Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
31323334353637383940
Using a segmented network architecture to prevent the spread of malware
To help prevent the spread of malware in your organization’s network, you can use firewalls to divide your organization’s network
or LAN into segments and create a segmented network architecture. Each segment can manage the network traffic for a specific
BlackBerry® Enterprise Solution component. A segmented network architecture is designed to improve the security and
performance of a segment by filtering out data that is not destined for the segment.
To configure the BlackBerry Enterprise Solution in a segmented network architecture, you must install each BlackBerry Enterprise
Solution component on a computer that is separate from the computers that host other components and then place each computer
in its own network segment. When you configure the BlackBerry Enterprise Solution in a segmented network architecture, you
create an architecture that is designed to prevent the spread of potential attacks from one computer that hosts a BlackBerry
Enterprise Solution component to another computer within your organization’s LAN. A segmented network architecture is
designed to isolate and contain attacks on one computer. When you install each BlackBerry Enterprise Solution component in
its own segment, you must permit communications with other components by opening only the port numbers that the BlackBerry
Enterprise Solution components use.
For more information about the port numbers that the BlackBerry Enterprise Solution components use, see the BlackBerry
Enterprise Server Administration Guide.
Moving a BlackBerry device to a BlackBerry Enterprise Server that uses a
different BlackBerry Configuration Database
If you move a BlackBerry® device to a BlackBerry® Enterprise Server that uses a different BlackBerry Configuration Database
without using the BlackBerry Enterprise Transporter, you or a user must permanently delete all user data and application data,
the device transport key, and the IT policy public key from the BlackBerry device.
You or the user must reactivate the BlackBerry device to generate a new device transport key. The BlackBerry® Enterprise Server
that you move the BlackBerry device to must generate an IT policy key pair and digitally sign and send the IT policy and the IT
policy public key to the BlackBerry device before the BlackBerry device can communicate with the BlackBerry Enterprise Server.
The BlackBerry Configuration Database that you migrated the BlackBerry device to stores the BlackBerry Enterprise Server name,
the device transport key, and the IT policy private key.
Best practice: Controlling which applications can use the GPS feature on a
BlackBerry device
By default, if a third-party application or a preloaded BlackBerry® Application on a BlackBerry device supports the GPS feature,
the application can use the GPS feature. For example, BlackBerry® Maps is a preloaded BlackBerry Application that uses the
GPS feature to permit a user to locate a global position.
Security Technical Overview
Using a segmented network architecture to prevent the spread of malware
37