BlackBerry External Infrastructure Penetration Testing Service



Similar documents
BlackBerry Website and Web Application Penetration Testing Service

WATCHDOX by BlackBerry Training Services Program Description ( WATCHDOX by BlackBerry Training Services Program Description )

BES12 Cloud Migration Program Description ( BES12 Cloud Migration Program Description )

BlackBerry Business Cloud Services. Version: Release Notes

Release Notes. BlackBerry Web Services. Version 12.1

New Security Features

Compatibility Matrix. VPN Authentication by BlackBerry. Version 1.7.1

BlackBerry Enterprise Server Express for Microsoft Exchange

New Security Features

BES10 Self-Service. Version: User Guide

BlackBerry Enterprise Server Express for IBM Domino. October 7, 2014 Version: 5.0 Service Pack: 4. Compatibility Matrix

BlackBerry Partner Support Services ( BPSS ) Program Description

Compatibility Matrix. BlackBerry Enterprise Server Express for Microsoft Exchange. Version 5.0.4

Compatibility Matrix. BlackBerry Enterprise Server for Microsoft Exchange. Version 5.0.4

BlackBerry Enterprise Server for Microsoft Office 365. Version: Release Notes

BlackBerry Enterprise Server Express. Version: 5.0 Service Pack: 4. Update Guide

BlackBerry Enterprise Solution and RSA SecurID

Integration Guide. Enterprise Identity by BlackBerry

Compatibility Matrix BES10. April 27, Version 10.2 and later

BlackBerry Reports Software and Services Growth of 106 Percent for Q4 and 113 Percent for Fiscal 2016

BlackBerry Enterprise Server. BlackBerry Administration Service Roles and Permissions Version: 5.0 Service Pack: 4.

Compatibility Matrix BES12. September 16, 2015

BlackBerry Enterprise Server Resource Kit BlackBerry Analysis, Monitoring, and Troubleshooting Tools Version: 5.0 Service Pack: 2.

Security Guide. BES12 Cloud

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Release Notes. BlackBerry Web Services Version 12.5

Decommissioning the original Microsoft Exchange

Installation and Configuration Guide

Placing the BlackBerry Enterprise Server for Microsoft Exchange in a demilitarized zone

Compatibility Matrix. BES12 Cloud. July 20, 2016

Compatibility Matrix March 05, 2010

BlackBerry World Storefront. Version: 4.3. User Guide

Compatibility Matrix. BES12 Cloud. December 14, 2015

BlackBerry Desktop Manager Version: User Guide

BlackBerry Enterprise Server for Microsoft Exchange. Compatibility Matrix January 31, 2011

BlackBerry Enterprise Server for Microsoft Exchange. Compatibility Matrix March 25, 2013

Installing the BlackBerry Enterprise Server Management console with a remote database

Quick Reference. Good for Enterprise to Good Work Transition Guide

BlackBerry Mobile Conferencing

Synchronization Server SDK Version Release Notes and Known Issues List

Accessing BlackBerry Data Services Using Wi-Fi Networks

User Guide. BES12 Self-Service

BlackBerry Professional Software For Microsoft Exchange Compatibility Matrix January 30, 2009

Installing the BlackBerry Enterprise Server Management Software on an administrator or remote computer

Cisco Advanced Services for Network Security

BlackBerry Reports 2015 Fiscal First Quarter GAAP Profitability

BlackBerry Mobile Voice System - BlackBerry MVS Client

Product Support Notice. FTP backup MSS to a Windows 2003 Server

Technical Note. BlackBerry Business Cloud Services

Compatibility Matrix BES12. June 30, 2016

BBM for Android. Version: 1.0. User Guide

BIMASS and You - A Copyright Infringement Conclusions

Remote Firewall Deployment

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Goals. Understanding security testing

BlackBerry Web Desktop Manager. User Guide

Service Description: Cisco Prime Home Hosted Services. This document describes the Cisco Prime Home Hosted Services.

BlackBerry Reports Record Software and Services Revenue for Q1 Fiscal 2017

ZIMPERIUM, INC. END USER LICENSE TERMS

SAMPLE RETURN POLICY

How To License A Root Certificate License Agreement

BlackBerry Reports Strong Software Revenue and Positive Cash Flow for the Fiscal 2016 First Quarter

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

By using the Cloud Service, Customer agrees to be bound by this Agreement. If you do not agree to this Agreement, do not use the Cloud Service.

AXIS12 DRUPAL IN A BOX ON THE CLOUD

IBM QRadar Security Intelligence April 2013

Information Technology Security Review April 16, 2012

BLACKBERRY REPORTS THIRD QUARTER RESULTS FOR FISCAL 2014

BlackBerry Reports Fiscal 2016 Second Quarter Results

Reference Architecture: Enterprise Security For The Cloud

RESEARCH IN MOTION REPORTS SECOND QUARTER RESULTS

Radius Integration Guide Version 9

By placing an order with International Checkout Inc. and / or using its website, you agree and are bound to the Terms & Conditions below.

If you do not wish to agree to these terms, please click DO NOT ACCEPT and obtain a refund of the purchase price as follows:

These Terms apply both to your use of, and to all Internet traffic visiting, this Web site.

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

Security and Services

ADP Ambassador / Referral Rewards Program Terms and Conditions of Use

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

H.W. Wilson General Database License Agreement

Protecting against cyber threats and security breaches

RSA Two Factor Authentication

The Business Case for Security Information Management

TERMS & CONDITIONS: LIMITED LICENSE:

IBM Security QRadar Risk Manager

External Supplier Control Requirements

User Guide. BlackBerry Remote Stereo Gateway

MAGNAVIEW SOFTWARE SUPPORT & MAINTENANCE. TERMS & CONDITIONS September 3, 2015 version

SecureWatch PLUS Service Description and Agreement

Configuring Microsoft Internet Information Service (IIS6 & IIS7)

SUPPLIER SECURITY STANDARD

MySeoNetwork Reseller Agreement -Revised June 2, (800) ; (410)

Transcription:

BlackBerry External Infrastructure Penetration Testing Service This document includes all attached Annexes, is provided for informational purposes only, and does not in itself constitute a binding legal document. BlackBerry assumes no responsibility for any typographical, technical or other inaccuracies in this document. BlackBerry reserves the right to periodically change information that is contained in this document; however, BlackBerry makes no commitment to provide any such changes, updates, enhancements or other additions to this document to you in a timely manner or at all.

Introduction An External Infrastructure penetration test checks the entire exterior of a client infrastructure (i.e. anything that connects to the internet), using a variety of attack methods. The purpose of the test is to learn more about the External Infrastructure security status, and gain intelligence into mitigating potential threats before harm is done. External Infrastructure assessments help provide assurance that a network is safe from external threats as breaches of external networks can result in significant loss of data. External Infrastructure security testing should be part of any organizations risk assessment phase prior to changing or launching any new live services. BlackBerry can provide scheduled monthly External Infrastructure penetration testing services to a client to ensure their entire exterior is secure on an ongoing basis. Pre-Requisites The following pre-requisites are required from the client Confirmation of the target IP addresses Written permission from hosting company to perform the testing (if not hosted by the client) Point of Contact details Deliverables In-depth report, broken down into 3 main parts Management Summary Technical Overview Detailed Technical Findings Highlighting the vulnerabilities Type of RISK The EFFECT of that RISK Full details on how to fix ALL vulnerabilities Estimate of working hours required to FIX any RISKS itentified

Scope of Work - External In Depth Penetration Testing In depth penetration testing of firewalls and all identifiable services. Testing will be performed over the internet from BlackBerry offices. Method will be Black Box and testing is not intended to cause any interruption to services. Testing will begin with fingerprinting the IT infrastructure and services followed by manual exploitation with a full review of the results by a senior Team Leader. What What BlackBerry Test Incident Response BlackBerry can run through specific scenario-based incidents when testing in order to simulate a potential security incident. This activity can be used by the client to identify any issues within their incident response procedures Elements of BlackBerry s testing will also reflect real-life exercises undertaken by attackers, allowing the organisation s ability to respond to potential incidents to be reviewed. Configuration The configuration of all identified external-facing services will be reviewed from a black-box perspective. This intends to identify any potential vulnerability within each service s configuration or the underlying software used to present them. Compliance Checking BlackBerry can perform penetration testing on a regular basis according to the Organization compliance requirements and risk appetite. Other testing can be chosen by the organization from a list of BlackBerry other services, which include IT Forensics. These ongoing and other tests are not included and are available at an additional charge. Access Control Identified services which implement authentication mechanisms will be reviewed to ensure that the solutions in use adhere to best practice recommendations. Password controls, including password complexity/strength, multi-factor authentication and brute-force resilience of authentication mechanisms, will also be reviewed. Firewalls Network scanning and fingerprinting techniques will be used to identify the presence of security solutions, including firewalls, within the network under assessment. These exercises will be used to identify any potential misconfiguration in such solutions which increase the attack surface of an organisation s external assets. Intrusion Detection BlackBerry will inform the organization when testing is undertaken to enable incident identification. BlackBerry can provide details of traffic sources to allow testing activity to be specifically tracked. Network Obfuscation Network scanning and fingerprinting techniques will be used to attempt to identify the software in use by hosts/services. This activity is also used to identify whether suitable controls, such as NAT, are in use. Patch Management Services will be reviewed in attempts to identify that the underlying software, including the operating system of the hosting assets, is suitably patched.

Reporting On conclusion of the testing, the results will be fully analysed by a BlackBerry senior tester, and a full report will be prepared for the client which will set out the scope of the test and the methodology used. Vulnerabilities are rated Critical High Medium Low The test team findings will be represented in three sections Management Overview A plain English description of discovered vulnerabilities and their potential business impact, with an easy to understand diagram showing vulnerabilities. Technical Overview A section for technical managers which aims to assist in the prioritization of patching and resolving any issues found. Full Technical This section of the report is intended for technical personnel and will include full details of all vulnerabilities found, how they were exploited and a route map with detailed fixes for remediation where appropriate. Alongside the final report, BlackBerry willproduce an Excel spreadsheet listing the vulnerabilities found so you can track remediation more easily. The report will give the tested target a rating of either CRITICAL, HIGH, MEDIUM OR LOW RISK. Deliverable Acceptance Criteria Interim deliverables will be completed and presented to the Customer for review at regular intervals throughout the project. The Customer will review, and either accept, or document specific corrective items in writing, within 3 business days. In the absence of any comments, deliverables produced by BlackBerry will be deemed accepted after 3 business days.

Limitations, Exclusions and Additional Customer Responsibilities a. Additional Professional Services offerings may be purchased as add-ons, otherwise additional consulting work not specifically contained in this Program Description is out of scope. b. If Customer Prerequisites and other Customer tasks are not completed in a timely manner as agreed to with the BlackBerry Project Manager and the work contemplated by this Program Description is delayed by greater than two (2) weeks or ten (10) business days, or if the work must be rescheduled by the Customer, BlackBerry reserves the right at its sole discretion to terminate the engagement without refund, or to charge the Customer for additional resources at BlackBerry s current daily rate of $2500 USD for the delay period. c. Customer must ensure that Customer Project Team Members are assigned and available to meet for project Kick Off at project start date. d. The Customer must provide BlackBerry Representatives with information and resources to successfully execute the project. This can include, without limitation, providing access and credentials to systems, completing installation prerequisites, providing project resources, and attendance in planning, execution, or training meetings. e. Customer will ensure resources are available in a timely manner to undertake tasks for which the Customer is responsible. f. Customer must ensure that Customer has necessary escalation and communication channels to resolve any project blockers in a timely manner, including project dependencies on third parties and Customer s other vendors, suppliers, and consultants. g. If BlackBerry Professional Services personnel travel to a Customer location for the delivery of this engagement, there will be additional Travel and Expense costs. These Travel and Expense costs can be paid for prior to the engagement, or at BlackBerry s actual cost, at engagement completion. h. Customer will provide BlackBerry s assigned Program Manager with email confirmation of receipt and acceptance of the services rendered on a weekly basis and promptly following the completion of the project. All services shall be deemed to be delivered, and on no account shall BlackBerry be obligated under to deliver further services beyond sixty (60) days after the date specified on the services order form. i. BlackBerry may subcontract all or a portion of the services and/or have the services performed by one of its affiliates.

BlackBerry Professional Services BlackBerry Professional Services offers additional consulting and educational offerings. To learn more about these offerings, please go to: http://us.blackberry.com/enterprise/products/support-services.html Note: The services described in this Program Description are subject to the terms and conditions of the Business Services by BlackBerry Terms found at: http://us.blackberry.com/legal/technical-support-terms.html There are no warranties, express or implied, with respect to content of this document, amd all information provided herein is provided As Is. Except as expressly agreed to by BlackBerry in an agreement between BlackBerry and you for services, in no event shall BlackBerry or any of its Shareholder, Affiliates, Directors, Officers, E,ployes, Agents or Suppliers, be liable to any Party for any direct, indirect, special or consequential, punitive or exemplary damages for any use of this document, including without limitation, reliance on the information presented, lost profits, lost data, or business interruption, arising in contract, tort, strict liablility or otherwise, even if BlackBerry was expressly advised of the possiblility of such damages About BlackBerry BlackBerry is securing a connected world, delivering innovative solutions across the entire mobile ecosystem and beyond. We secure the world s most sensitive data across all end points from cars to smartphones making the mobile-first enterprise vision a reality. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates offices in North America, Europe, Middle East and Africa, Asia Pacific and Latin America. The Company trades under the ticker symbols BB on the Toronto Stock Exchange and BBRY on the NASDAQ. For more information, visit www.blackberry.com. BlackBerry Corporation 6700 Koll Center Parkway, #200 Pleasanton, California USA 94566 BlackBerry Limited 2200 University Ave. E Waterloo, Ontario Canada N2K 0A7 BlackBerry UK Limited 200 Bath Road Slough, Berkshire United Kingdom SL1 3XE BlackBerry Singapore Pte. Limited The Synergy Building, 2nd Floor 1 International Business Park Singapore 609917 Tel: (925) 931-6065 Fax: (925) 931-606 Tel: (519) 888-7465 Fax: (519) 888-6906 Tel: +44 (0)1784 477465 Fax: +44 (0)1784 477455 Tel: +65 6879 8700 2016 BlackBerry Limited. All rights reserved. The BlackBerry and BlackBerry families of related marks, images and symbols are the exclusive properties of BlackBerry Limited. BlackBerry, Always On, Always Connected, the envelope in motion symbol and the BlackBerry logo are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners. The handheld and/or associated software are protected by copyright, international treaties and various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D,445,428; D,433,460; D,416,256. Other patents are registered or pending in various countries around the world.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information