Mobile Admin security
There are several layers of security available for Mobile Admin, including options for both encryption and authentication.
Encryption options include:
- Triple Data Encryption Standard (TDES) or Advanced Encryption Standard (AES) on the BlackBerry® wireless network (if you are using a BlackBerry Enterprise Server with BlackBerry smartphones)
- Virtual Private Network (VPN) encryption (if you are using Android or iOS devices)
- HyperText Transport Protocol - Secured (HTTPS) encryption
If you are using BlackBerry Enterprise Server, all data sent between the BlackBerry server and the BlackBerry device are encrypted using TDES or AES. The U.S. Government certified TDES and AES as compliant with Federal Information Processing Standards (FIPS). Additionally, if a BlackBerry smartphone is lost, you can use the BlackBerry Enterprise Server to “kill” it remotely—a process that disables and erases all contents of the BlackBerry (including the Mobile Admin application).
If you are using VPN, all data sent between the VPN server and these devices can be encrypted with any encryption method is offered by the VPN you have chosen.
Mobile Admin allows you to add HTTPS encryption to all data sent between the Mobile Admin Server and Mobile Admin Clients. HTTPS is HTTP encrypted with the Transport Layer Security (TLS) protocol. This option is highly recommended for BlackBerry users who decide to use Mobile Admin without a BlackBerry Enterprise Server or users of any client without a VPN connection. For more information, see Configuring network access for BlackBerry smartphones, or Configuring network access for Android and iOS Devices. Mobile Admin also supports RSA SecurID two-factor authentication and has been officially approved as an RSA®-Certified application. This option requires users to log in with their RSA SecurID® tokens before they can access Mobile Admin.
For more information about using RSA SecurID Authentication, see the RSA website.
Remote Authentication Dial-In Service (RADIUS) authentication allows Mobile Admin to act as a RADIUS client or RADIUS device for any type of RADIUS server and authentication system you are using (such as SafeWord).
Authentication options include:
- Primary login authentication (required) from a choice of:
- Windows user name and password
- Mobile Admin-specific username and password
- Device-level password (optional)
- RSA SecurID two-factor authentication (optional) (Mobile Admin Professional Only)
- RADIUS authentication (optional) (Mobile Admin Professional Only)
Mobile Admin requires that you choose a primary form of authentication that each user must enter to log in to the Mobile Admin application, no matter what other forms of authentication (such as device-level, or RSA SecurID) you may have configured. You can also configure how frequently the user is required to enter the primary login authentication. For example, you can configure Mobile Admin to require the primary login every time the Mobile Admin Client is opened, or after specified time-out intervals.