Scribd Logo
Upload

Welcome to Scribd!

  • Iphone Vs BlackBerry-Lee Neely

    Uploaded by

    Pooja Agarwal
    19 views13 pages
    LLNL Users are asking for the iPhone LLNL BlackBerry implementation not production Claims were made the iPhone can be implemented for "free" Rumors of using personally owned iPhones doing LLNL work. LLNL-PRES-412835 "Consumer" device nominal security Lots of "new and cool" apps Optimized for individual management Runs a version of Mac OS X GSM / Wi-Fi AT&T service only 4.

    Original Description:

    Original Title

    iPhone vs BlackBerry-Lee Neely

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    LLNL Users are asking for the iPhone LLNL BlackBerry implementation not production Claims were made the iPhone can be implemented for "free" Rumors of using personally owned iPhones doing LLNL work. LLNL-PRES-412835 "Consumer" device nominal security Lots of "new and cool" apps Optimized for individual management Runs a version of Mac OS X GSM / Wi-Fi AT&T service only 4.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views13 pages

    Iphone Vs BlackBerry-Lee Neely

    Uploaded by

    Pooja Agarwal
    LLNL Users are asking for the iPhone LLNL BlackBerry implementation not production Claims were made the iPhone can be implemented for "free" Rumors of using personally owned iPhones doing LLNL work. LLNL-PRES-412835 "Consumer" device nominal security Lots of "new and cool" apps Optimized for individual management Runs a version of Mac OS X GSM / Wi-Fi AT&T service only 4.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    Lawrence Livermore National Laboratory

    iPhone vs. BlackBerry:


    young upstart meets old standard
    June 2, 2009

    Lee Neely
    CISSP, MSP ISSO
    Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344

    LLNL-PRES-412835

    Why are we here?


    LLNL Users are asking for the iPhone LLNL BlackBerry implementation not production Claims were made the iPhone can be implemented for free Rumors of using personally owned iPhones doing LLNL work

    Lawrence Livermore National Laboratory


    LLNL-PRES-412835

    Examine the devices


    Basic assumptions Corporate email/VPN pre-exists ActiveSync/Exchange on internal network Blackberry Enterprise Server (BES) can reach Internet Not looking at illegal device configurations What to look at: Device focus Device startup Device configuration status Device security settings
    Lawrence Livermore National Laboratory
    LLNL-PRES-412835

    Device Focus
    BlackBerry iPhone

    Corporate device Many security features Business applications new app store released Optimized for centralized management Runs device specific software CDMA/GSM/Wi-Fi Verizon/AT&T/Sprint/etc.
    Lawrence Livermore National Laboratory
    LLNL-PRES-412835

    Consumer device Nominal security Lots of new and cool apps Optimized for individual management Runs a version of Mac OS X GSM/Wi-Fi AT&T service only
    4

    Device Startup minimal impact


    BlackBerry Use Blackberry Internet Service (BIS) to get mail to device user configures If using Wi-Fi, use VPN to reach corporate apps Time
    Per device ten minutes Pre-setup nominal

    iPhone
    Configure built-in VPN to access corporate network (Configuration can be sent to device) Device accesses existing services user configures
    ActiveSync if Exchange POP/IMAP services if using Web Applications

    Time
    Per device ten minutes Pre-setup configuration setting file (optional)

    Lawrence Livermore National Laboratory


    LLNL-PRES-412835

    Device Startup full corporate integration


    BlackBerry
    Install and configure BES Enterprise Activate device
    Email/Calendar/etc. configured Applications pushed/white listed

    iPhone
    Create configuration w/iPhone Configuration Utility (ICU) and deploy to secure web server in DMZ Edit iPhone policies in Exchange (optional) Install and configure ActiveSync in DMZ User finalizes configuration (Username/Passwords) Time
    Per device two minutes Pre-setup configuration, ActiveSync, etc.

    Corporate application access depends on MDS Time


    Per device enterprise activation time (5-20 minutes) Pre-setup BES
    Lawrence Livermore National Laboratory
    LLNL-PRES-412835

    Simplified Infrastructure: Exchange access

    Lawrence Livermore National Laboratory


    LLNL-PRES-412835

    Simplified Infrastructure: Application access

    Lawrence Livermore National Laboratory


    LLNL-PRES-412835

    Where does that leave you?


    BlackBerry Managed when connected to BES which is full time Continuous user content push Immediate access to corporate applications Security policies permanent
    Lawrence Livermore National Laboratory
    LLNL-PRES-412835

    iPhone
    Managed when it can reach ActiveSync (VPN, DMZ, or hole in firewall.) User content updates only when it can reach ActiveSync DMZ solves Access to corporate applications when VPN connected. Settings can be removed deletion removes data

    Security Features
    Function
    Secure Contents Security Configuration store Communication Model Live Policy Updates Wipe Inactivity Lock Remote Lock Sync email/calendar/notes Encrypted communications Web Browser functionality Access to internal Net

    BlackBerry
    Content Encryption (memory card separate) BES Device connects to RIM then to BES, BES is corporate gateway. BES provides continuous connection tight coupling Yes, Remote or manual - BES initiates has DOD spec wipe. Memory card separate BES configures Yes, BES initiates Via BES Certificate Exchange PKI protects end-toend MDS provides gateway, some applications work, BES admin must configure BES /MDS

    iPhone
    Need application e.g.: Sybase iAnywhere Mobile Office Suite Exchange Policies/iPhone Configuration Utility (ICU) Device connects to ActiveSync over VPN and/or Internet. VPN for corporate apps When ActiveSync is reachable, over VPN or Internet loosely coupled Yes, remote must be connected to ActiveSync, manual has erase option. Policy can be pushed from ActiveSync N/A Via ActiveSync ActiveSync server connected via SSL. IPSec VPN to corporate network. Business Applications work, need VPN or gateway, device configured Need VPN or gateway device configured

    Lawrence Livermore National Laboratory


    LLNL-PRES-412835

    10

    Security Features cont.


    Function
    Configuration S/MIME Wireless

    BlackBerry
    BES pushes to device Works- with right SW, and exportable cert. WEP, WPA personal & enterprise, WPA2 personal & enterprise IPSec VPN some models works with Wi-Fi, not required with BES/MDS Remove Battery BES/MDS (Centralized) BES or Desktop Manager Business user Many business focus. Can control tightly.

    iPhone
    Policy can be pushed from ActiveSync Need application e.g.: Sybase iAnyware Mobile Office Suite WEP, WPA personal & enterprise, WPA2 personal & enterprise, 802.1X EAP, PEAP & LEAP Cisco IPSec, L2TP/IPSec, PPTP Only option is airplane mode VPN (Decentralized) or ICU configuration iTunes SW update Consumer Many consumer focused. Issue of personally licensed software and introduction of Malware No limit

    VPN L/Q Building Startup Device Management and Software Updates Target Audience Applications

    Application restrictions

    Lock w/BES, white list

    Lawrence Livermore National Laboratory


    LLNL-PRES-412835

    11

    Conclusion
    BlackBerry
    Moderate setup Moderate entry fee Strongly managed Always on synchronization Structured device software updates BES or Desktop Software can restore configuration Limited application compatibility you may need a laptop for full functionality Content protection or S/MIME support -native
    Lawrence Livermore National Laboratory
    LLNL-PRES-412835

    iPhone
    Quick Startup Low entry fee Loosely managed Syncs when ActiveSync reachable Immediate device software updates iTunes can restore configuration (from desktop) High degree of application compatibility are able to run most business apps/webmail. Content protection or S/MIME support additional application.

    12

    Questions?

    My contact information: Email: neely1@llnl.gov Phone: (925) 422-0140


    Lawrence Livermore National Laboratory
    LLNL-PRES-412835

    13

    You might also like