Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
51525354555657585960
How the BlackBerry Attachment Service protects data on a BlackBerry device
A BlackBerry® device uses the BlackBerry Attachment Service to process an attachment in an email message or calendar entry
so that the user can view the attachment on the BlackBerry device. The BlackBerry Attachment Service is designed to prevent a
potentially malicious application from accessing data on the BlackBerry device by using binary format parsing to open the
attachment and process it.
After the BlackBerry Attachment Service processes the attachment, the BlackBerry Router sends the attachment to the BlackBerry
device for rendering. If the attachment in the email message or calendar entry is an application, the BlackBerry device does not
run the application.
For more information about the attachment file formats that the BlackBerry® Enterprise Server supports, see the BlackBerry
Enterprise Server Feature and Technical Overview.
Best practice: Protecting the BlackBerry Attachment Service
To help prevent the spread of potential attacks from the computer that hosts the BlackBerry® Attachment Service to other
computers in your organization’s network, consider the following guidelines:
Install the BlackBerry Attachment Service on a computer that is separate from the computer that hosts the BlackBerry®
Enterprise Server.
Place the computer that hosts the BlackBerry Attachment Service in its own network segment.
How a BlackBerry device protects its operating system and the BlackBerry
Device Software
Each time a user turns on a BlackBerry® device, specific components on the BlackBerry device automatically check the authenticity
of the BlackBerry device operating system and the integrity of the BlackBerry® Device Software. The BlackBerry Device Software
must pass these security checks before the user can run the BlackBerry Device Software and before the user can update the
BlackBerry Device Software over the wireless network.
How a BlackBerry device authenticates the boot ROM code and binds the
BlackBerry device processor when the BlackBerry device turns on
A BlackBerry® device processor provides an authentication method that is designed to verify that the boot ROM code is permitted
to run on a BlackBerry device. The manufacturing process installs the boot ROM code in flash memory on the BlackBerry device.
The boot ROM code is the root of trust on BlackBerry devices. The RIM® signing authority system, which signs the boot ROM
Security Technical Overview
How the BlackBerry Attachment Service protects data on a BlackBerry device
52