Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
101102103104105106107108109110
After you configure a VPN, the BlackBerry device can use a layer 2 security method to connect to the enterprise Wi-Fi network,
and use the VPN to provide authentication with the enterprise Wi-Fi network. In this scenario, you can configure the enterprise
Wi-Fi network as an untrusted network, and specify that only a VPN concentrator can connect to the enterprise Wi-Fi network.
Unlike other supported security methods for enterprise Wi-Fi networks, a VPN does not use the wireless access point during data
encryption.
For a list of supported VPN concentrators, visit www.blackberry.com/support to read article KB13354.
Permitting a Wi-Fi enabled BlackBerry device to log in to a VPN concentrator
To permit a Wi-Fi® enabled BlackBerry® device to log in to a VPN concentrator automatically after it connects to an enterprise
Wi-Fi network, you or a user can configure a VPN profile that includes a user name and password for authentication with the
VPN concentrator. Depending on your organization’s security policy, you or the user can save the user name and password for
authentication with the VPN concentrator on the BlackBerry device. When you or the user saves the user name and password,
the BlackBerry device does not prompt the user for the user name and password the first time or each time that the BlackBerry
device connects to the enterprise Wi-Fi network.
The BlackBerry device is also compatible with VPN environments that use two-factor authentication using hardware tokens or
software tokens for credentials. When the BlackBerry device tries to log in to the VPN, the BlackBerry device uses credentials
that the token generates or that the user provides.
For more information about configuring VPN profiles, see the BlackBerry Enterprise Server Administration Guide.
Using a segmented network to reduce the spread of malware on an enterprise Wi-Fi network
that uses a VPN
When a Wi-Fi® enabled BlackBerry® device connects to an enterprise Wi-Fi network that uses a VPN, the BlackBerry device might
permit the VPN concentrator to send data directly to a BlackBerry® Enterprise Server over your organization's network. The VPN
concentrator sends data over port 4101. In this scenario, only the VPN concentrator connects to the enterprise Wi-Fi network.
To configure your organization’s VPN concentrator to prevent it from opening unnecessary connections to your organization’s
network, you can configure a segmented network. In a segmented network, you can divide components of your organization’s
network using firewalls to reduce the spread of malware.
For more information about reducing the spread of malware, see Protecting the BlackBerry device platform against malware.
Security Technical Overview
Using a VPN with a Wi-Fi enabled BlackBerry device
108