Table of Contents
Advertisement
BlackBerry Enterprise Solution
that component to its public key. The instant messaging component can use its digital certificates to
authenticate to another instant messaging component to allow encrypted communication between them.
If your environment is using Microsoft Windows Messenger, the BlackBerry Enterprise Server administrator can
set the LCS Connector to use TLS to encrypt data that it sends to the Live Communications Server. The computer
running the Microsoft Live Communications Server Connector must trust the TLS certificate on the Microsoft Live
Communications Server. If the certificate that the Microsoft Live Communications Server uses is self-signed, the
BlackBerry Enterprise Server administrator needs to install the certificate on the BlackBerry Collaboration
Service computer.
If your environment is using Microsoft Office Communicator, the BlackBerry Enterprise Server administrator can
set the BlackBerry Collaboration Service to use HTTPS to encrypt data that it sends to the Microsoft CWA Server.
The Microsoft CWA Server and Microsoft Live Communications Server automatically encrypt data that they send
between them using TLS.
Using segmented network architecture to prevent the spread of malware on your
organization's network
The system administrator can separate your organization's network or LAN into multiple firewall-segmented
components to create segmented network architecture. Each segment of your organization's network can
contain network traffic, which improves the security and performance of the network segment by filtering out
data that is not destined for that particular segment. If your organization's security policies enforce the use of
segmented network architecture, the system administrator can place the BlackBerry Enterprise Solution
components in network segments.
To place the BlackBerry Enterprise Solution in multiple network segments, the system administrator must install
each component on a remote computer and then place each computer in its own network segment. Placing the
BlackBerry Enterprise Solution components in segmented network architecture is an option designed to prevent
the spread of potential attacks from one BlackBerry Enterprise Solution component that exists on a remote
computer to another computer within your organization's LAN. In a segmented network, attacks are isolated and
contained on one computer. When each BlackBerry Enterprise Solution component resides in its own network
segment, the system administrator allows remote communications by opening only the port connections that the
BlackBerry Enterprise Solution components use.
For more information, see Placing the BlackBerry Enterprise Solution in a Segmented Network.
Preventing the spread of malware on your Wi-Fi network by using a network architecture that is segmented
If you have configured an enterprise Wi-Fi network that uses a VPN solution, when Wi-Fi enabled BlackBerry
devices make connections to that network, they might allow the VPN concentrator, which acts as network
gateway, to send data directly over port number 4101 to a BlackBerry Enterprise Server within the internal
network of your organization. The VPN concentrator is the only device connected to the enterprise Wi-Fi network
in this scenario. Configure your VPN concentrator to prevent it from opening unnecessary connections to the
internal network.
Protecting Wi-Fi connections to the BlackBerry Enterprise Solution
If your wireless solution uses an enterprise Wi-Fi network to extend your organization's enterprise network,
system administrators should protect the enterprise Wi-Fi network solution from unauthorized use, as they
should protect the enterprise network. This protection should include the following requirements:
•
all wireless client devices must complete authentication before gaining access to the network
•
all wireless communications between wireless client devices and the network must be encrypted
The system administrator should make carefully considered security decisions for every enterprise Wi-Fi network
installation. For details and recommendations, see your enterprise Wi-Fi network infrastructure component
vendor(s).
www.blackberry.com
46
Advertisement
Table of Contents
