Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
101102103104105106107108109110
Managing how a BlackBerry device connects to an enterprise Wi-Fi network
To manage how a Wi-Fi® enabled BlackBerry® device connects to an enterprise Wi-Fi network, you can use IT administration
commands, IT policy rules, and configuration settings. You can turn on or turn off Wi-Fi access for the BlackBerry device in
BlackBerry® Enterprise Server version 4.1 SP3 or later, and manage Wi-Fi configuration settings and VPN configuration settings
for user accounts in BlackBerry Enterprise Server version 4.1 SP2 or later.
When you configure an IT policy or configuration setting, a user cannot override the value on the BlackBerry device.
At an application level, you can specify the types of connections that an application can make. When you configure application
control policies, you can control whether the application can access the enterprise Wi-Fi network.
For more information about specifying whether an application can access an enterprise Wi-Fi network, see Protecting the
BlackBerry Device Platform Against Malware. For more information about using IT policy rules and configuration settings, see
the BlackBerry Enterprise Server Administration Guide and the BlackBerry Enterprise Server Policy Reference Guide .
How the BlackBerry Enterprise Solution protects sensitive Wi-Fi information
To permit a Wi-Fi® enabled BlackBerry® device to access a Wi-Fi network, you must send sensitive Wi-Fi information such as
encryption keys and passwords to the BlackBerry device using Wi-Fi profiles, VPN profiles, and IT policy rules. After the BlackBerry
device receives the sensitive Wi-Fi information, the BlackBerry device encrypts the encryption keys and passwords and stores
them in flash memory in an area that third-party applications cannot access.
The BlackBerry® Enterprise Server encrypts the sensitive Wi-Fi information that it sends to the BlackBerry device and stores the
sensitive Wi-Fi information in the BlackBerry Configuration Database. You can help protect the sensitive Wi-Fi information in the
BlackBerry Configuration Database using access controls and configuration settings.
Using a VPN with a Wi-Fi enabled BlackBerry device
If your organization’s environment includes VPNs, such as IPSec VPNs, you can configure a Wi-Fi® enabled BlackBerry® device
to authenticate with the VPN so that it can access an enterprise Wi-Fi network. A VPN provides an encrypted tunnel between a
BlackBerry device and your organization’s network. VPN is the only layer 3 security method that the BlackBerry device supports.
A VPN solution consists of a VPN client on the BlackBerry device and a VPN concentrator. The BlackBerry device can use the
VPN client to authenticate with a VPN concentrator, which acts as the gateway to the enterprise Wi-Fi network. Each BlackBerry
device includes a built-in VPN client that supports several VPN concentrators. The VPN client on the BlackBerry device is designed
to use strong encryption to authenticate itself with the VPN concentrator. It creates an encrypted tunnel between the BlackBerry
device and VPN concentrator that the BlackBerry device and enterprise Wi-Fi network can use to communicate.
Security Technical Overview
Managing how a BlackBerry device connects to an enterprise Wi-Fi network
107