The BlackBerry Network Architecture - Case Study Example

BLACKBERRY SECURITY by Introduction The evolution of smartphones has seen a rise to technology advancement beyond human imagination and along it raised a host of security concerns. Generally, smartphones have a wide range of applications the most common of which is business and enterprise purposes. The blackberry, a smartphone designed and distributed by Research in Motion (RIM) limited is no doubt among the leaders when it comes to smartphones. Its ability to integrate seamlessly personal functionalities such as digital entertainment and business such as enterprise emails has made it a favorite in the corporate world, and no doubt a major target for hackers. Blackberry handheld devices run on the Blackberry operating system that supports the use of specialized input devices tailor-made specifically to capture the elite smartphone user (BlackBerry support 2009). Features such as the track pad and most recently, the touch screen give the blackberry devices a unique design and places it a par above its closest rivals in the market. The BlackBerry Network Architecture Network architecture is the layout that includes the hardware, software components, the means of data transfer, and the communication protocols governing data transfer. BlackBerry devices are not merely standalone devices; they are integrated into a complex network that seeks to deliver remotely various services to users. This is convenient especially in an enterprise setting where corporate users need to handle multiple tasks. Basically, blackberry devices connect and with other external devices in four ways. A data cable enables personal computer connectivity via the blackberry enterprise software, this mainly for transfer of files and media. Bluetooth connectivity synchronizes the device with other external devices and can be used to create an ad hoc network for file and resource sharing. Finally, radio and wireless connectivity serve the primary function of voice and data synchronize communication. The BlackBerry wireless, and radio connectivity platform makes it possible for an organization to offer its employees with access to its email servers even when away from the office. Blackberry devices connect wirelessly to networks using various transport architectures, and all devices have a specific transport mode that it associates with. Ultimately blackberry security is best when linked up with the blackberry enterprise server, which is designed specifically cooperate and commercial use. This server allows the smartphone to run on a remote platform with all the essential functionalities stored separate from the device. In essence, the blackberry can successfully be used for corporate business functions, and for personal use without any compromise on data integrity. Wi-Fi transport architecture provides internet connection to mobile devices, of a link to private networks. Through least cost routing, a wireless connection can be configured to allow a device connect to the enterprise server platform. This is because connections via the Wi-Fi transport are considered less expensive compared to other transport architectures like cellular transport. The TCP cellular transport relies on a wireless service provider usually via radio connectivity. Normally configurations are provided by wireless service providers who configure the device based on their infrastructure. Another transport system associated with blackberry devices is the blackberry internet service. In this model, connection is established through the blackberry infrastructure. This automatically qualifies for the least cost routing and can be successfully integrated with the Wi-Fi transport. The blackberry MDS transport essentially is a mix of cellular radio transport and Wi-Fi transport. This transport allows a device to directly link up with its associated BlackBerry enterprise server via Blackberry infrastructure. Connection in this instance can be made using Wi-Fi or mobile radio but, all settings lie on the blackberry platform thus giving access to more features. Finally, the WAP transport is a model that uses radio connection through a service provider’s WAP gateway. Like the cellular transport, configurations are done by either the service provider or device user. BlackBerry Network Operations Centre (NOC) is responsible for handling mobile user data between the cellular network and the internet. Seamless and successful data transfer if maintained by RIM through multiple NOC installations around the world. (Lowe 2013). This also serves as a guarantee to BlackBerrys’ commitment to meeting a global outreach, and a marketing strategy all which has successfully promoted the blackberry as a global brand. The Blackberry Enterprise Server is a middleware software package that acts as an interface between the NOC and the email servers such as Microsoft Exchange Server. It centralizes the management and control of the BlackBerry solutions within an organization. Some of the main functions of the server are: Monitoring users mailbox and determining how new messages will be relayed to the user. Normally, this is done through the application of user defined filters that also act as first line security defense against common malware. BES also encrypts and decrypts user messages before sending to its intended recipient. This way, the security level is further enhanced, and chances of an interception reduced. The BES uses TCP/IP to access the wireless network. It also provides handhelds with TCP/IP connectivity accessed through Mobile Data System (MDS) (BlackBerry 2009) BlackBerry Security BlackBerry devices and their popularity in government offices have put the security of the BlackBerry network services under heavy scrutiny. This is so especially considering the risk that will be created when sensitive documents land in the wrong hands. The safety of high profile and classified information on handheld smartphones has been queried a number of times by critics who argue that, third party systems cannot be entrusted to secure world class data (Granetto 2009). The portability feature that makes the Blackberry and other smartphones convenient also happens to be vulnerability in the sense that they are easily stolen. Case in point, the British Prime Ministers’ aid had his phone stolen in 2008 in a Shanghai disco. Speculation went round that it was an act of a Secret Service agent, and there was concern on whether the device could be used to access the Downing Street server. However, this was not the case as the BlackBerry is designed to uphold high data security even when subjected to compromising situations. This is maintained through various measures implemented by the blackberry team through an array of security features unique to the blackberry smartphones. In the role of communications security officer, the following recommendations will be rife in ensuring security and limiting theft the impact of blackberry devices theft. Enactment of tough password policies should be put in place. This should be done both at the users end, and at the server to limit as much as possible unauthorized access. In addition to passwords, data storage, processing, and access should be specifically done via the enterprise server. This way monitoring tools at the server level can be used to determine who accessed data from a specific device, and their location. Furthermore, all devices should being used by government officials should be serialized, and have a unique identity that can be controlled remotely. This if combined with signed user agreements of blackberry devices will by far limit the obvious theft threat keeping in mind the Blackberry enterprise server is under heavy security (Granetto 2009). Similar recommendations have been made in the IT Security Systems Report for the desired solution for Government of Canada and BlackBerry system. These however had a few additions that would see better more enhanced data protection. Expert advice such as the provision of end-to-end data encryption between the sender, and the recipient were put forward to ensure sensitive material is internally stored in encrypted form. In addition, cryptographic applications used by service providers had to meet the Government requirements before being allowed to transact on delicate data (Government of Canada 2002). The loss of a handheld device containing classified data could result in breach of several laws among them: Exploitation through unorthodox means of sensitive information. In this sense, the attacker gains physical and or logical access to an asset illegally through which they get access to classified data (Defense Information Systems Agency 2011, p. 5). With this information on the categories of vulnerability incase there is loss of a device; it is possible to see what options there are for the prevention of access to high value information. The most common mode of securing data on an already stolen BlackBerry handheld device is remotely erasing all the data or wiping. This can only be done if the device is configured to work with a Blackberry Enterprise Server. However, a complete erasure of a device data can mean losing critical and urgent data. This in essence, will be punishing the dive user and by extension sabotaging their work to a certain degree. Wiping data is also limited by the device configuration in that it can only be performed if the device is remotely accessible, thus making password protection essential and the only defense mechanism for stand-alone devices (Hoffman 2007). In this regard, a device can be designed and configured to store remotely sensitive information such as emails and business contacts in the cloud. This way, not only will the information be secure, but it will also be used as backup in case of failure. After which, Wiping of non-essential data for remote devices can be done by following these simple steps: On the user management menu, click the Manage users item, and on the dialogue box search for the required user account by E-mail or alias. In the search results, select the display Name of the user account, and click. After the user profile loads the information tab, right-click to display the shortcut menu, and select Device Actions. On the menu items that appear, select complete erasure of device data and disable device remotely. Finally, Scroll down to the bottom of the window, and accept the command to completely wipe and disable the device. Ultimately, this will clean the device, and also render it unusable by locking all its functional operations. Reference List BlackBerry Overview, viewed 3 April 2013, http://na.blackberry.com/. BlackBerry Supporforums, 2009, Java Development, viewed 3 April 2013 Defense Information Systems Agency 2011, Blackberry Technology Overview (For Blackberry Enterprise Server 4.1.X & 5.0.X), Version 1, Release 3. Government of Canada 2002, Personal Digital Assistant Vulnerability Assessment (PDA VA) (ITSPSR-18), IT Security Products/ systems Report, Communications Security Establishment (CSE). Granetto, P 2009, Controls Over Information Contained in Blackberry Devices Used Within DoD, DIANE publishing.  Hoffman, D 2007, Blackjacking: Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise, Wiley Publishing, Inc. Lowe, D 2013, Networking All-in-One For Dummies, John Wiley & Sons, Inc. Read More