Secure Computing Corporation warned that organizations that have installed their BlackBerry server behind their gateway security devices could be subject to a hacking attack.
This is likely to occur when security researcher Jesse D'Aguanno is scheduled to release the code for his BlackBerry hack anytime now.
The soon to be released hacking program called BBProxy can be installed on a BlackBerry or sent as an e-mail attachment to an unsuspecting user.
Servers connecting to the public Internet have an inherent risk. Isolating these Internet facing servers reduces the risk of a compromised server providing access to other critical servers. Hence due diligence would require that any Internet facing server like a BlackBerry server should be isolated on its own DMZ segment.
Only those connections necessary to facilitate the operation of the BlackBerry server should be permitted. The BlackBerry server should not be permitted to open arbitrary connections to the internal network or Internet
The mail server that is working with the BlackBerry server is an Internet facing server and should be isolated on its own separate DMZ.
Only those connections necessary to facilitate the normal operation of the mail server should be permitted. The mail server should not be permitted to open arbitrary connections to the internal network or Internet
Internal users should not be permitted to open arbitrary connections to either the BlackBerry server or mail server.