Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
41424344454647484950
BlackBerry Enterprise Solution 47
segmented network architecture, the system administrator can place the BlackBerry Enterprise Solution
components in network segments.
To place the BlackBerry Enterprise Solution in multiple network segments, the system administrator must install
each component on a remote computer and then place each computer in its own network segment. Placing the
BlackBerry Enterprise Solution components in segmented network architecture is an option designed to prevent
the spread of potential attacks from one BlackBerry Enterprise Solution component that exists on a remote
computer to another computer within your organization’s LAN. In a segmented network, attacks are isolated and
contained on one computer. When each BlackBerry Enterprise Solution component resides in its own network
segment, the system administrator allows remote communications by opening only the port connections that the
BlackBerry Enterprise Solution components use.
For more information, see Placing the BlackBerry Enterprise Solution in a Segmented Network.
Preventing the spread of malware on your Wi-Fi network by using a network architecture that is segmented
If you have configured an enterprise Wi-Fi network that uses a VPN solution, when Wi-Fi enabled BlackBerry
devices make connections to that network, they might allow the VPN concentrator, which acts as network
gateway, to send data directly over port number 4101 to a BlackBerry Enterprise Server within the internal
network of your organization. The VPN concentrator is the only device connected to the enterprise Wi-Fi network
in this scenario. Configure your VPN concentrator to prevent it from opening unnecessary connections to the
internal network.
Protecting Wi-Fi connections to the BlackBerry Enterprise Solution
If your wireless solution uses an enterprise Wi-Fi network to extend your organization’s enterprise network,
system administrators should protect the enterprise Wi-Fi network solution from unauthorized use, as they
should protect the enterprise network. This protection should include the following requirements:
all wireless client devices must complete authentication before gaining access to the network
all wireless communications between wireless client devices and the network must be encrypted
The system administrator should make carefully considered security decisions for every enterprise Wi-Fi network
installation. For details and recommendations, see your enterprise Wi-Fi network infrastructure component
vendor(s).
Enterprise Wi-Fi network solution architecture security features
When the BlackBerry Enterprise Server administrator implements the BlackBerry Enterprise Solution over an
enterprise Wi-Fi network, the BlackBerry Enterprise Server administrator must consider additional network
security to protect all message and application data communication between the BlackBerry Enterprise Server
and a supported Wi-Fi enabled BlackBerry device. Wi-Fi enabled BlackBerry devices are designed to reject
incoming connections, to support limited connections in Wi-Fi infrastructure mode only, and to prevent Wi-Fi ad-
hoc networking (peer-to-peer) connections.
Supported Wi-Fi enabled BlackBerry devices on an enterprise Wi-Fi network bypass the use of SRP by using the
BlackBerry Router to send data between the BlackBerry Enterprise Server and the BlackBerry device. After the
BlackBerry Router protocol establishes an authenticated connection successfully, the supported Wi-Fi enabled
BlackBerry device uses a direct connection to the BlackBerry Enterprise Server using the BlackBerry Router
instead of SRP connectivity and authentication. For more information about the BlackBerry Router protocol, see
“BlackBerry Router protocol authentication” on page 39.
Standard BlackBerry encryption is designed to encrypt messages that the supported Wi-Fi enabled BlackBerry
device and the BlackBerry Enterprise Server send between them after establishing an authenticated connection;
supported Wi-Fi enabled BlackBerry devices also support multiple security methods that are designed to encrypt
wireless communications over the enterprise Wi-Fi network between the BlackBerry device and wireless access
points or a network firewall on the enterprise Wi-Fi network.
www.blackberry.com