Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
111112113114115116117118119120
Layer 2 security methods that a Wi-Fi enabled BlackBerry
device supports
17
You can configure a Wi-Fi® enabled BlackBerry® device to use security methods for layer 2 (also known as the IEEE® 802.11™
link layer) so that the BlackBerry device and a wireless access point can encrypt data that they send between them and
authenticate the user. The BlackBerry device supports the following layer 2 security methods:
open (no security method) WEP encryption (64-bit and 128-bit)
PSK protocol
IEEE® 802.1X™ standard and EAP authentication using EAP-FAST, EAP-SIM, EAP-TLS EAP-TTLS, LEAP, and PEAP
TKIP and AES-CCMP encryption for WPA™-Personal, WPA2™-Personal, WPA™-Enterprise, and WPA2™-Enterprise
To support layer 2 security methods, the BlackBerry device has a built-in IEEE 802.1X supplicant.
If your organization’s enterprise Wi-Fi network uses EAP authentication, you can permit and deny BlackBerry device access to
the enterprise Wi-Fi network by updating your organization’s central authentication server. You are not required to update the
configuration of each access point.
For more information about IEEE 802.11 and IEEE 802.1X, see www.ieee.org/portal/site. For more information about EAP
authentication, see RFC 3748.
WEP encryption
WEP encryption requires a matching encryption key at a wireless access point and on a Wi-Fi® enabled BlackBerry® device to
protect the connection to the enterprise Wi-Fi network. The encryption key can be 40 bits in length (for 64-bit WEP encryption)
or 104 bits in length (for 128-bit WEP encryption).
By current industry standards, WEP encryption is not a cryptographically strong security solution. WEP encryption weaknesses
include the following scenarios:
A potentially malicious user might capture transmissions over the wireless network and might deduce WEP encryption keys
in very little time.
A potentially malicious user might use a man-in-the-middle attack to change packets that are encrypted using WEP
encryption.
You can use a VPN to provide data confidentially if your organization uses WEP encryption. A VPN can authenticate and encrypt
access to your organization’s network. To configure a BlackBerry device to use WEP encryption, you must send WEP encryption
keys to the BlackBerry device using IT policy rules or configuration settings.
For more information about configuring WEP encryption, see the BlackBerry Enterprise Server Administration Guide.
Security Technical Overview
Layer 2 security methods that a Wi-Fi enabled BlackBerry device supports
111