3 Contents Introduction... 7 About this guide...8 What is BES12 Cloud?... 9 Key features of BES12 Cloud...10 Security features Hardware and OS security Hardware root of trust for BlackBerry devices The BlackBerry 10 OS...15 The file system Sandboxing Device resources App permissions...16 Verifying software Preventing memory corruption...17 Activating and managing devices Activating devices...20 Activation passwords User registration with the BlackBerry Infrastructure Data flow: Activating a device...21 Using IT policies to manage security...23 Data in transit...25 How devices connect to your resources...26 Protecting Wi-Fi connections Connecting to a VPN...30 Types of encryption used for communication between devices and your resources Protecting data in transit between BES12 Cloud and devices Protecting device management data sent between BES12 Cloud and devices...32 Types of encryption used to send device management data to devices Providing devices with single sign-on access to your organization's network...34 Using Kerberos to provide single sign-on from devices...34 Protecting data in transit between BES12 Cloud and your company directory...35
4 Data flow: Establishing a secure connection between BES12 Cloud and the BlackBerry Cloud Connector...35 Protecting communication with devices using certificates Providing client certificates to devices...37 Using SCEP to enroll client certificates to devices...38 Sending CA certificates to devices...40 Protecting messages Extending security Data at rest...49 Activation options Securing BlackBerry Balance devices Securing regulated BlackBerry Balance devices...51 How work and personal spaces are separated Securing work space only devices Encryption How devices protect personal data...54 How devices protect work data Advanced data at rest protection How devices classify apps and data...58 Passwords Changing passwords...61 Data wipe Controlling when devices delete all data in the work space...65 Full device wipe Work data wipe...68 Controlling messaging...70 Controlling access to content Controlling access to devices Controlling device features...74 Controlling security timeout Managing sharing of work and personal files using the "Share" option Ensuring device integrity...76 Controlling software Controlling voice control Setting a home screen message...77 Controlling network connections from devices Transferring work data from devices using Bluetooth...78 Managing data transferred to and from a device using NFC... 81
5 Controlling roaming BlackBerry Link protection...82 Authentication between devices and BlackBerry Link...82 Data protection between BlackBerry Link and devices...82 Back up and restore Remote media and file access architecture Smart cards Unbinding the current smart card from a device...84 Authenticating a user using a smart card...84 Managing how devices use smart cards Apps Managing apps Managing work apps on devices...88 BlackBerry World for Work Installing personal apps on devices Preventing users from installing apps using development tools Protecting a device from malicious apps How devices are designed to prevent BlackBerry Runtime for Android apps from accessing work apps and data...89 Managing how apps open links in the work and personal spaces on devices...90 Preventing users from using voice dictation within work apps on devices Preventing users from sharing work data on devices when sharing the screen during BBM Video chats Making apps unavailable on devices Controlling how apps connect to networks...92 How work apps connect to work networks Preventing personal apps from connecting to work networks Allowing work apps to connect to personal networks...93 Cryptography...95 Cryptography on devices...96 Symmetric encryption algorithms...96 Asymmetric encryption algorithms...96 Hash algorithms Message authentication codes...97 Signature algorithms...97 Key agreement algorithms Cryptographic protocols...98 Cipher suites for SSL/TLS connections...99
6 Cryptographic libraries VPN cryptographic support Wi-Fi cryptographic support Product documentation Glossary Legal notice...111
8 Introduction About this guide 1 BES12 helps you manage devices for your organization, including BlackBerry 10, ios, Android, and Windows Phone devices. This guide describes how BES12 delivers a higher level of control and security to BlackBerry 10 devices. This guide is intended for senior IT professionals responsible for evaluating the product and planning its deployment, as well as anyone who's interested in learning more about BES12 solution security. After you read this guide, you should understand how BES12 can help protect data in transit, data at rest, and apps for your organization. 8
9 Introduction What is BES12 Cloud? 2 BES12 Cloud is an EMM solution from BlackBerry. EMM solutions help you manage mobile devices for your organization. You can manage BlackBerry 10, ios, Android and Windows Phone devices, all from a unified interface. BES12 Cloud is an EMM solution that is available in the cloud. EMM solution BES12 Cloud BES12 Description An easy-to-use, low-cost, and secure solution. BlackBerry hosts this service over the Internet. You only need a supported web browser to access the service, and BlackBerry maintains high availability to minimize downtime. Optionally, you can connect your on-premises company directory to BES12 Cloud. A comprehensive, scalable, and secure solution. Your organization installs this service in its environment. The deployment can range in size from one server to many, and you can set up and maintain high availability to minimize downtime. 9
10 Introduction Key features of BES12 Cloud Feature Management of most types of devices Single, unified interface Initial-login wizard Trusted and secure experience Balance of work and personal needs High availability Description You can manage BlackBerry 10, ios, Android, and Windows Phone devices. You can view all devices in one place and access all management tasks in a single, web-based interface. You can share administrative duties with multiple administrators who can access the administration consoles at the same time. When you log in to BES12 Cloud for the first time, a wizard helps you set up some of the features of BES12 Cloud. The wizard can help you install an APNs certificate to manage ios devices, set an initial password policy to make sure devices are protected, and create an profile to make sure devices can access work . Device controls give you precise management of how devices connect to your network, what capabilities are enabled, and what apps are available. Whether the devices are owned by your organization or your users, you can protect your organization's information. BlackBerry Balance technology is designed to ensure that personal and work information are kept separate and secure on BlackBerry devices. If the device is lost or the employee leaves the organization, you can delete only workrelated information or all information from the device. Instead of having to maintain your own highly available service for device management, with all the upfront and maintenance costs, BlackBerry maintains the service and maximizes uptime for you. 10
11 Introduction Security features Feature Description BlackBerry manufacturing security model BlackBerry's end-to-end manufacturing model ensures BlackBerry 10 device hardware integrity and that only genuine BlackBerry devices connect to the BlackBerry Infrastructure. BlackBerry 10 OS protection Administrative control Control over device access to your organization s network Protection of company directory data Protection of data in transit Protection of data at rest Cryptography FIPS certification for the BES12 server The BlackBerry 10 OS is tamper-resistant, resilient, and secure, and includes many security features that protect data, apps, and resources on devices. BES12 provides you with control over device behavior through features such as device activation, IT administration commands, IT policies, and profiles. BES12 allows you to send work Wi-Fi profiles and work VPN profiles to BlackBerry 10 devices so that you can control which devices can connect to your organization's network. If you allow BES12 Cloud to access your company directory, the BlackBerry Cloud Connector sends your company directory information to BES12 Cloud over a secure TLS connection. Data in transit within the BES12 solution is protected using security features such as encryption, certificates, and mutually authenticated connections. Data at rest on BlackBerry 10 devices is protected using security features such as encryption, passwords, and data wiping. BlackBerry 10 devices support various types of cryptographic algorithms, codes, protocols, and APIs. BES12 encrypts all of the data that it stores directly and writes indirectly to files using a FIPS-validated cryptographic module. 11
13 Hardware and OS security Secure
14 Hardware and OS security Hardware root of trust for BlackBerry devices 3 BlackBerry ensures the integrity of BlackBerry device hardware and makes sure that counterfeit devices can't connect to the BlackBerry Infrastructure and use BlackBerry services. From the beginning of the product lifecycle, BlackBerry integrates security into every major component of the product design of devices. BlackBerry has enhanced its end-to-end manufacturing model to securely connect the supply chain, BlackBerry manufacturing partners, the BlackBerry Infrastructure, and BlackBerry devices, which allows BlackBerry to build trusted devices anywhere in the world. The BlackBerry manufacturing security model prevents counterfeit devices from impersonating authentic devices and makes sure that only genuine BlackBerry devices can connect to the BlackBerry Infrastructure. The BlackBerry Infrastructure uses device authentication to cryptographically prove the identity of the device that attempts to register with it. The BlackBerry manufacturing systems use the device s hardware-based ECC 521-bit key pair to track, verify, and provision each device as it goes through the manufacturing process. Only devices that complete the verification and provisioning processes can register with the BlackBerry Infrastructure. 14
15 Hardware and OS security The BlackBerry 10 OS 4 The BlackBerry 10 OS is the microkernel operating system of the BlackBerry 10 device. Microkernel operating systems implement the minimum amount of software in the kernel and run other processes in the user space that is outside of the kernel. Microkernel operating systems are designed to contain less code in the kernel than other operating systems. The reduced amount of code helps the kernel to avoid the vulnerabilities that are associated with complex code and to make verification easier. Verification is the process of evaluating a system for programming errors. Many of the processes that run in the kernel in a conventional operating system run in the user space of the OS. The OS is tamper-resistant. The kernel performs an integrity test when the OS starts and if the integrity test detects damage to the kernel, the device doesn t start. The OS is resilient. The kernel isolates a process in its user space if it stops responding and restarts the process without negatively affecting other processes. In addition, the kernel uses adaptive partitioning to prevent apps from interfering with or reading the memory used by another app. The OS is secure. The kernel validates requests for resources and an authorization manager controls how apps access the capabilities of the device, such as access to the camera, contacts, and device identifying information. The file system The BlackBerry 10 device file system runs outside of the kernel and keeps work data secure and separate from personal data. The file system is divided into the following areas: Base file system Work file system Personal file system (on devices with a personal space) The base file system is read-only and contains system files. Because the base file system is read-only, the BlackBerry 10 OS can check the integrity of the base file system and mitigate any damage done by an attacker who changed the file system. The work file system contains work apps and data. The device encrypts the files stored in the work space. On devices with a personal space, the personal file system contains personal apps and data. Apps that a user installed on the device from the BlackBerry World storefront are located in the personal file system. The device can encrypt the files stored in the personal file system. Sandboxing The BlackBerry 10 OS uses a security mechanism called sandboxing to separate and restrict the capabilities and permissions of apps that run on the device. Each app process runs in its own sandbox, which is a virtual container that consists of the memory and the part of the file system that the app process has access to at a specific time. 15
16 Hardware and OS security Each sandbox is associated with both the app and the space that it's used in. For example, an app can have one sandbox in the personal space and another sandbox in the work space; each sandbox is isolated from the other one. The OS evaluates the requests that an app s process makes for memory outside of its sandbox. If a process tries to access memory outside of its sandbox without approval from the OS, the OS ends the process, reclaims all of the memory that the process is using, and restarts the process without negatively affecting other processes. When the OS is installed, it assigns a unique group ID to each app. Two apps can't share the same group ID, and the OS doesn't reuse group IDs after apps are removed. An app s group ID remains the same when the app is upgraded. By default, each app stores its data in its own sandbox. The OS prevents apps from accessing file system locations that aren't associated with the app s group ID. An app can also store and access data in a shared directory, which is a sandbox that is available to any app that has access to it. When an app that wants to store or access files in the shared directory starts for the first time, the app prompts the user to allow access. Device resources The BlackBerry 10 OS manages the device's resources so that an app can't take resources from another app. The OS uses adaptive partitioning to reallocate unused resources to apps during typical operating conditions and enhance the availability of the resources to specific apps during peak operating conditions. App permissions The authorization manager is the part of the BlackBerry 10 OS that evaluates requests from apps to access the capabilities of the device. Capabilities include taking a photograph and recording audio. The OS invokes the authorization manager when an app starts to set the permissions for the capabilities that the app uses. When an app starts, it might prompt the user to allow access to a capability. The authorization manager can store a permission that the user grants and apply the permission the next time that the app starts. Verifying software Verifying the boot loader code The BlackBerry 10 device uses an authentication method that verifies that the boot loader code is permitted to run on the device. The manufacturing process installs the boot loader into the flash memory of the device and a public signing key into the processor of the device. The BlackBerry signing authority system uses a private key to sign the boot loader code. The device stores information that it can use to verify the digital signature of the boot loader code. When a user turns on a device, the processor runs internal ROM code that reads the boot loader from flash memory and verifies the digital signature of the boot loader code using the stored public key. If the verification process completes, the boot loader is permitted to run on the device. If the verification process can't complete, the device stops running. 16
17 Hardware and OS security Verifying the OS and file system If the boot loader code is permitted to run on a BlackBerry 10 device, the boot loader code verifies the BlackBerry 10 OS. The OS is digitally signed using EC 521 with a series of private keys. The boot loader code uses the corresponding public keys to verify that the digital signature is correct. If it's correct, the boot loader code runs the BlackBerry 10 OS. Before the OS mounts the read-only base file system, it runs a validation program that generates a SHA-256 hash of the base file system content, including all metadata. The program compares the SHA-256 hash to a SHA-256 hash that is stored outside the base file system. This stored hash is digitally signed using EC 521 with a series of private keys. If the hashes match, the validation program uses the corresponding public keys to verify the signature and the integrity of the stored hash. Verifying apps and software upgrades Once the base file system is validated, the BlackBerry 10 OS verifies existing apps by reading an app s XML file and verifying the assets of the app against the cryptographically signed hashes contained in the XML manifest. Each software upgrade and app for the BlackBerry 10 device is packaged in the BlackBerry Archive (BAR) format. This format includes SHA-2 hashes of each archived file, and an ECC signature that covers the list of hashes. When a user installs a software upgrade or app, the installation program verifies that the hashes and the digital signature are correct. The digital signatures for a BAR file also indicate the author of the software upgrade or app. The user can then decide whether to install the software based on its author. Because the device can verify the integrity of a BAR file, the device can download BAR files over an HTTP connection, which makes the download process faster than over a more secure connection. Preventing memory corruption BlackBerry 10 devices prevent exploitation of memory corruption in a number of different ways, including the security mechanisms listed in the following table: Security mechanism Non-executable stack and heap Stack cookies Robust heap implementations Description The stack and heap areas of memory are marked as non-executable. This means that a process can't execute machine code in these areas of the memory, which makes it more difficult for an attacker to exploit potential buffer overflows. Stack cookies are a form of buffer overflow protection that helps prevent attackers from executing arbitrary code. The heap implementation includes a defense mechanism against the deliberate corruption of the heap area of memory. The mechanism is designed to detect or mitigate the overwriting of in-band heap data structures so that a program can fail in a secure manner. The mechanism helps prevent attackers from executing arbitrary code via heap corruption. 17
18 Hardware and OS security Security mechanism Address space layout randomization (ASLR) Compiler-level source fortification Guard pages Description By default, the memory positions of all areas of a program are randomly arranged in the address space of a process. This mechanism makes it more difficult for an attacker to perform an attack that involves predicting target addresses to execute arbitrary code. The compiler GCC uses the FORTIFY_SOURCE option to replace non-secure code constructs where possible. For example, it might replace an unbounded memory copy with its bounded equivalent. If a process attempts to access a memory page, the guard page raises a one-time exception and causes the process to fail. These guard pages are placed strategically between memory used for different purposes, such as the standard program heap and the object heap. This mechanism helps prevent an attacker from causing a heap buffer overflow and changing the behavior of a process or executing arbitrary code with the permissions of the compromised process. 18
19 Activating and managing devices Simple
20 Activating and managing devices Activating devices 5 Device activation associates a BlackBerry 10 device with a user account in BES12 and establishes a secure communication channel between the device and BES12. BES12 allows multiple devices to be activated for the same user account. More than one active ios, Android, Windows Phone, and BlackBerry 10 device can be associated with a user account. All device types consume a license when they are activated. BlackBerry 10 devices can be activated using one of three activation types. Activation type Work and personal - Corporate Work and personal - Regulated Work space only Description This option activates a BlackBerry Balance device that separates work and personal data. Your organization has control only over the work space. This option activates a regulated BlackBerry Balance device. These devices separate work and personal data but give you more control over the features available on the device. This option activates a device that has a work space only. You can activate devices that are running BlackBerry 10 OS version 10.3 and later for users using a USB connection instead of a wireless connection. To activate devices using a USB connection, you must install the BlackBerry Wired Activation Tool. By default, a user can activate a device using any of the following connections: Over any Wi-Fi connection or mobile network using a VPN connection with a connection to the BlackBerry Infrastructure Over any Wi-Fi connection or mobile network through the BlackBerry Infrastructure Your organization's activation information is registered automatically with the BlackBerry Infrastructure. The username and your organization's BES12 server address is sent to and stored in the BlackBerry Infrastructure. If you turn off registration with the BlackBerry Infrastructure, then BES12 users also require the organization's BES12 server address to activate their devices. Users can activate their devices after they receive an activation message from BES12, or they can log in to BES12 Self- Service and request an activation password. When a user begins activation of a BlackBerry Balance or regulated BlackBerry Balance device, if the device has an existing work space, the device displays a warning message to indicate that the work data and work apps on the device will be deleted. When the user confirms that the device should be activated, the existing work space is deleted and a new work space is created. 20
21 Activating and managing devices When a user begins activation of a work space only device, the device displays a warning message to indicate that all data on the device will be deleted. When the user confirms that the device should be activated, all data is deleted and the device restarts before the new work space is created. After the activation process completes, BES12 can send apps, profiles, and IT policies to the device. If an profile is configured, the user can send and receive work messages using the device. For more information about activating and managing devices, visit docs.blackberry.com/bes12cloud to see the Administration content. Activation passwords You can specify how long an activation password remains valid before it expires. You can also specify the default password length for the automatically generated password that is sent to users in the activation message. The value that you enter for the activation period expiration appears as the default setting in the "Activation period expiration" field when you add a user account to BES12. The activation period expiration can be 1 minute to 30 days, and the length of the automatically generated password can be 4 to 16 characters. User registration with the BlackBerry Infrastructure User registration with the BlackBerry Infrastructure is a setting in the default activation settings that allows users to be registered with the BlackBerry Infrastructure when you add a user to BES12. Information sent to the BlackBerry Infrastructure is sent and stored securely. The benefit of registration is that users don't have to enter the server address when they are activating a device; they only need to enter their address and password. The Enterprise Management Agent on BlackBerry 10 devices then communicates with the BlackBerry Infrastructure to retrieve the server address. A secure connection is established with BES12 with minimal user input. You can turn off user registration with the BlackBerry Infrastructure if you don't want to send user information to BlackBerry. Data flow: Activating a device You can activate a device using any wireless connection, such as a Wi-Fi network or the mobile network. 21
22 Activating and managing devices 1. You add a user to BES12 using the management console. 2. If the device is an Android, ios, or Windows Phone device, the user downloads and installs the BES12 Client on their device. 3. The user enters their activation username and password on their device. 4. BES12 verifies the user's activation credentials and sends the activation details to the device, including device configuration information. 5. The device receives the activation details from BES12 and completes the configuration. The device then sends confirmation to BES12 that the activation was successful. 22
23 Activating and managing devices Using IT policies to manage security 6 An IT policy is a set of rules that restrict or allow features and functionality on devices. IT policy rules can manage the security and behavior of devices. The device OS and device activation type determine which rules in an IT policy apply to a specific device. For example, depending on the device activation type, OS, and version, IT policy rules can be used to: Enforce password requirements on devices or the device work space Prevent users from using the camera Control connections that use Bluetooth wireless technology Force data encryption Only one IT policy can be assigned to each user account, and the assigned IT policy is sent to all of the user's devices. If you don't assign an IT policy to a user account or to a group that a user or device belongs to, BES12 sends the Default IT policy to the user's devices. You can rank IT policies to specify which policy is sent to devices if a user or a device is a member of two or more groups that have different IT policies and no IT policy is assigned directly to the user account. BES12 sends the highest ranked IT policy to the user's devices. BES12 automatically sends IT policies to devices when a user activates a device, when an assigned IT policy is updated, and when a different IT policy is assigned to a user or group. When a device receives a new or updated IT policy, the device applies the configuration changes in near real-time. All of the BlackBerry 10 IT policy rules available in BES12 apply to regulated BlackBerry Balance devices. Work space only devices and BlackBerry Balance devices ignore rules in the IT policy that are not applicable to those devices. For more information about assigning and ranking IT policies, visit docs.blackberry.com/bes12cloud to see the Administration content. For more information about specific IT policy rules, visit docs.blackberry.com/bes12cloud to see the Policy Reference Spreadsheet in the Administration content. 23
25 Data in transit
26 Data in transit How devices connect to your resources 7 BlackBerry 10 devices can connect to your organization s resources (for example, mail servers, web servers, and content servers) using a number of communication methods. By default, devices try to connect to your organization s resources using the following communication methods, in order: 1. Work VPN profiles that you configure 2. Work Wi-Fi profiles that you configure 3. Personal VPN profiles and personal Wi-Fi profiles that a user configures on the device By default, work apps on the device can also use any of these communication methods to access the resources in your organization s environment. Protecting Wi-Fi connections A device can connect to work Wi-Fi networks that use the IEEE standard. The IEEE i standard uses the IEEE 802.1X standard for authentication and key management to protect work Wi-Fi networks. The IEEE i standard specifies that organizations must use the PSK protocol or the IEEE 802.1X standard as the access control method for Wi-Fi networks. You can use Wi-Fi profiles to send Wi-Fi configuration information, including security settings and any required certificates to devices. 26
27 Data in transit Layer 2 security methods that a device supports You can configure a device to use security methods for layer 2 (also known as the IEEE link layer) so that the wireless access point can authenticate the device to allow the device and the wireless access point to encrypt the data that they send to each other. The device supports the following layer 2 security methods: WEP encryption (64-bit and 128-bit) IEEE 802.1X standard and EAP authentication using PEAP, EAP-TLS, EAP-TTLS, and EAP-FAST TKIP and AES-CCMP encryption for WPA-Personal, WPA2-Personal, WPA-Enterprise, and WPA2-Enterprise To support layer 2 security methods, the device has a built-in IEEE 802.1X supplicant. If a work Wi-Fi network uses EAP authentication, you can permit and deny device access to the work Wi-Fi network by updating your organization s central authentication server. You're not required to update the configuration of each access point. For more information about IEEE and IEEE 802.1X, see For more information about EAP authentication, see RFC IEEE 802.1X standard The IEEE 802.1X standard defines a generic authentication framework that a device and a work Wi-Fi network can use for authentication. The EAP framework is specified in RFC The device supports EAP authentication methods that meet the requirements of RFC 4017 to authenticate the device to the work Wi-Fi network. Some EAP authentication methods (for example, EAP-TLS, EAP-TTLS, EAP-FAST, or PEAP) use credentials to provide mutual authentication between the device and the work Wi-Fi network. The device is compatible with the WPA-Enterprise and WPA2-Enterprise specifications. Data flow: Authenticating a device with a work Wi-Fi network using the IEEE 802.1X standard If you configured a wireless access point to use the IEEE 802.1X standard, the access point permits communication using EAP authentication only. This data flow assumes that you configured a device to use an EAP authentication method to communicate with the access point. 1. The device associates itself with the access point that you configured to use the IEEE 802.1X standard. The device sends its credentials (typically a username and password) to the access point. 2. The access point sends the credentials to the authentication server. 3. The authentication server performs the following actions: a b c Authenticates the device on behalf of the access point Instructs the access point to permit access to the work Wi-Fi network Sends Wi-Fi credentials to the device to permit it to authenticate with the access point 4. The access point and device use EAPoL-Key messages to generate encryption keys (for example, WEP, TKIP, or AES- CCMP, depending on the EAP authentication method that the device uses). 27
Security Guide BlackBerry Enterprise Service 12 for BlackBerry Version 12.0 Published: 2014-11-12 SWD-20141106140037727 Contents Introduction... 7 About this guide...8 What is BES12?...9 Key features of
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What
Administration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2015-01-16 SWD-20150116150104141 Contents Introduction... 9 About this guide...10 What is BES12?...11 Key features of BES12...
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
Configuration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-12-19 SWD-20141219132902639 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12...
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Security Technical Overview Published: 2014-01-17 SWD-20140117135425071 Contents 1 New in this release...10 2 Overview...
BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Policy and Profile Reference Guide Published: 2014-06-16 SWD-20140616165002982 Contents 1 About this guide... 10 2 New IT policy
Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services
Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...
ClickShare Network Integration Application note 1 Introduction ClickShare Network Integration aims at deploying ClickShare in larger organizations without interfering with the existing wireless network
Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining
BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
Configuration Guide BES12 Version 12.3 Published: 2016-01-19 SWD-20160119132230232 Contents About this guide... 7 Getting started... 8 Configuring BES12 for the first time...8 Configuration tasks for managing
Security Guide PRIV by BlackBerry Published: 2016-04-25 SWD-20160425114127770 Contents Introduction: Security and privacy, deep and wide...5 Device security: Layered defenses throughout the stack...6 Device
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
ClickShare Network Integration Application note 1 Introduction ClickShare Network Integration aims at deploying ClickShare in larger organizations without interfering with the existing wireless network
Installation and Administration Guide BlackBerry Enterprise Transporter for BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-11-06 SWD-20141106165936643 Contents What is BES12?... 6 Key features
Reference Guide What's New in BES12 Cloud 711-60712-123 Published: 2016-06-20 SWD-20160620151902701 Contents What's new in BES12 Cloud...5 Supported features by device type... 5 Compatibility and requirements...11
Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
BlackBerry Business Cloud Services Policy Reference Guide Published: 2012-01-30 SWD-1710801-0125055002-001 Contents 1 IT policy rules... 5 Preconfigured IT policies... 5 Default for preconfigured IT policies...
Administration Guide BES12 Version 12.3 Published: 2015-10-30 SWD-20151028105551254 Contents Introduction... 11 About this guide...12 How to use this guide... 13 Steps to administer BES12... 13 Examples
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Administration Guide SWDT487521-635336-0528040852-001 Contents 1 Overview: BlackBerry Enterprise Server... 21 Getting started in your BlackBerry
Licensing Guide BES12 Version 12.1 Published: 2015-04-02 SWD-20150402115554403 Contents Introduction... 5 About this guide...5 What is BES12?...5 Key features of BES12... 5 About licensing...7 Steps to
GOV.UK Guidance BlackBerry 10.3 Work Space Only Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network architecture
SAP Single Sign-On 2.0 SP04 Document Version: 1.0-2014-10-28 PUBLIC Secure Login for SAP Single Sign-On Implementation Guide Table of Contents 1 What Is Secure Login?....8 1.1 System Overview.... 8 1.1.1
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
OS X 10.7.3 and ios 5.1 May 25, 2012 Contents About 802.1X... 3 Apple Product Compatibility with 802.1X... 7 Configuring 802.1X Settings... 10 Resources... 17 Appendix A: Payload Settings for 802.1X...
Deploying iphone and ipad Virtual Private Networks Secure access to private corporate networks is available on iphone and ipad using established industry-standard virtual private network (VPN) protocols.
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
BlackBerry Enterprise Service 10 Version: 10.2 Installation Guide Published: 2015-08-17 SWD-20150817115607897 Contents 1 About this guide...5 2 What is BlackBerry Enterprise Service 10?... 6 Key features
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise
Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Feature and Technical Overview Published: 2013-11-07 SWD-20131107160132924 Contents 1 Document revision history...6 2 What's
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
BlackBerry Desktop Software User Guide Version: 2.4 SWD-1905381-0426093716-001 Contents Basics... 3 About the BlackBerry Desktop Software... 3 Set up your smartphone with the BlackBerry Desktop Software...
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG 5 How-To Guide Digital Certificates July 2011 Revision 1.0 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the
DATASHEET SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT Silver level EMM Enterprise Mobility Management for Corporate-owned and BYOD devices BlackBerry Enterprise Service 10 is a powerful device,
Authentication FortiOS authentication identifies users through a variety of methods and, based on identity, allows or denies network access while applying any required additional security measures. Authentication
Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia email@example.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and
Technical Certificates Overview Version 8.2 Mobile Service Manager Legal Notice This document, as well as all accompanying documents for this product, is published by Good Technology Corporation ( Good
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
BlackBerry Enterprise Service version.2 preinstallation and preupgrade checklist Verify that the following requirements are met before you install or upgrade to BlackBerry Enterprise Service version.2.
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
USER GUIDE WWPass Security for Email (Outlook) For WWPass Security Pack 2.4 March 2014 TABLE OF CONTENTS Chapter 1 Welcome... 4 Introducing WWPass Security for Email (Outlook)... 5 Supported Outlook Products...
Step-by-step Guide for Configuring Cisco ACS server as the Radius with an External Windows Database Table of Contents: INTRODUCTION:... 2 GETTING STARTED:... 3 STEP-1: INTERFACE CONFIGURATION... 4 STEP-2:
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
Xperia TM Security in Business Read about how Xperia TM devices manage security in a corporate IT environment System security Secure storage Network security Device security Digital certificates June 2015
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) firstname.lastname@example.org Open Web Application Security Project http://www.owasp.org
NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in
Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION Response Code: Offeror should place the appropriate letter designation in the Availability column according
Entrust Managed Services PKI Auto-enrollment Server 7.0 Installation and Configuration Guide Document issue: 1.0 Date of Issue: July 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
Cisco Secure Access Control Server 4.2 for Windows Overview Q. What is Cisco Secure Access Control Server (ACS)? A. Cisco Secure ACS is a highly scalable, high-performance access control server that operates
Your consent to our cookies if you continue to use this website.