Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
41424344454647484950
BlackBerry Enterprise Solution 49
Enterprise Wi-Fi network security technology Wi-Fi enabled BlackBerry device implementation
Layer 2 security Set layer 2 (the IEEE® 802.11® link layer) security
methods and protocols for use with layer 2 methods that
operate between the BlackBerry device and a wireless
access point on the enterprise Wi-Fi network using
encryption, or encryption and BlackBerry device user
authentication. The BlackBerry device supports the
following layer 2 security methods:
open (no security method)
64-bit and 128-bit WEP encryption
PSK
IEEE 802.1x and EAP authentication framework
support (RFC 3748) using LEAP, PEAP, EAP-TTLS,
EAP-FAST, EAP-SIM, and EAP-TLS (RFC 2716)
The BlackBerry device supports the use of TKIP and AES-
CCMP encryption for WPA™-Personal, WPA2™-Personal,
WPA-Enterprise, and WPA2-Enterprise.
Layer 3 security Use VPNs (the only layer 3 security method that the
BlackBerry device currently supports) at the IP layer.
Two-factor authentication Use passcodes to authenticate the BlackBerry device user
to enterprise Wi-Fi networks using PEAP, EAP-FAST and
EAP-TTLS authentication methods and VPNs. The
BlackBerry device supports using automatic PAC
provisioning with EAP-FAST only.
For more information about the security methods and encryption algorithms that the BlackBerry device supports,
see “Appendix H: Enterprise Wi-Fi security methods that the BlackBerry device supports” on page 82.
IEEE 802.1X environment components
An IEEE 802.1X environment includes the following components:
IEEE 802.1X/EAP client software, also called a supplicant, running on the enterprise Wi-Fi network client
device
The Wi-Fi enabled BlackBerry device has a built-in IEEE 802.1x supplicant.
IEEE 802.1x software running on the access point, also called an authenticator
authentication server that authenticates the enterprise Wi-Fi network client device on behalf of the
authenticator and allows the Wi-Fi network client to authenticate the Wi-Fi network
In most cases, the authentication server uses the RADIUS protocol (RFC 2865 and RFC 3579) to
communicate with the authenticator on the access point.
How the IEEE 802.1x environment controls access to the enterprise Wi-Fi network
When a wireless client first associates itself with an access point that is enabled for IEEE 802.1x security, the only
communication that that access point permits is IEEE 802.1x authentication. Using a negotiated EAP method, the
supplicant on the supported Wi-Fi enabled BlackBerry device sends its credentials (typically, a BlackBerry device
user name and password) to the access point, which forwards the information to the authentication server. The
authentication server authenticates the supported Wi-Fi enabled BlackBerry device on behalf of the access point
and instructs the access point to permit or prevent access to the enterprise Wi-Fi network. The authentication
server sends Wi-Fi network credentials to the supported Wi-Fi enabled BlackBerry device to allow it to
authenticate the access point.
www.blackberry.com