Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
71727374757677787980
Protecting communication with
a device
Opening a direct connection between a
device and a BlackBerry Router
A BlackBerry device can use the BlackBerry Router protocol to bypass the SRP-authenticated connection to the
BlackBerry Infrastructure and open a direct connection to a BlackBerry Router. The device can open a direct connection to
the BlackBerry Router if a BlackBerry device user connects the device to a computer that hosts the BlackBerry Device
Manager
. A device can also open a direct connection to the BlackBerry Router over an enterprise Wi-Fi network using port
4101. A direct connection between the BlackBerry Router and device is referred to as least-cost routing because it
eliminates the cost of using the BlackBerry Infrastructure.
Before the BlackBerry Enterprise Server and device can send any data to each other, the device must authenticate with
the
BlackBerry Enterprise Server by verifying the device transport key. The device opens an authenticated connection to
the BlackBerry Router after the device authenticates with the BlackBerry Enterprise Server. The BlackBerry Router does
not know the value of the device transport key that the BlackBerry Enterprise Server and device share.
If the device connects to the BlackBerry Router over the enterprise Wi-Fi network, after the BlackBerry Router opens an
authenticated connection, the BlackBerry Router communicates with the device over the enterprise Wi-Fi network using
port 4101. If you do not configure the BlackBerry Router to connect only to a Wi-Fi network, the BlackBerry Router verifies
that the PIN belongs to a device that is registered with the
BlackBerry Infrastructure.
If you want the BlackBerry Router and device to use the BlackBerry Router protocol, you can consider installing the
BlackBerry Router on a computer that is separate from the computer that hosts the BlackBerry Enterprise Server to
prevent a potentially malicious attacker from having direct access to the computer that hosts the BlackBerry Enterprise
Server. If the BlackBerry Router is placed in the DMZ, you must open port 4101 on the internal-facing firewall to permit
communication between the BlackBerry Device Manager and BlackBerry Router.
Advantages of using the BlackBerry Router protocol
You can use the BlackBerry Router protocol to experience the following advantages:
You or a BlackBerry device user can connect multiple BlackBerry devices to a single computer that hosts a BlackBerry
Device Manager
.
The BlackBerry Router rejects connections from devices that the BlackBerry Enterprise Server has not authenticated.
10
Security Technical Overview Protecting communication with a device
77