Have spent the last half day researching the BlackBerry site and previous postings on this site for whether or not I should install a BES Router (BER) in my new BES 5 upgrade. Previous posting were from 2008/2009 time frame when ver 4.1.X was the main BES beast. To this point I have found only 1 reference in the BlackBerry Enterprise Solution Ver: 5.0 | Service Pack :2 Security Technical Overview that states (page #42):
"The BlackBerry Enterprise Server and BlackBerry Enterprise Server components, with the exception of the BlackBerry Router, do not support installation in a DMZ. For more information about configuring the BlackBerry Router in the DMZ, see Placing the BlackBerry Router in the DMZ."
(The 'BlackBerry Router in the DMZ' document they are referring to is older from 2005.)
In the BES Ver: 5.0 | Service Pack :1 Security Technical Overview it dose not mention anything at all about the BER in the DMZ.
In my previous BES 4.1.6 install we went the extra mile to install a BER in our DMZ for our security group, but is it still a 'Best Practice', or should I rope it back into 1 server? We have 400 users and will be running it on a hardened SteelCloud BES VM. I know the ideas of making the BER hard on the outside to make hackers work harder and that the BES only makes requests outbound initiated requests on 3101, and limiting it to the IP's and domain names of BlackBerry.net/.com...
I guess for the security minded, is the BER in a DMZ still worth it OR best practice with BES 5.0.x?
Thanks for reading my ramblings... -B
Need for BES Router (BER) with ver 5.0.x?
Linear Mode
