Mobile Admin security with a BlackBerry
There are two types of security available for Mobile Admin: Authentication and Encryption.
Authentication includes your choice of a Microsoft Windows user name and password, Mobile Admin password, or LDAP password as an initial mandatory authentication; BlackBerry smartphone password (optional); and RSA SecurID or RADIUS authentication (optional).
Encryption uses Triple Data Encryption Standard (TDES) or Advanced Encryption Standard (AES) if you are using a BlackBerry Enterprise Server, and HyperText Transport Protocol - Secured (HTTPS) (optional).
You can choose the authentication required to access Mobile Admin. If you select Windows authentication, the administrative access to servers is identical to the Windows user permission and authentication settings for your network. For example, if you are configured to have administrative access to specific servers or services in your network, you will only have administrative access to those servers and services in Mobile Admin.
You must provide your Windows network login name and password to login to Mobile Admin. The Mobile Admin Server can be configured to require a network login every time you open the Mobile Admin Client, or after a time-out interval that you specify.
BlackBerry smartphone password authentication
The BlackBerry smartphone password provides device-level authentication. When the smartphone password feature is enabled on your BlackBerry, you must enter a password before you can use the BlackBerry smartphone.
RSA SecurID authentication
Mobile Admin is an approved RSA-Certified application. Log in using your SecurID token and your secret PIN before using Mobile Admin. For more information about using RSA SecurID Authentication, see the RSA website.
Mobile Admin supports RADIUS authentication. Mobile Admin can act as a RADIUS client or RADIUS device for any type of RADIUS server and authentication system you are using (such as SafeWord).
All data sent between the BlackBerry Enterprise Server and the BlackBerry are encrypted using TDES or AES. The US Government certified TDES and AES as compliant with Federal Information Processing Standards (FIPS). Additionally, if a BlackBerry smartphone is lost, you can use BlackBerry Enterprise Server or the Mobile Admin application on another device to “kill” it remotely—a process that disables and erases the Mobile Admin application.
Mobile Admin allows you to add HTTPS encryption to all data sent between Mobile Admin Server and Mobile Admin clients. This option is recommended for users who decide to use Mobile Admin without BlackBerry Enterprise Server.
For information about how to install Mobile Admin on a BlackBerry, see Installing the Mobile Admin Client software on a BlackBerry smartphone.