Unwired Accelerator uses Research in Motion (RIM) built in security for BlackBerry devices, including:
Device security:
Password protection with screen saver.
Only a hash of the password is stored on the device, so even if a hacker can access device memory he or she cannot figure out the password.
Ten bad password attempts wipes out all user data.
Administrator can remotely command the BlackBerry to wipe all user data when the device is reported stolen.
Administrator can block access from BlackBerry if it is temporarily lost.
Data security:
All communication between the BlackBerry over wireless and the Internet is 3DES-encrypted until it reaches the BlackBerry Enterprise Server (BES).
The shared keys for 3DES encrypt/decrypt is generated by random mouse movements monthly and stored in the BES and BlackBerry device.
Virus/malicious application:
Administrators can control whether new applications are allowed to be downloaded to BlackBerry.
If application downloads are allowed, those applications can be controlled as to whether they are allowed to connect to the intranet, extranet addresses, both, or neither. A single application cannot then pull information from the intranet and push it to the extranet.
Certain sensitive APIs are access controlled. An application cannot call those APIs unless the application’s code has been digitally signed by RIM.
Applications are explicitly sandboxed to prevent them from accessing data/memory from other applications.
Unwired Accelerator access:
Synchronization of applications, or online browsing of Unwired Accelerator applications requires the user to login with a UA user name and password.
All the HTTP traffic is encrypted as described above, under Data Theft. The only place data is unencrypted is when it is behind the firewall and inside the corporate intranet.
For extra security, you can access UA over HTTPS and the data is always encrypted from end-to-end, and fine-grained access control to corporate data is guaranteed via the UA access controls.
To learn more about RIM security, or to find out how to change the default settings, see these guides:
BlackBerry Application Platform 4.0 Technical Overview – available at the RIM online site: http://www.blackberry.com/knowledgecenterpublic/livelink.exe/BlackBerry_Application_Platform_Technical_Overview.pdf?func=doc.Fetch&nodeId=695415&docTitle=BlackBerry+Application+Platform+Technical+Overview
BlackBerry Security White Paper 4.0 – available at the RIM online site: http://www.blackberry.com/knowledgecenterpublic/livelink.exe/BlackBerry_Security_White_Paper_version_4.0?func=doc.Fetch&nodeId=739746&docTitle=BlackBerry+Security+White+Paper+version+4%2E0
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
