Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-7078 | WIR1305-01 | SV-7462r10_rule | ECSC-1 | Medium |
Description |
---|
The BlackBerry Enterprise Service MDS Integration Service is a software development platform and should not be installed on a production BES. The service, if not properly configured, can allow unsecured connections between the Blackberry and BES and between the BES and back-office run-time application servers. |
STIG | Date |
---|---|
BlackBerry Enterprise Server, Part 2 Security Technical Implementation Guide | 2011-09-30 |
Check Text ( C-17396r4_chk ) |
---|
Detailed Policy Requirements: The MDS Integration Service must not be installed on a production BES. It should be installed only on a development or test BES when required for software development. Check Procedures: For BES 5.0 Check to see if the BlackBerry MDS Integration Service is installed on the production BES by looking at the left side of the BlackBerry Administration Server (BAS). Servers and components > BlackBerry Solution topology > BlackBerry Domain > Component view. See if the “MDS Integration Service” is installed. For BES 4.1.x Check to see if the BlackBerry MDS Integration Service is installed on the BES by looking at the left pane in the BlackBerry Manager. Ask the BlackBerry SA to show that the BlackBerry MDS Integration Service is or is not installed. In BlackBerry Manager, look at the list of servers installed. The MDS Integration Service may be named as follows: BB_MDS_IS_1 |
Fix Text (F-23363r1_fix) |
---|
The BlackBerry MDS Integration Service will not be installed on the BES. |