User guide
Data flow: Turning on two-factor content protection...................................................................................................134
Unbinding a smart card from a device.............................................................................................................................. 135
Protecting Bluetooth connections on a device.................................................................................................................. 136
Using CHAP to open a Bluetooth connection between the BlackBerry Desktop Software and a device........................ 136
17 Wi-Fi enabled devices...................................................................................................................137
Types of Wi-Fi networks ...................................................................................................................................................137
Security features of a Wi-Fi enabled device.......................................................................................................................138
Protecting a connection between a Wi-Fi enabled device and an enterprise Wi-Fi network ................................................140
How a Wi-Fi enabled device can connect to the BlackBerry Infrastructure ........................................................................140
How an SSL connection between a Wi-Fi enabled device and the BlackBerry Infrastructure protects data ..................141
Data flow: Opening an SSL connection between the BlackBerry Infrastructure and a Wi-Fi enabled device .................141
Cipher suites that a Wi-Fi enabled device supports for opening SSL connections and TLS connections........................141
Managing how a device connects to an enterprise Wi-Fi network ......................................................................................143
How the BlackBerry Enterprise Solution protects sensitive Wi-Fi information ....................................................................143
Using a VPN with a device ............................................................................................................................................... 144
Permitting a Wi-Fi enabled device to log in to a VPN concentrator.............................................................................. 144
Using a segmented network to reduce the spread of malware on an enterprise Wi-Fi network that uses a VPN ........... 145
Supported UI settings for VPN concentrators............................................................................................................. 145
Using a captive portal to connect to an enterprise Wi-Fi network or Wi-Fi hotspot ............................................................. 150
Protecting a connection between a Wi-Fi enabled device and an enterprise Wi-Fi network using RSA SecurID................... 151
Data flow: Generating a token code for a software token.............................................................................................152
Layer 2 security methods that a device supports ..............................................................................................................153
WEP encryption ........................................................................................................................................................153
WPA authentication.................................................................................................................................................. 154
18
IEEE 802.1X standard ..................................................................................................................155
Roaming in an enterprise Wi-Fi network ...........................................................................................................................155
Data flow: Authenticating a Wi-Fi enabled device with a work Wi-Fi network using the IEEE 802.1X standard .................... 156
EAP authentication methods that a Wi-Fi enabled device supports....................................................................................157
LEAP authentication .................................................................................................................................................157
PEAP authentication ................................................................................................................................................ 157
EAP-TLS authentication ............................................................................................................................................157
EAP-TTLS authentication ..........................................................................................................................................158
EAP-FAST authentication ......................................................................................................................................... 158
EAP-SIM authentication ........................................................................................................................................... 158
Encryption keys that a Wi-Fi enabled device supports for use with layer 2 security methods ..............................................159
Support for the use of CCKM with EAP authentication methods ........................................................................................159
Using certificates with PEAP authentication, EAP-TLS authentication, or EAP-TTLS authentication .................................. 160
19
Controlling applications on a device ............................................................................................. 161
Creating an application for a smartphone......................................................................................................................... 161
Specifying the methods that users can use to install applications on a smartphone........................................................... 161