Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
151152153154155156157158159160
Layer 2 security methods that a device
supports
You can configure a Wi-Fi enabled BlackBerry device to use security methods for layer 2 (also known as the IEEE 802.11
link layer) so that the device can authenticate with a wireless access point and the device and access point can encrypt
data that they send between each other. The device supports the following layer 2 security methods:
Open (no security method)
WEP encryption (64-bit and 128-bit)
IEEE 802.1X standard and EAP authentication using EAP-FAST, EAP-SIM, EAP-TLS, EAP-TTLS, LEAP, and PEAP
To support IEEE 802.1X methods, the device has a built-in supplicant.
The device also supports TKIP and AES-CCMP encryption for WPA-Personal, WPA2-Personal, WPA-Enterprise, and WPA2-
Enterprise. When the device is roaming from one access point to another access point, the device supports the IEEE
802.11r standard that is included in the Wi-Fi CERTIFIED Voice-Enterprise program.
If your organization’s enterprise Wi-Fi network uses EAP authentication, you can permit and deny device access to the
enterprise
Wi-Fi network by updating your organization’s central authentication server. You are not required to update the
configuration of each access point.
For more information about IEEE 802.11 and IEEE 802.1X, see www.ieee.org/portal/site. For more information about EAP
authentication, see RFC 3748.
WEP encryption
WEP encryption uses a matching encryption key at a wireless access point and on a Wi-Fi enabled BlackBerry device to
protect the connection to a Wi-Fi network. The encryption key can be 40 bits in length (for 64-bit WEP encryption) or 104
bits in length (for 128-bit WEP encryption). To configure a device to use WEP encryption, you must send WEP encryption
keys to the device using IT policy rules or configuration settings.
By current industry standards, WEP encryption is not a cryptographically strong security solution. WEP encryption
weaknesses include the following scenarios:
A potentially malicious user might capture transmissions over the wireless network and might deduce WEP encryption
keys in very little time.
A potentially malicious user might use a man-in-the-middle attack to change packets that are encrypted using WEP
encryption.
You can use a VPN to provide data confidentially if your organization uses WEP encryption. A VPN can authenticate and
encrypt access to your organization’s network.
Security Technical Overview Wi-Fi enabled devices
153