DOCSLIB.ORG

BES10 Cloud Solution-Security Technical Overview

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
BES10 Cloud Solution-Security Technical Overview Security Technical Overview BES10 Cloud Solution Market Preview Published: 2014-04-22 SWD-20140422090823041 Contents Introduction..................................................................................................................... 7 About this guide................................................................................................................................................................8 What is BES10 Cloud?.......................................................................................................................................................9 Key features of BES10 Cloud....................................................................................................................................10 Key security features of the BES10 Cloud solution.................................................................................................... 11 Hardware and OS security.............................................................................................. 13 Hardware root of trust for BlackBerry devices..................................................................................................................14 The BlackBerry 10 OS.....................................................................................................................................................15 The file system........................................................................................................................................................ 15 Sandboxing............................................................................................................................................................. 15 Device resources..................................................................................................................................................... 16 App permissions......................................................................................................................................................16 Verifying software.................................................................................................................................................... 16 Preventing memory corruption.................................................................................................................................17 Activating and managing devices....................................................................................19 Activating devices...........................................................................................................................................................20 Activating devices over the wireless network............................................................................................................ 20 Activation passwords............................................................................................................................................... 20 Data flow: Activating an iOS device...........................................................................................................................21 Data flow: Activating an Android device....................................................................................................................22 Data flow: Activating a BlackBerry 10 device............................................................................................................24 Using IT policies to manage security................................................................................................................................26 Using compliance profiles to enforce standards for iOS and Android devices....................................................................27 Data in transit.................................................................................................................29 How devices connect to your organization's network....................................................................................................... 30 Protecting Wi-Fi connections................................................................................................................................... 30 Using a VPN............................................................................................................................................................ 30 Types of encryption used for Wi-Fi and VPN connections..........................................................................................30 Protecting email and organizer data.........................................................................................................................32 Protecting data in transit between BES10 Cloud and devices...........................................................................................33 Protecting data in transit between BES10 Cloud and iOS and Android devices.......................................................... 33 Protecting data in transit between BES10 Cloud and BlackBerry 10 devices............................................................. 33 Protecting data in transit between BES10 Cloud and your company directory...................................................................34 Data flow: Establishing a secure connection between BES10 Cloud and the BlackBerry Cloud Connector..................34 Managing certificates..................................................................................................................................................... 36 Sending CA certificates to devices............................................................................................................................36 Sending client certificates to devices........................................................................................................................37 Extending email security................................................................................................................................................. 38 About S/MIME......................................................................................................................................................... 38 S/MIME for BlackBerry 10 devices........................................................................................................................... 38 S/MIME for iOS devices............................................................................................................................................ 43 IBM Notes email encryption for BlackBerry 10 devices.............................................................................................44 Data at rest.....................................................................................................................45 Securing BlackBerry 10 devices for work and personal use..............................................................................................46 How work and personal spaces are separated.......................................................................................................... 46 Securing work and personal apps and data on devices............................................................................................. 47 Controlling how work and personal apps connect to networks...................................................................................56 Protecting data............................................................................................................................................................... 58 Passwords...............................................................................................................................................................58 Security timeout...................................................................................................................................................... 61 Data wipe................................................................................................................................................................ 62 BlackBerry Link protection for BlackBerry 10 devices...............................................................................................65 Backup protection for iOS devices............................................................................................................................66 Encryption...............................................................................................................................................................66 Home screen message on BlackBerry 10 devices.....................................................................................................67 BlackBerry Smart Card Reader................................................................................................................................ 67 Apps.............................................................................................................................. 71 Managing work apps on BlackBerry 10 devices............................................................................................................... 72 Preventing BlackBerry 10 device users from installing apps using development tools.......................................................73 Installing personal apps on BlackBerry 10 devices...........................................................................................................74 Protecting a BlackBerry 10 device from malicious apps...................................................................................................75
Load more

Recommended publications
  • Blackberry UEM Architecture and Data Flows
    BlackBerry UEM Architecture and Data Flow Reference 12.10 2018-11-28Z | | 2 Contents BlackBerry UEM Architecture and data flows.................................................... 5 Architecture: BlackBerry UEM solution.................................................................................................................5 BlackBerry UEM components............................................................................ 7 BlackBerry UEM distributed installation.......................................................... 10 BlackBerry UEM regional deployment............................................................. 13 Components used to manage BlackBerry OS devices......................................17 Activating devices...........................................................................................20 Data flow: Activating a BlackBerry 10 device....................................................................................................20 Data flow: Activating an Android device for MDM............................................................................................22 Data flow: Activating an Android Enterprise device in a Google domain........................................................ 24 Data flow: Activating an Android Enterprise device using a managed Google Play account......................... 25 Data flow: Activating an Android device to have only a work profile in a Google domain..............................27 Data flow: Activating an Android device to have only a work profile using
    [Show full text]
  • The Government of Ontario
    The Government of Ontario Good Control v2.3.53.62 • Good Proxy v2.3.53.69 • GEMS v2.2.22.25 The Government of Ontario Contents Preface .......................................................................................................................................................................................... 5 Good for BlackBerry ............................................................................................................................................................... 6 About Blackberry Enterprise Server (BES) 12 ............................................................................................................. 6 Installing BlackBerry Enterprise Server 12 (BES 12)................................................................................................ 6 The Government of Ontario BES12 Environment ...................................................................................................... 7 Unique BES12 Installation Conditions ........................................................................................................................ 7 Key Points of the BES12 Installations ............................................................................................................................. 8 Set the NIC Binding Order ................................................................................................................................................... 8 Stop all network interfaces ...........................................................................................................................................
    [Show full text]
  • There's Good Security and Then There's National
    BROCHURE THERE’S GOOD SECURITY AND THEN THERE’S NATIONAL SECURITY BlackBerry 10 and BES10 The perfect balance of protection and productivity Back to the Contents THE PERFECT BALANCE OF PROTECTION AND PRODUCTIVITY Contents BlackBerry 10 & BES10 3 Corporate Networks Under Attack 4 BlackBerry Security 5 Protecting Data in Motion 7 BES10 Security Philosophy 8 BES10 Certification & Encryption 9 BES10 Layers of Protection 9 Tech Talk 1 & 2 10 Protecting Work Data on Personal-Use-Enabled Devices 11 BlackBerry Balance 12 Tech Talk 3 13 Enforcing Strong Access Controls 14 BlackBerry 10 Device OS Security Features 15 BES10’s Gold level Controls and Settings 16 Manging Devices 18 BlackBerry Mobile Device Management in Action 19 End-to-end Security 21 3 BlackBerry 10 & BES10 End-to-end mobile data security without compromising business productivity or user satisfaction Keeping corporate data secure is a top priority for The entryways for potential attacks, data loss and productivity any organization. After all, a data breach can cause compromises include: significant financial losses, expose executives to legal Employees maintaining a mix of corporate and third-party actions, damage your company's reputation and weaken applications on the same device and exchanging information or eliminate competitive business advantage. between the two domains As more employees access your corporate network The installation of threat-vulnerable containerization through mobile devices to communicate, collaborate on mobile devices and share data, your infrastructure becomes increasingly Employees visiting sites where they encounter malware or vulnerable to outside attacks and harder to secure and malicious threats protect. The mixing of personal and work email accounts, apps and data, as well as the proliferation of employee- The use of employee-owned devices to access enterprise owned devices, increases the chance of major data leaks.
    [Show full text]
  • Blackberry Professional Software for Microsoft Exchange
    Upgrade Guide BlackBerry Professional Software for Microsoft Exchange Version: 4.1 | Service Pack: 4 SWD-356206-0423030341-001 Contents 1 Upgrading from the BlackBerry Professional Software to the BlackBerry Enterprise Server ........................... 5 Feature comparison for the BlackBerry Professional Software and the BlackBerry Enterprise Server ........................ 5 Host server and database upgrade scenarios......................................................................................................................... 6 2 System requirements.......................................................................................................................................................... 7 System requirements: BlackBerry Enterprise Server ............................................................................................................ 7 System requirements: BlackBerry Attachment Service ........................................................................................................ 9 System requirements: BlackBerry Manager ........................................................................................................................... 10 System requirements: BlackBerry MDS Connection Service ............................................................................................... 11 System requirements: BlackBerry MDS Integration Service ............................................................................................... 12 System requirements: BlackBerry Router ..............................................................................................................................
    [Show full text]
  • Installation Guide SWD-906306-1018091231-001 Contents 1 Planning a Blackberry Enterprise Server Installation
    BlackBerry Enterprise Server for IBM Lotus Domino Version: 4.1 | Service Pack: 7 Installation Guide SWD-906306-1018091231-001 Contents 1 Planning a BlackBerry Enterprise Server installation............................................................................................................ 4 Installing all BlackBerry Enterprise Server components on one computer.............................................................................. 4 Installing the BlackBerry Attachment Service............................................................................................................................. 4 Installing the BlackBerry Collaboration Service.......................................................................................................................... 4 Installing the BlackBerry Manager............................................................................................................................................... 5 Installing the BlackBerry MDS Connection Service.................................................................................................................... 5 Installing the BlackBerry MDS Integration Service.................................................................................................................... 5 Installing the BlackBerry Router................................................................................................................................................... 6 Configuring the Hosted BlackBerry services..............................................................................................................................
    [Show full text]
  • Security Guidelines for Storage Infrastructure
    NIST Special Publication 800-209 Security Guidelines for Storage Infrastructure Ramaswamy Chandramouli Doron Pinhas This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-209 NIST Special Publication 800-209 Security Guidelines for Storage Infrastructure Ramaswamy Chandramouli Computer Security Division Information Technology Laboratory Doron Pinhas Continuity Software New York, NY This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-209 October 2020 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. This publication may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright in the United States.
    [Show full text]
  • N-Central Services Reference Manual
    SERVICES REFERENCE MANUAL SolarWinds N-central Version 12.0 SP1 Last Updated: Monday, October 15, 2018 Services Reference Manual: SolarWinds N-central page 2 Services Reference Manual: SolarWinds N-central About SolarWinds N-central services SolarWinds N-central services monitor customer devices, generate email alerts and PSA tickets, and enable technicians to view the status of devices and troubleshoot errors. Services are composed of metrics that monitor one aspect of a device. For example, the CPU service monitors the overall device CPU usage and the top five CPU-consuming processes. The Process service monitors not only if a specific process is running, but also the CPU, Memory and Disk I/O that the process is consuming. For a full list of services available, see the SolarWinds N-central Services List. SolarWinds N-central services use Reverse Polish Notation (RPN) for all calculation formulae. Service types SERVICE DESCRIPTION TYPE AMP Reports on results generated when running Automation Manager Policies using Global Output Parameters. Backup Monitors backup applications such as Backup Exec and Asigra for the device classes: n Laptop - Windows n Server - Generic/Windows n Workstation - Generic/Windows n Custom Backup Monitors integrated backup functionality based on D2D backup software. Manager EDF Customized services use a Java agent - External Data Feed - to monitor devices and applications through scripts. ESXi Monitors aspects of ESXi servers, including power consumption, logical drives, and related properties using the CIM services/ports. Local Services monitored by agents, including CPU, Disk, Memory and Process services. Log File Agents for Windows, OS X and Linux can scan log files.
    [Show full text]
  • Blackberry Enterprise Server for Microsoft Exchange-Security Note
    BlackBerry Enterprise Server for Microsoft Exchange Placing the BlackBerry Router in the DMZ Version: 5.0 Service Pack: 4 Security Note Published: 2014-01-16 SWD-20140116170308145 Contents 1 BlackBerry Router............................................................................................................................ 4 Opening a direct connection between a device and a BlackBerry Router...............................................................................5 Advantages of using the BlackBerry Router protocol...................................................................................................... 5 Data flow: Authenticating a device with the BlackBerry Enterprise Server using the BlackBerry Router protocol ............. 6 Closing a direct connection between a device and BlackBerry Router.............................................................................6 Installing BlackBerry Router instances to create a chain....................................................................................................... 6 BlackBerry Router connection types and port numbers ........................................................................................................7 2 Installing a BlackBerry Router.........................................................................................................10 Installing a standalone BlackBerry Router ..........................................................................................................................10 Installing the BlackBerry
    [Show full text]
  • Solarwinds N-Central
    SERVICES REFERENCE MANUAL SolarWinds N-central Version 11.2 Last Updated: Monday, April 16, 2018 Services Reference Manual: SolarWinds N-central page 2 Services Reference Manual: SolarWinds N-central About SolarWinds N-central services SolarWinds N-central services monitor customer devices, generate email alerts and PSA tickets, and enable technicians to view the status of devices and troubleshoot errors. Services are composed of metrics that monitor one aspect of a device. For example, the CPU service monitors the overall device CPU usage and the top five CPU-consuming processes. The Process service monitors not only if a specific process is running, but also the CPU, Memory and Disk I/O that the process is consuming. For a full list of services available, see the SolarWinds N-central Services List. SolarWinds N-central services use Reverse Polish Notation (RPN) for all calculation formulae. Service types SERVICE DESCRIPTION TYPE AMP Reports on results generated when running Automation Manager Policies using Global Output Parameters. Backup Monitors backup applications such as Backup Exec and Asigra for the device classes: n Laptop - Windows n Server - Generic/Windows n Workstation - Generic/Windows n Custom Backup Monitors integrated backup functionality based on D2D backup software. Manager EDF Customized services use a Java agent - External Data Feed - to monitor devices and applications through scripts. ESXi Monitors aspects of ESXi servers, including power consumption, logical drives, and related properties using the CIM services/ports. Local Services monitored by agents, including CPU, Disk, Memory and Process services. Log File Agents for Windows, OS X and Linux can scan log files.
    [Show full text]
  • Security Target
    BlackBerry Smartphones with OS 10.3.3 Security Target Doc No: 1958-001-D102 Version: 1.10 9 January 2017 BlackBerry 2200 University Ave. E Waterloo, Ontario, Canada N2K 0A7 Prepared by: EWA-Canada 1223 Michael Street, Suite 200 Ottawa, Ontario, Canada K1J7T2 BlackBerry Smartphones with OS 10.3.3 Security Target CONTENTS 1 SECURITY TARGET INTRODUCTION ............................................. 1 1.1 DOCUMENT ORGANIZATION............................................................. 1 1.2 SECURITY TARGET REFERENCE ........................................................ 1 1.3 TOE REFERENCE ............................................................................. 2 1.4 TOE OVERVIEW .............................................................................. 2 1.5 TOE DESCRIPTION .......................................................................... 3 1.5.1 Physical Scope ............................................................................... 3 1.5.2 TOE Guidance ................................................................................ 5 1.5.3 Logical Scope ................................................................................. 6 2 CONFORMANCE CLAIMS ............................................................... 8 2.1 COMMON CRITERIA CONFORMANCE CLAIM ........................................ 8 2.2 ASSURANCE PACKAGE CLAIM ........................................................... 8 2.3 PROTECTION PROFILE CONFORMANCE CLAIM .................................... 8 3 SECURITY PROBLEM DEFINITION .............................................
    [Show full text]
  • Blackberry Enterprise Server for Microsoft Exchange-Technical Note
    BlackBerry Enterprise Server for Microsoft Exchange Placing the BlackBerry Enterprise Server in a Segmented Network Version: 5.0 Service Pack: 4 Technical Note Published: 2014-01-16 SWD-20140116165150736 Contents 1 Using a segmented network to prevent the spread of malware........................................................... 4 2 Protecting BlackBerry Enterprise Solution communications in your organization's environment......... 5 How a BlackBerry Enterprise Server and messaging server protect a connection to each other ............................................. 5 How the BlackBerry Enterprise Server components and the BlackBerry MVS protect communication ...................................6 How the BlackBerry Collaboration Service connects to an instant messaging server and collaboration clients on devices ...... 7 3 Architecture: BlackBerry Enterprise Server components in a segmented network.............................. 8 4 BlackBerry Enterprise Solution connection types and port numbers................................................ 12 BlackBerry Administration Service connection types and port numbers.............................................................................. 12 BlackBerry Attachment Service connection types and port numbers...................................................................................14 BlackBerry Collaboration Service connection types and port numbers................................................................................ 15 BlackBerry Configuration Database connection types
    [Show full text]
  • Blackberry UEM Guide De Configuration
    BlackBerry UEM Guide de configuration 12.9 2018-10-19Z | | 2 Table des matières Modification des certificats BlackBerry UEM.................................................... 8 Considérations pour changer les certificats BlackBerry Dynamics.................................................................. 9 Modification d'un certificat BlackBerry UEM..................................................................................................... 10 Configurer BlackBerry UEM pour envoyer les données via un serveur proxy....12 Envoi de données via un serveur proxy TCP vers BlackBerry Infrastructure...................................................12 Comparaison des proxys TCP................................................................................................................. 12 Configurer BlackBerry UEM pour utiliser un serveur proxy TCP transparent....................................... 13 Activer SOCKS v5 sur un serveur proxy TCP......................................................................................... 14 Envoi de données via BlackBerry Router vers BlackBerry Infrastructure.........................................................14 Configurer BlackBerry UEM pour utiliser BlackBerry Router................................................................. 14 Envoi de données via un proxy HTTP vers BlackBerry Dynamics NOC........................................................... 15 Configurer les paramètres proxy HTTP.................................................................................................
    [Show full text]