View
236
Download
0
Category
Preview:
Citation preview
8/4/2019 iPhone vs BlackBerry-Lee Neely
1/13
Lawrence Livermore National Laboratory
Lee NeelyCISSP, MSP ISSO
LLNL-PRES-412835
Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551
This work performed under the auspices of the U.S. Department of Energy byLawrence Livermore National Laboratory under Contract DE-AC52-07NA27344
iPhone vs. BlackBerry:young upstart meets old standard
June 2, 2009
8/4/2019 iPhone vs BlackBerry-Lee Neely
2/13
2LLNL-PRES-412835
Lawrence Livermore National Laboratory
Why are we here?
LLNL Users are asking for the iPhone LLNL BlackBerry implementation not production
Claims were made the iPhone can be implemented forfree
Rumors of using personally owned iPhones doing LLNLwork
8/4/2019 iPhone vs BlackBerry-Lee Neely
3/13
3LLNL-PRES-412835
Lawrence Livermore National Laboratory
Examine the devices
Basic assumptions Corporate email/VPN pre-exists
ActiveSync/Exchange on internal network
Blackberry Enterprise Server (BES) can reach
Internet Not looking at illegal device configurations
What to look at:
Device focus
Device startup Device configuration status
Device security settings
8/4/2019 iPhone vs BlackBerry-Lee Neely
4/13
4LLNL-PRES-412835
Lawrence Livermore National Laboratory
Device Focus
BlackBerry
Corporate device
Many security features
Business applicationsnew app store released
Optimized for centralizedmanagement
Runs device specificsoftware
CDMA/GSM/Wi-Fi
Verizon/AT&T/Sprint/etc.
iPhone
Consumer device
Nominal security
Lots of new and coolapps
Optimized for individualmanagement
Runs a version of MacOS X
GSM/Wi-Fi
AT&T service only
8/4/2019 iPhone vs BlackBerry-Lee Neely
5/13
5LLNL-PRES-412835
Lawrence Livermore National Laboratory
Device Startup minimal impact
BlackBerry
Use Blackberry InternetService (BIS) to get mail
to device userconfigures
If using Wi-Fi, use VPN toreach corporate apps
Time Per device ten minutes
Pre-setup nominal
iPhone Configure built-in VPN to
access corporate network(Configuration can be sent
to device) Device accesses existing
services user configures ActiveSync if Exchange
POP/IMAP services if using
Web Applications
Time Per device ten minutes
Pre-setup configurationsetting file (optional)
8/4/2019 iPhone vs BlackBerry-Lee Neely
6/13
6LLNL-PRES-412835
Lawrence Livermore National Laboratory
Device Startupfull corporate integration
BlackBerry Install and configure BES Enterprise Activate device
Email/Calendar/etc.
configured Applications pushed/white
listed
Corporate applicationaccess depends on MDS
Time Per device enterprise
activation time (5-20minutes)
Pre-setup BES
iPhone Create configuration w/iPhone
Configuration Utility (ICU) anddeploy to secure web server inDMZ
Edit iPhone policies inExchange (optional)
Install and configureActiveSync in DMZ
User finalizes configuration
(Username/Passwords) Time
Per devicetwo minutes
Pre-setup configuration,ActiveSync, etc.
8/4/2019 iPhone vs BlackBerry-Lee Neely
7/137LLNL-PRES-412835
Lawrence Livermore National Laboratory
Simplified Infrastructure: Exchange access
8/4/2019 iPhone vs BlackBerry-Lee Neely
8/138LLNL-PRES-412835
Lawrence Livermore National Laboratory
Simplified Infrastructure: Application access
8/4/2019 iPhone vs BlackBerry-Lee Neely
9/139
LLNL-PRES-412835
Lawrence Livermore National Laboratory
Where does that leave you?
BlackBerry
Managed whenconnected to BES
which is full time Continuous user content
push
Immediate access to
corporate applications Security policies
permanent
iPhone
Managed when it can reachActiveSync (VPN, DMZ, orhole in firewall.)
User content updates onlywhen it can reachActiveSync DMZ solves
Access to corporateapplications when VPNconnected.
Settings can be removeddeletion removes data
8/4/2019 iPhone vs BlackBerry-Lee Neely
10/1310
LLNL-PRES-412835
Lawrence Livermore National Laboratory
Security Features
Function BlackBerry iPhone
Secure Contents Content Encryption (memory card separate) Need application e.g.: Sybase iAnywhere
Mobile Office Suite
Security Configuration store BES Exchange Policies/iPhone Configuration
Utility (ICU)
Communication Model Device connects to RIM then to BES, BES is
corporate gateway.
Device connects to ActiveSync over VPN
and/or Internet. VPN for corporate apps
Live Policy Updates BES providescontinuous connection -tight coupling
When ActiveSync is reachable, over VPN orInternet loosely coupled
Wipe Yes, Remote or manual - BES initiateshas
DOD spec wipe. Memory card separate
Yes, remote must be connected to
ActiveSync, manual has erase option.
Inactivity Lock BES configures Policy can be pushed from ActiveSync
Remote Lock Yes, BES initiates N/A
Sync email/calendar/notes Via BES Via ActiveSync
Encrypted communications Certificate Exchange PKI protects end-to-
end
ActiveSync server connected via SSL. IPSec
VPN to corporate network.
Web Browser functionality MDS provides gateway, some applications
work, BES admin must configure
Business Applications work, need VPN or
gateway, device configured
Access to internal Net BES /MDS Need VPN or gateway device configured
8/4/2019 iPhone vs BlackBerry-Lee Neely
11/1311
LLNL-PRES-412835
Lawrence Livermore National Laboratory
Security Features cont.
Function BlackBerry iPhoneConfiguration BES pushes to device Policy can be pushed from ActiveSync
S/MIME Works- with right SW, and exportable cert. Need application e.g.: Sybase iAnyware
Mobile Office Suite
Wireless WEP, WPA personal & enterprise, WPA2
personal & enterprise
WEP, WPA personal & enterprise, WPA2
personal & enterprise, 802.1X EAP, PEAP &
LEAPVPN IPSec VPN some models works with Wi-Fi,
not required with BES/MDS
Cisco IPSec, L2TP/IPSec, PPTP
L/Q Building Remove Battery Only option is airplane mode
Startup BES/MDS (Centralized) VPN (Decentralized) or ICU configuration
Device Management and Software Updates BES or Desktop Manager iTunes SW update
Target Audience Business user Consumer
Applications Many business focus. Can control tightly. Many consumer focused. Issue of
personally licensed software and introduction
of Malware
Application restrictions Lock w/BES, white list No limit
8/4/2019 iPhone vs BlackBerry-Lee Neely
12/1312
LLNL-PRES-412835
Lawrence Livermore National Laboratory
Conclusion
BlackBerry Moderate setup
Moderate entry fee
Strongly managed
Always on synchronization Structured device software
updates
BES or Desktop Software canrestore configuration
Limited applicationcompatibility you may need alaptop for full functionality
Content protection or S/MIMEsupport -native
iPhone Quick Startup Low entry fee Loosely managed
Syncs when ActiveSyncreachable Immediate device software
updates iTunes can restore configuration
(from desktop)
High degree of applicationcompatibility are able to runmost business apps/webmail.
Content protection or S/MIMEsupport additional application.
8/4/2019 iPhone vs BlackBerry-Lee Neely
13/1313
LLNL-PRES-412835
Lawrence Livermore National Laboratory
Questions?
My contact information:
Email: neely1@llnl.gov
Phone: (925) 422-0140
mailto:neely1@llnl.govmailto:neely1@llnl.govRecommended