Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Guía de instalación descargar pdf (Pagina 26)

BlackBerry Enterprise Solution Security

BlackBerry architecture component security 26

messaging server continues to receive, deliver, and store all corporate email messages, while the BlackBerry

Enterprise Server acts as a conduit to transfer these messages to and from the BlackBerry device.

BlackBerry configuration database

The BlackBerry services that do not connect to the messaging server directly access the configuration

information that a SQL database (the BlackBerry configuration database) stores. BlackBerry services that might

otherwise require access to the messaging server can access encryption keys and passwords through the

BlackBerry configuration database to perform many tasks.

The BlackBerry configuration database stores the following information:

• BlackBerry Enterprise Server names

• unique SRP authentication keys and unique SRP IDs, or UIDs, that each BlackBerry Enterprise Server uses in

the SRP authentication process to establish a connection to the wireless network

• IT policy private keys of the IT policy public and private key pair that the BlackBerry Enterprise Server

generates for each BlackBerry device

• PIN of each BlackBerry device

• read-only copies of each unique BlackBerry device master encryption key

• user lists

• information contained in the message header that the BlackBerry Enterprise Server sends, for example,

message ID, date, and message status, (BlackBerry Enterprise Server for IBM Lotus Domino only)

• a semi-permanent reference to user data using the GroupWise MessageID in the MBMailSync,

MBCalendarSync, MBPIMSync, and MBFolderSync database synchronization tables (BlackBerry Enterprise

Server for Novell GroupWise only)

Protecting the BlackBerry configuration database

Your environment might benefit from configuring the Microsoft SQL Server for optimal security of the BlackBerry

configuration database and protection of the stored user encryption keys.

Configuration option Recommendations

shield your Microsoft SQL

Server installation from

Internet-based attacks

• Require Windows Authentication Mode for connections to Microsoft

SQL Server to restrict connections to Microsoft Windows® user and

domain user accounts and enable credentials delegation.

Note: Windows Authentication Mode eliminates the need to store

passwords on the client side. However, if you are running BlackBerry MDS

Services, your SQL server must support Mixed Mode authentication.

• Use Windows security enforcement mechanisms such as stronger

authentication protocols and mandatory password complexity and

expiration.

password-protect the service

account

• Assign a string password to your sa account, even on servers that

require Windows Authentication.

Note: A string password is designed to prevent exposure of a blank or weak

sa password if the server is ever reconfigured for Mixed Mode

Authentication.

www.blackberry.com

1 2 ... 21 22 23 24 25 26 27 28 29 30 31 ... 51 52

Comentarios a estos manuales

Sin comentarios

Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Guía de instalación Pagina 26

Comentarios a estos manuales

Relacionado con productos y manuales para Software Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 -