Lawrence Livermore National Laboratory Lee Neely CISSP, MSP ISSO LLNL-PRES-412835 Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA.

Slides:



Advertisements
Similar presentations
Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Advertisements

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Impact of the Recent UC Denver Remote Computing Audit May, 2010.
Triple-Layered Security. INHERITED SECURITY User/Group Management Single Sign On Object Level Security Row Level Security File Management ROAMBI SECURITY.
Desktop Central Managing Desktops, Servers & Devices Romanus Prabhu R Technical Account Manager LinkedIn : romanus.prabhu.
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
The Natural way for Secure Mobile v.1.4
Meraki Mobile Device Management
About DataViz, Inc. In business 25 years 13+ years experience in the mobile industry Specializing in Office compatibility for non-Microsoft platforms.
U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.
Riva – Sync Dynamics CRM directly to Exchange Server-side sync | No plug-ins required Trevor Poapst VP Marketing and Sales Riva CRM Integration
Communication Technology Peer Group BLACKBERRY 10: ASKED AND ANSWERED.
Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.
Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.
© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.
IPhone SDK and Enterprise Peter Wood. Enterprise Upcoming iPhone support for Microsoft Exchange ActiveSync and industry-standard corporate security measures.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
MobileFirst Protect 1. MobileFirst Protect (MaaS360) 2 Mobile Device Management Enable and Manage Apple iOS smartphones, and tablets with Apple DEP Gain.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Module 8 Configuring Mobile Computers and Remote Access in Windows 7.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security Current portfolio and looking forward October 2010.
Windows 2003 and 802.1x Secure Wireless Deployments.
Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Unified. Simplified. Unified Communications Launch 2007.
© Aastra – 2013 BluStar for iPad / iPhone September 2013 BluStar for iPad/iPhone.
Your storage on the ground; Your files in the cloud.
PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Deploying and Managing Mobile Devices in the Enterprise.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Microsoft DirectAccess & Work Folders NICHOLAS A. HAY MONROE COUNTY ISD
By: Bill Stevenson Jose Plancarte Erik Magsino. Overview Messaging and collaboration server Send and Receive electronic mail and other forms of interactive.
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
20 21 Remote Wipe.
May l Washington, DC l Omni Shoreham iPhone 2.0, BlackBerry and Windows Mobile Smart-Phone Hosting without Exchange and BES John Davies President.
Deploy Windows Mobile 5 On Exchange 2003 SP2 Mark Mulvany MCT,MCSE,MCSE+I,CNA Microsoft Small Business Specialist SMS&P Breadth Partner Training Specialist.
Riva Integration Server for Salesforce.com Server-side sync | No plug-ins required Wolfgang Berger Business Development EMEA Region Omni Technology Solutions.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
"The majority of users in a typical enterprise simply want frequent, location-independent access to a few key applications, such as , calendar and.
Bridging the CRM User Adoption Gap with Riva Server-side Integration Beyond the Outlook Plug-in Stéphane Zanoni CTO, Head of Research Omni Technology Solutions.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Lawrence Livermore National Laboratory Centralized Desktop Management at LLNL A Major Paradigm Shift CDM David Frye This work performed under the auspices.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
09:45-10:30 – Windows Mobile Update 10:30-11:30 – System Center Mobile Device Manager :30-11:45 - Break 11:45-12:30 -Deploying SCMDM and Customer.
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.
User and Device Management
Deploying Mobility Securely. The Risks It’s just my calendar! Theft and loss Personal device ownership Malicious software Cracking and hacking.
Windows 8 tablets with Intel Core 64-bit processors Windows 8 tablets with Intel Atom 32-bit processors Windows RT tablets with ARM processors.
LO2 Understand the key components used in networking.
20 21 Remote Wipe.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
WIRELESS NETWORK SECURITY By Mohammad Khairul Hazwan Bin Sarihan.
Microsoft Office 365 x The new Office for Small Businesses Robert Clark, LucidPointe Advisors4Advisors Office 365 Webinar Series.
Antony Edwin Keane Inc Ltd
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Mobile Security for QlikView
Phase 4: Manage Deployment
Mobile Security for QlikView
Windows Mobile 2003 For The Enterprise
Server-to-Client Remote Access and DirectAccess
Riva – Sync Dynamics CRM directly to Exchange
SBS 2008 – One year on David Overton
Microsoft Virtual Academy
Presentation transcript:

Lawrence Livermore National Laboratory Lee Neely CISSP, MSP ISSO LLNL-PRES Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344 iPhone vs. BlackBerry: young upstart meets old standard June 2, 2009

2 LLNL-PRES Lawrence Livermore National Laboratory Why are we here?  LLNL Users are asking for the iPhone  LLNL BlackBerry implementation not production  Claims were made the iPhone can be implemented for “free”  Rumors of using personally owned iPhones doing LLNL work

3 LLNL-PRES Lawrence Livermore National Laboratory Examine the devices  Basic assumptions Corporate /VPN pre-exists ActiveSync/Exchange on internal network Blackberry Enterprise Server (BES) can reach Internet Not looking at “illegal” device configurations  What to look at: Device focus Device startup Device configuration status Device security settings

4 LLNL-PRES Lawrence Livermore National Laboratory Device Focus BlackBerry  “Corporate” device  Many security features  Business applications – new app store released  Optimized for centralized management  Runs device specific software  CDMA/GSM/Wi-Fi  Verizon/AT&T/Sprint/etc. iPhone  “Consumer” device  Nominal security  Lots of “new and cool” apps  Optimized for individual management  Runs a version of Mac OS X  GSM/Wi-Fi  AT&T service only

5 LLNL-PRES Lawrence Livermore National Laboratory Device Startup – minimal impact BlackBerry  Use Blackberry Internet Service (BIS) to get mail to device – user configures  If using Wi-Fi, use VPN to reach corporate apps  Time Per device – ten minutes Pre-setup – nominal iPhone  Configure built-in VPN to access corporate network (Configuration can be sent to device)  Device accesses existing services – user configures ActiveSync if Exchange POP/IMAP services if using Web Applications  Time Per device – ten minutes Pre-setup – configuration setting file (optional)

6 LLNL-PRES Lawrence Livermore National Laboratory Device Startup – “full” corporate integration BlackBerry  Install and configure BES  Enterprise Activate device /Calendar/etc. configured Applications pushed/white listed  Corporate application access depends on MDS  Time Per device – enterprise activation time (5-20 minutes) Pre-setup – BES iPhone  Create configuration w/iPhone Configuration Utility (ICU) and deploy to secure web server in DMZ  Edit iPhone policies in Exchange (optional)  Install and configure ActiveSync in DMZ  User finalizes configuration (Username/Passwords)  Time Per device – “two” minutes Pre-setup – configuration, ActiveSync, etc.

7 LLNL-PRES Lawrence Livermore National Laboratory Simplified Infrastructure: Exchange access

8 LLNL-PRES Lawrence Livermore National Laboratory Simplified Infrastructure: Application access

9 LLNL-PRES Lawrence Livermore National Laboratory Where does that leave you? BlackBerry  Managed when connected to BES – which is full time  Continuous user content push  Immediate access to corporate applications  Security policies “permanent” iPhone  Managed when it can reach ActiveSync (VPN, DMZ, or hole in firewall.)  User content updates only when it can reach ActiveSync – DMZ solves  Access to corporate applications when VPN connected.  Settings can be removed – deletion removes data

10 LLNL-PRES Lawrence Livermore National Laboratory Security Features FunctionBlackBerryiPhone Secure ContentsContent Encryption (memory card separate) Need application e.g.: Sybase iAnywhere Mobile Office Suite Security Configuration storeBES Exchange Policies/iPhone Configuration Utility (ICU) Communication Model Device connects to RIM then to BES, BES is corporate gateway. Device connects to ActiveSync over VPN and/or Internet. VPN for corporate apps Live Policy Updates BES provides – “continuous connection” - tight coupling When ActiveSync is reachable, over VPN or Internet– loosely coupled Wipe Yes, Remote or manual - BES initiates –has DOD spec wipe. Memory card separate Yes, remote must be connected to ActiveSync, manual – has erase option. Inactivity LockBES configuresPolicy can be pushed from ActiveSync Remote LockYes, BES initiatesN/A Sync /calendar/notesVia BESVia ActiveSync Encrypted communications Certificate Exchange – PKI protects end-to- end ActiveSync server connected via SSL. IPSec VPN to corporate network. Web Browser functionality MDS provides gateway, some applications work, BES admin must configure Business Applications work, need VPN or gateway, device configured Access to internal NetBES /MDSNeed VPN or gateway device configured

11 LLNL-PRES Lawrence Livermore National Laboratory Security Features cont. FunctionBlackBerryiPhone ConfigurationBES pushes to devicePolicy can be pushed from ActiveSync S/MIMEWorks- with right SW, and exportable cert. Need application – e.g.: Sybase iAnyware Mobile Office Suite Wireless WEP, WPA personal & enterprise, WPA2 personal & enterprise WEP, WPA personal & enterprise, WPA2 personal & enterprise, 802.1X – EAP, PEAP & LEAP VPN IPSec VPN – some models works with Wi-Fi, not required with BES/MDS Cisco IPSec, L2TP/IPSec, PPTP L/Q BuildingRemove BatteryOnly option is airplane mode StartupBES/MDS (Centralized)VPN (Decentralized) or ICU configuration Device Management and Software UpdatesBES or Desktop ManageriTunes SW update Target AudienceBusiness userConsumer ApplicationsMany – business focus. Can control tightly. Many – consumer focused. Issue of personally licensed software and introduction of Malware Application restrictionsLock w/BES, white listNo limit

12 LLNL-PRES Lawrence Livermore National Laboratory Conclusion BlackBerry  Moderate setup  Moderate entry fee  Strongly managed  “Always on” synchronization  Structured device software updates  BES or Desktop Software can restore configuration  Limited application compatibility – you may need a laptop for full functionality  Content protection or S/MIME support -native iPhone  Quick Startup  Low entry fee  Loosely managed  Syncs when ActiveSync reachable  Immediate device software updates  iTunes can restore configuration (from desktop)  High degree of application compatibility – are able to run most business apps/webmail.  Content protection or S/MIME support – additional application.

13 LLNL-PRES Lawrence Livermore National Laboratory Questions? My contact information: Phone: (925)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.