A Security System That Changed The World


Published on

Enterprise data is a valuable corporate asset, and therefore ensuring it’s over integrity is an issue of superior business cycle model to any commercial or government organization.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

A Security System That Changed The World

  1. 1. BASICS A Security System That Changed The World Enterprise data is a valuable corporate asset, and therefore ensuring it’s over integrity is an issue of superior business cycle model to any commercial or government organization. What you will learn… What you should know… • Design of BlackBerry Enterprise Solution • basic knowledge about networking • Mobile malware tendency S ecurity is the cornerstone of the BlackBerry In opposition to BES environment where the end-users legendary security system, allowing users to have an amount of control, but security is usually confidently access sensitive information at all performed by the enterprise by an IT Policy. Here’s a times. custom list of BES features, from RIM: The BlackBerry devices, BlackBerry-enabled devices and supporting technology are developed by Research • Wirelessly synchronize their email, calendar, In Motion (RIM), a Canadian software and hardware contacts, notes and tasks company based in Waterloo, Ontario. • Manage email folders and search email on the mail Special selling feature is that it provides an server remotely integrated wireless messaging system, providing • Book meetings and appointments, check availability push email access over cellular wireless networks and forward calendar attachments throughout the world. Another major factor in the • Set an out-of-office reply BlackBerry’s popularity is its comprehensive approach • Edit Microsoft Word, Excel and PowerPoint files to security. BlackBerry devices are diversified, and using Documents To Go can be used for a various functions including such • Access files stored on the company network ordinary functions like telephony, SMS, MMS, email, • Use mobile applications to access business photos, videos, music, and web-browsing amongst systems behind the firewall other things. End-users are divided into two categories. The following table identifies the features available with the BlackBerry Internet Service and the BlackBerry • End-user consumers who bought their own Enterprise Server. BlackBerry devices, who uses BlackBerry Internet BlackBerry smartphone applications include inherent Service (BIS) virus protection and spyware protection that is designed • Enterprise end-users who are given the use of a to contain and prevent the spread of viruses and spyware BlackBerry by their employers with another service to other applications. Application controls are available on called BlackBerry Enterprise Solution (BES). BlackBerry smartphones that are running on a BlackBerry Enterprise Server or on the BlackBerry Internet Service. The first environment make an end-users are BlackBerry smartphone users can use the application responsible for the any security measure configuration. controls on their BlackBerry smartphones to prevent the10 02/2011
  2. 2. A Security System That Changed The Worldinstallation of specific third-party applications and to limit mobile users with access to email, enterprise instantthe permissions of third-party applications. messaging and personal information management tools. All data between applications and BlackBerryBlackBerry Enterprise Solution smartphones flows centrally through the server.The BlackBerry Enterprise Solution (consisting of a Learn more about BlackBerry integration withBlackBerry smartphone, BlackBerry Device Software, • IBM Lotus Domino and IBM Lotus SametimeBlackBerry Desktop Software, and the BlackBerry • Microsoft Exchange and Microsoft Office LiveEnterprise Server) is designed to protect organization Communications Server 2005from data loss or alteration while a BlackBerry • Novell GroupWise and Novell GroupWise Messengersmartphone user is sending and receiving, reading and • BlackBerry Smartphones – Integrated wirelesstyping messages and accessing your organization’s voice and data devices that are optimized to workdata over the wireless network using the BlackBerry with the BlackBerry Enterprise Solution. Theysmartphone. In other words solution is designed so provide push-based access to email and data fromthat data remains encrypted at all points between the enterprise applications and systems in addition toBlackBerry smartphone and the BlackBerry Enterprise web, MMS, SMS and organizer applications. LearnServer. Only the BlackBerry Enterprise Server and more about BlackBerry smartphonesthe BlackBerry smartphone can access the data that • Devices with BlackBerry Connect softwarethey send between them, while third-parties, including (BlackBerry-enabled Devices) – Devices availableservice providers, cannot access potentially sensitive from leading manufacturers that feature BlackBerryorganization information in a decrypted format. push delivery technology and connect to the The BlackBerry Enterprise Solution is a flexible, IT- BlackBerry Enterprise Server*.friendly solution that gives mobile users secure wirelessaccess to their enterprise email and business-critical While the BlackBerry technology has a comprehensiveapplications. The key elements of the BlackBerry embedded security system at all levels it’s stillEnterprise Solution architecture include: susceptive to a range of attacks. Attacks, in whatever types, will confer power to design devices are being• BlackBerry Enterprise Server – Robust software backdoored allowing any data (especially confidential that acts as the centralized link between wireless data) to be exported from various blackberry handhelds. devices, wireless networks and enterprise By the way, it’s being used to build covert channels applications. The server integrates with enterprise for attackers, in spite of exploits are digitally signed or messaging and collaboration systems to provide not. Also, the efficiency and success of such attacks �������� ��������� ������� ����� ������� ���������������������������� �������� ������������������ ������� ������������������ ������� ������������������ ������� ������� ������� ��������� ��������� ������� ������� ����������������� ����������������� ���������� ����������� ���������� ���������� ����������� ����������� ������������������� ��������������Figure 1. BlackBerry Enterprise Solutionwww.hakin9.org/en 11
  3. 3. BASICS On The ‘Net • http://docs.blackberry.com/en/admin/deliverables/12077/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Feature_and_ Technical_Overview-T305802-817456-1102035401-001-5.0.1-US.pdf – BlackBerry Enterprise Server for Microsoft Exchange. Ver- sion: 5.0. Feature and Technical Overview, RIM, • http://docs.blackberry.com/en/admin/deliverables/12035/Security_Technical_Overview.pdf – BlackBerry Enterprise Solution Version: 5.0. Security Technical Overview, RIM, • http://www.comscore.com/Press_Events/Press_Releases/2010/2/comScore_Reports_December_2009_U.S._Mobile_Subscriber_ Market_Share/(language)/eng-US – December 2010 U.S. Mobile Subscriber Market Share, comScore, 2010, • http://www.comscore.com/Press_Events/Press_Releases/2010/3/comScore_Reports_January_2010_U.S._Mobile_Subscriber_ Market_Share/(language)/eng-US – January 2010 U.S. Mobile Subscriber Market Share, comScore, 2010, • http://www.comscore.com/Press_Events/Press_Releases/2010/4/comScore_Reports_February_2010_U.S._Mobile_Subscriber_ Market_Share/(language)/eng-US – February 2010 U.S. Mobile Subscriber Market Share, comScore, 2010, • http://www.comscore.com/Press_Events/Press_Releases/2010/9/comScore_Reports_July_2010_U.S._Mobile_Subscriber_ Market_Share – comScore Reports July 2010 U.S. Mobile Subscriber Market Share • http://www.comscore.com/Press_Events/Press_Releases/2010/11/comScore_Reports_September_2010_U.S._Mobile_Subscriber_ Market_Share – comScore Reports September 2010 U.S. Mobile Subscriber Market Share • http://www.comscore.com/Press_Events/Press_Releases/2010/10/comScore_Reports_August_2010_U.S._Mobile_Subscriber_ Market_Share – comScore Reports August 2010 U.S. Mobile Subscriber Market Share • http://www.comscore.com/Press_Events/Press_Releases/2010/12/comScore_Reports_October_2010_U.S._Mobile_Subscriber_ Market_Share – comScore Reports October 2010 U.S. Mobile Subscriber Market Share • http://www.comscore.com/Press_Events/Press_Releases/2010/6/comScore_Reports_April_2010_U.S._Mobile_Subscriber_ Market_Share – comScore Reports April 2010 U.S. Mobile Subscriber Market Share • http://www.comscore.com/Press_Events/Press_Releases/2010/9/comScore_Reports_July_2010_U.S._Mobile_Subscriber_Market_ Share – comScore Reports July 2010 U.S. Mobile Subscriber Market Share • http://www.comscore.com/Press_Events/Press_Releases/2010/7/comScore_Reports_May_2010_U.S._Mobile_Subscriber_Market_ Share – comScore Reports May 2010 U.S. Mobile Subscriber Market Share • http://www.comscore.com/Press_Events/Press_Releases/2010/3/comScore_Reports_January_2010_U.S._Mobile_Subscriber_ Market_Share – comScore Reports January 2010 U.S. Mobile Subscriber Market Share • http://www.comscore.com/Press_Events/Press_Releases/2010/4/comScore_Reports_February_2010_U.S._Mobile_Subscriber_ Market_Share – comScore Reports February 2010 U.S. Mobile Subscriber Market Share • http://www.comscore.com/Press_Events/Press_Releases/2010/5/comScore_Reports_March_2010_U.S._Mobile_Subscriber_ Market_Share – comScore Reports March 2010 U.S. Mobile Subscriber Market Share depends on the configuration of existing security everybody communicates with each other during controls, i.e. Firewall and IT Policy rules (see Figure 1). the past several years. The growing use of it has made a good background for re-engineering range Malware development background of malwares that identical to PC-malware types, like The development of mobile together with wireless viruses, worms, trojans, backdoors, and adwares. technologies has evidently improved the way There were major factors requisite for attack on the Figure 2. ComScore market trend analysis (09.2009 – 10.2010)12 02/2011
  4. 4. A Security System That Changed The WorldTable 1. comScore market trend analysis (09.2009 – 10.2010) Producer September November December January February April 2010 July 2010 October 2009 2009 2009 2010 2010 2010 RIM 42,60% 41,60% 40,80% 43,00% 42,10% 41,10% 39,30% 35,80% Apple 24,10% 25,30% 25,50% 25,10% 25,40% 25,10% 23,80% 24,60% Microsoft 19,00% 18,00% 19,10% 15,70% 15,10% 14,00% 11,80% 9,70% Google 2,50% 5,20% 3,80% 7,10% 9,00% 12,00% 17,00% 23,50% Palm 8,30% 6,10% 7,20% 5,70% 5,40% 4,90% 4,90% 3,90%smartphone. However, it didn’t happen. This was due Displaced Nokia surrendered the initiative to the RIM,to the rapid changing situation on the mobile handset Apple and Google. According to comScore marketmarket. In spite of Symbian was leading for two years trend analysis RIM is in lead (see Table 1).smartphone producers could shift industry-leading Because of security is the cornerstone of theNokia in favour of Windows Mobile (Microsoft) and BlackBerry legendary security system most ofBlackBerry (RIM). consumers prefer BlackBerry smartphones to another Faced with the lack of a market leader in mobile like iPhone or Android. Cursory acquaintance with theoperating systems and as a consequence, the BlackBerry Solution shows us various products andimpossibility of a simultaneous attack on the majority of components that are designed to extend organization’susers, malware writers had to try to solve the problem communication methods to BlackBerry devices.of cross-platform. Solution was the use of Java Micro The BlackBerry Solution is designed to help protectEdition. It’s the well-known fact that almost all modern data that is in transit at all points between a devicephones have Java support and allow you to run Java- and the BlackBerry Server. To help it devices usebased applications that can be easily downloaded from symmetric key cryptography to encrypt the data sentthe Internet. Java-based malware made significant between them. Solution uses confidentiality, integrity,contribution in damage area increasing by involving not and authenticity, which are principles for informationonly smartphones users, but also almost every owner of security, to help protect your organization from dataa mobile phone. loss or alteration. Exemplary malware to do list of realizable actions isbelow: YURY CHEMERKIN Graduated at Russian State University for the Humanities• Spreading via Bluetooth and MMS, (http://rggu.com/) in 2010. At present postgraduate at RSUH.• Sending SMS, MMS, Security Analyst since 2009 and currently works as mobile• Making backdoor background, security researcher in Moscow.• Blocking antivirus actions, E-mail: yury.chemerkin@gmail.com.• Stealing confidential information, etc. Facebook: http://www.facebook.com/people/Yury-Chemerkin/ 100001827345335. a d v e r t i s e m e n t Subscribe to our newsletter and stay up to date with all news from Hakin9 magazine! http://hakin9.org/newsletter