for incoming emails only. They are not used for sending email. When you send an email from your BB, it uses RIM's outgoing mail server.
    01-30-11 03:53 PM
  9. geneticx's Avatar
    I actually had a similar question, If you have a blackberry with BIS and you connect to an exchange server using OWA (outlook web app) is the communication from the device to the exchange encrypted? I understand that when you access your email via POP3,IMAP, or OWA the connection from the phone to the NOC is unencrypted.

    When I connect to OWA in a regular browser I can see an HTTPS (SSL) connection established is this the same with blackberries or is unencrypted traffic?

    Thanks!
    01-31-11 10:58 AM
  10. greatgadsden's Avatar
    Login information is not transmitted with emails. Your credentials are used to check for incoming emails only. They are not used for sending email. When you send an email from your BB, it uses RIM's outgoing mail server.
    I just scoured the net looking for the article I read that in, and finally found it again. Here is the article, it's kind of old.
    Tor Experiment Proves You Should Use SSL for Email
    Now I see it was talking about TOR servers. I understand that is nothing like what my email goes out on, so I guess it doesn't apply. I just ready that and freaked out a little bit! Now that I think about it, it makes sense that I am sending out on the RIM server. Of course I never set up outgoing email servers on my BB, so I should have known that.

    So, to sum it all up, it's cool man! Right? I have been reading all over the net and some people say there is no encryption when sending mail on BIS. Then, other people say that the BIS system is as secure as sending mail on BES. So, it's really confusing.
    01-31-11 08:07 PM
LINK TO POST COPIED TO CLIPBOARD