Blackberry PRD-09695-004 Security Guide - Page 6

BlackBerry Smart Card Reader 6 The BlackBerry Enterprise Solution is designed so that data remains encrypted (in other words, it is not decrypted) at all points between the BlackBerry device and the BlackBerry Enterprise Server. Only the BlackBerry Enterprise Server and the BlackBerry device can access the data that they send between them. The BlackBerry Enterprise Solution uses a symmetric key encryption algorithm, which is designed to provide strong security, to protect all data that the BlackBerry device and the BlackBerry Enterprise Server send between them while the data is in transit. The BlackBerry Enterprise Solution uses either the Triple DES algorithm or the AES algorithm for this standard BlackBerry encryption, which is designed to verify that a message that a user sends from a Blackberry device remains protected in transit to the BlackBerry Enterprise Server while the message data is outside of your organization's firewall. Bluetooth enabled BlackBerry devices BlackBerry devices that use Bluetooth wireless technology are designed to establish a wireless connection with other Bluetooth enabled devices, such as a hands-free car kit or a headset, that are within an approximate 10-m range of these BlackBerry devices. Bluetooth profiles specify how applications on Bluetooth enabled BlackBerry devices and on other Bluetooth devices connect, and how those applications are interoperable. The Bluetooth Serial Port Profile on Bluetooth enabled BlackBerry devices specifies how the BlackBerry device and another Bluetooth enabled device can establish a serial connection between them using a virtual serial port. Bluetooth enabled devices access the virtual serial port through the BlackBerry SDK. Bluetooth enabled BlackBerry devices running BlackBerry Device Software Version 4.0 or later are designed to provide the following security measures by default on the Bluetooth wireless channel, which is widely considered to be nonsecure: • The Bluetooth wireless transceiver on the BlackBerry device is turned off. • Users must request a connection between the Bluetooth enabled BlackBerry device with a Bluetooth device and type a password called a passkey, which is a shared secret key, to complete the pairing. • Users can specify whether the BlackBerry device uses the passkey to encrypt data that the user sends over a Bluetooth connection. • The Bluetooth enabled BlackBerry device prompts the user each time a Bluetooth enabled device tries to connect to the BlackBerry device. • The Bluetooth enabled BlackBerry device never enters into discoverable mode unless the user turns on that feature. Managing Bluetooth enabled BlackBerry devices Using BlackBerry Enterprise Server Software Version 4.0 or later, you can set BlackBerry Enterprise Server IT policy rules that are designed to control the behavior of Bluetooth enabled BlackBerry devices, including the following examples: • prevent Bluetooth enabled BlackBerry devices from establishing a Bluetooth connection to another Bluetooth enabled BlackBerry device, another Bluetooth enabled device, or the BlackBerry Desktop Software • prevent users from turning on discoverable mode on Bluetooth enabled BlackBerry devices • require Bluetooth enabled BlackBerry devices to use Bluetooth encryption on all connections • require Bluetooth enabled BlackBerry devices to prompt the user to type the BlackBerry device password to turn on Bluetooth support • require Bluetooth enabled BlackBerry devices to prompt the user to type the BlackBerry device password to turn on discoverable mode • prevent Bluetooth enabled BlackBerry devices from using the Bluetooth Headset Profile, the Bluetooth Handsfree Profile, or the Bluetooth Serial Port Profile • prevent Bluetooth enabled BlackBerry devices from using wireless bypass over a Bluetooth connection www.blackberry.com