White paper. April Security

Similar documents
White paper. April Messaging

White paper. April Connectivity

Xperia TM. Read about how Xperia TM devices manage and synchronisation in a corporate IT environment

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

ipad in Business Security Overview

Xperia TM. in Business. Product overview. Read about the enterprise policies and features supported in Xperia devices. March 2018

Xperia TM. in Business. Product overview. Read about the enterprise policies and features supported in Xperia devices.

Sony Xperia Configurator Cloud User Instructions

Video calls. July Keep in touch using voice and video

Setting up Java environment for Project Capuchin development with Sony Ericsson phones

Streaming with Project Capuchin for Adobe Flash Lite developers

Project Capuchin Bridging Flash Lite and Java ME in Sony Ericsson phones

Managing files. July Organize your files

SmartWatch. February Specification. Developer World sonymobile.com/developer

WORKSHARE MOBILE APPS SECURITY OVERVIEW

Releasing an Application for mobile applications in Sony Ericsson phones

SafeNet MobilePKI for BlackBerry V1.2. Administration Guide

Application Security for Java-based BlackBerry Handhelds

ipad in Business Mobile Device Management

SafeNet Authentication Client

McAfee Enterprise Mobility Management 12.0 Software

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Deployment Scenarios June Microsoft Exchange ActiveSync. Standards-based Servers. Virtual Private Networks. Digital Certificates

ipad in Business Deployment Scenarios November 2010 Microsoft Exchange ActiveSync Standards-Based Services Virtual Private Networks

SafeNet Authentication Service

Junos Pulse for Google Android

SafeNet MobilePASS+ for Android. User Guide

Mobility Manager 9.5. Users Guide

Installation and Configuration Guide

One Identity Defender 5.9. Product Overview

StoneGate IPsec VPN Client Release Notes for Version 4.2.0

Quick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.

1 About this document Getting started Text input Network connection Network sharing (Certain models only)...

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

Stonesoft IPsec VPN Client. Release Notes for Version 5.4.1

StoneGate SSL VPN Release Notes for Version 1.2.1

Cisco Desktop Collaboration Experience DX650 Security Overview

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

ipad in Business Deployment Scenarios and Device Configuration Overview April 2010 Microsoft Exchange IMAP, CalDAV, and LDAP

Stonesoft Management Center. Release Notes for Version 5.6.1

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

HUAWEI H30-U10. Quick Start Guide

SafeNet Authentication Service

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Secure & Seamless Remote Device Management

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

StoneGate SSL VPN Release Notes for Version 1.2.0

StoneGate SSL VPN. Release Notes for Version 1.4.5

SafeNet Authentication Service

Bring Your Own Device

SafeNet Authentication Service

StoneGate SSL VPN Release Notes for Version 1.3.1

StoneGate IPsec VPN Client Release Notes for Version 5.0.0

Mobility, Security Concerns, and Avoidance

Terms of Use. Changes. General Use.

Salesforce1 Mobile Security White Paper. Revised: April 2014

KACE GO Mobile App 5.0. Release Notes

SECURE, CENTRALIZED, SIMPLE

StoneGate IPsec VPN Client Release Notes for Version 4.3.1

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

BRING YOUR OWN DEVICE: POLICY CONSIDERATIONS

Endpoint Protection with DigitalPersona Pro

Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management

SafeNet Authentication Client

Stonesoft Firewall/VPN Express. Release Notes for Version 5.5.1

User Guide EMUI / 3.1

HG658d Home Gateway. User Guide HUAWEI TECHNOLOGIES CO., LTD.

Security Enhancements

Startup guide. Xperia C2305. Sony Mobile Communications AB SE Lund, Sweden

Sophos Mobile in Central

Securing Office 365 with MobileIron

StoneGate IPsec VPN Client Release Notes for Version 5.0.1

StoneGate Firewall/VPN How-To Installing and Activating StoneGate FW/VPN in VMware ESX Server

SafeNet Authentication Manager

Compliance Manager ZENworks Mobile Management 3.0.x January 2015

SafeNet Authentication Client

SafeNet Authentication Service

Google Identity Services for work

NotifyMDM Device Application User Guide Installation and Configuration for Android

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

KACE GO Mobile App 3.1. Release Notes

Stonesoft Firewall/VPN Express. Release Notes for Version 5.5.4

Enterprise solution comparison chart

Intune Policies Guide

Release Notes Version 4.1 BlackBerry 7100g BlackBerry 7290 Wireless Handheld

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

KACE GO Mobile App 5.0. Getting Started Guide

RealPresence CloudAXIS Suite Release Notes

What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services

Xperia TM. in Business. Xperia Configurator Cloud. The management tool by Sony Mobile Communications for swift and secure deployment of mobile devices

LiveView micro display Extended User guide

SafeNet Authentication Service

Linksys EA-Series Routers

Stonesoft SSL VPN. Release Notes for Version 1.5.3

Stonesoft Firewall/VPN Express. Release Notes for Version 5.5.2

StoneGate SSL VPN. Release Notes for Version 1.5.0

VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments

Sophos Mobile in Central

OneBridge Mobile Groupware 5.0

VMware Boxer Comparison Matrix for IBM Notes Traveler Compare the features supported by VMware Boxer and AirWatch Inbox

Transcription:

White paper April 2011 Security

This document This Sony Ericsson White paper is intended to give enterprise users an overview of specific smartphone features and provide details in relevant areas of technology. This document contains specifications for Sony Ericsson smartphones launched on Android 2.3 or later. Document history Version April 2011 First released version Version 1 Sony Ericsson website For more information about Sony Ericsson business propositions, go to www.sonyericsson.com This White paper is published by: Sony Ericsson Mobile Communications AB, SE-221 88 Lund, Sweden www.sonyericsson.com Sony Ericsson Mobile Communications AB, 2009-2011. All rights reserved. You are hereby granted a license to download and/or print a copy of this document. Any rights not expressly granted herein are reserved. First released version (April 2011) Publication number: 1252-4077 This document is published by Sony Ericsson Mobile Communications AB, without any warranty*. Improvements and changes to this text necessitated by typographical errors, inaccuracies of current information or improvements to programs and/or equipment may be made by Sony Ericsson Mobile Communications AB at any time and without notice. Such changes will, however, be incorporated into new editions of this document. Printed versions are to be regarded as temporary reference copies only. *All implied warranties, including without limitation the implied warranties of merchantability or fitness for a particular purpose, are excluded. In no event shall Sony Ericsson or its licensors be liable for incidental or consequential damages of any nature, including but not limited to lost profits or commercial loss, arising out of the use of the information in this document. 2 April 2011

Table of contents Introduction...4 Feature overview...4...4 Device security...5 IT policies...5 Specifications...5 Setup...5 Enforce password...6 Setup...6 Application download restriction...6 Network security...7 VPN...7 Specifications...7 Setup...7 SSL/TLS...8 Certificates...8 Specifications...8 Setup...8 Information security...9 Remote wipe...9 Specifications...9 Setup...9 Store information safely...10 Specifications...10 Copy contacts to a SIM card or memory card...10 Copy to a computer...10 Synchronise with a web service...11 Synchronise with Microsoft Exchange Server...11 Trademarks and acknowledgements...12 3 April 2011

Introduction A phone for business must be secure since it may contain not only classified information, but also access to your corporate servers and networks. This document shows what features are available in the Sony Ericsson Android smartphones to protect your smartphone and its contents from unauthorised use and to ensure secure access to your corporate resources. For safe network access, the smartphone supports VPN, SSL/TLS encryption and client certificates. Protect the information in your smartphone by enforcing passwords and PIN codes. You can push your corporate IT policies to the smartphones and manage the security settings remotely from the server. If one of your corporate smartphones are stolen or lost, you can remotely wipe the information in the smartphone and reset it. Then restore all the information to a new smartphone by downloading your previously backed up or synchronised information. There are several options for safely storing and synchronising information. In order to meet the evolving threat landscape, Sony Ericsson is continuously working on improving the security of its products. Feature overview Device security IT policies Enforce password Application download restriction Network security VPN SSL/TLS Certificates Information security Remote wipe Store information safely 4 April 2011

Device security To protect your Sony Ericsson Android smartphone from unauthorised use, you can push and deploy your corporate IT policies into the smartphone, and manage and administrate the settings remotely from the Exchange server. Depending on your corporate policies and needs, you can select different passcode options for your smartphone. Lower the risk of getting malware into your corporate smartphones by setting them to only accept downloads from Android Market. IT policies IT policies are set by an administrator in the Microsoft Exchange Server and dictate, for example, whether the user must enter a password to activate the smartphone, how long the password should be and rules for the combination of numbers and letters. When the smartphone connects to the Microsoft Exchange Server the user is asked to accept the IT policies. If the user accepts, and the smartphone is compliant to the IT policies, the user is permitted access to the server and its contents. Specifications Supported password/it policies Require password Minimum password length Require alpha-numeric password Allow simple password (Microsoft Exchange Server 2007) Number of failed attempts Timeout without user input Setup Your Microsoft Exchange Server should have the option Allow non-provisioned device active for accessing the IT policies. Establish your preferred IT policies on the Exchange server. You can also use a Mobile Device Management solution to push the IT policies to the smartphone. 5 April 2011

Enforce password You can enforce passwords or PIN codes upon the users to secure that the smartphone is only used by the person intended. Set the requirements to suit your company security policy and needs. Setup Activate the Enforce password option on the Microsoft Exchange Server or manually in the smartphone. Then select if you want the users to authenticate themselves to the smartphone with a: password PIN code Passwords ensure a higher security than PIN codes. In the smartphone you can also define a screen unlock pattern. Once defined and set, this pattern must be drawn correctly on the screen by a finger to unlock the phone after an inactivity period. Application download restriction Example of screen unlock pattern Certain downloadable applications can contain malware or other harmful components. You can manage this risk by configuring your smartphone to only accept downloads from Android Market. 6 April 2011

Network security The Sony Ericsson Android smartphone is an efficient work tool that enables you to access your corporate resources and information at any time and place. The smartphone offers secure connections and protected data transmission. VPN Your smartphone contains a VPN (Virtual Private Network) client that provides a secure remote connection to your corporate servers using industry-standard protocols and user authentication. This connection is Internet based. Specifications VPN PPTP (Point-to-Point Tunneling Protocol) L2TP (Layer 2 Tunneling Protocol) L2TP/IPSec PSK (Pre-shared key based L2TP/IPSec) L2TP/IPSec CRT (Certificate based L2TP/IPSec) Setup Your smartphone supports several standard VPN technologies. If your company supports at least one of them, the VPN setup requires no additional network configuration. But you still need to make sure your smartphone supports your specific corporate VPN protocols and authentication methods. Some corporate VPN networks require users to authenticate themselves with certificates before allowing access. Having set this up on the server side, you then need to enter your corporate VPN settings via the general settings in your smartphone. Schematic overview of how a basic VPN connection works. 7 April 2011

SSL/TLS Your smartphone supports HTTPS data encryption over the Internet using the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols, protecting your information during transmission between your corporate server and your smartphone. SSL should be activated on your corporate server to ensure that the smartphones can be used safely in a corporate environment. Certificates A user certificate is a strong and secure authentication method containing information about the user and the certificate authority. Installed on your smartphone it authenticates you as a valid user towards your corporate network. The Sony Ericsson Android smartphones support certificate authentication for access to VPN and Wi-Fi networks. Note that Microsoft Exchange ActiveSync only supports basic authentication. Specifications Authentication certificates x.509 in.p12 or.crt formats Setup Ensure that you have your public key infrastructure configured to support device- and user-based certificates with the corresponding key distribution process. Push the user certificates from the corporate server to the individual smartphones. The user receives and installs it on the smartphone. Certificates can also be downloaded to smartphones, for example, from your corporate website or from prepared memory cards. Certificate-based VPN connections require certificates to be exported from the VPN server and copied to your smartphone. 8 April 2011

Information security Your corporate Sony Ericsson Android smartphone contains a lot of valuable and sometimes sensitive information. Passwords, PIN codes and screen unlock patterns prevent unauthorised use. But to further protect your information the smartphones can have their contents remotely wiped from phone if needed, and you can then use your back up or synchronisation features to restore the information in another smartphone. Remote wipe If a corporate smartphone is stolen or lost, you can initiate a remote wipe from the server and delete the smartphone s contents to make sure important information does not fall into the wrong hands. Consequences of a remote wipe The smartphone is reset with the factory default settings Microsoft Exchange ActiveSync data is erased (email messages, calendar events, contacts) Remote wipe only affects the data in your smartphone. The corresponding data on the Microsoft Exchange Server remains safe and unaffected, as well as data on your memory card. Specifications Remote wipe options Remote wipe tools Remote-initiated data wipe Microsoft Exchange Active Sync Mobile Administration Web Tool Outlook Web Access (Microsoft Exchange Server 2007/2010) Exchange Management Console (Microsoft Exchange Server 2007/2010) Setup Remote wipe is part of the IT policies in your Microsoft Exchange Server. When a connection between your smartphone and your Exchange server is first set up, the IT policies are pushed to the smartphone and implemented if the smartphone is compliant. When the connection is established, you have the possibility to do a remote wipe from the Exchange server. 9 April 2011

Store information safely It s a good idea to have the information in your smartphone synchronised with other media or safely stored in another location as well. This way, the existence of your information is not dependent on a specific device. If you lose your smartphone or if you want to use several smartphones you can easily download your contacts, messages and other important information to a new smartphone. Depending on your needs and your company policies for backing up information, you can choose to store your corporate and personal information in different ways and in different media: Copy contacts to a SIM card or memory card Copy to a computer Synchronise with a web service Synchronise with Microsoft Exchange Server Specifications Computer storage Online storage Sony Ericsson PC Companion Requires Microsoft Windows 7, Vista, or XP (service pack 3 +) Microsoft Exchange Server via Microsoft Exchange ActiveSync Sony Ericsson Sync Google account Copy contacts to a SIM card or memory card You can copy your contacts to the SIM card or to the memory card. If you switch to another phone but use the same cards, this is convenient. In your new phone you then select to copy contacts from a SIM card or memory card. Copy to a computer When connecting your smartphone to a computer with a USB cable you will be able to install and use the PC Companion application on your computer. With PC Companion you can access additional applications to transfer and organise contacts, calendar entries, files, media content and more. 10 April 2011

Synchronise with a web service If you want to back up and store your contacts outside the smartphone, you can use the Sony Ericsson Sync service. Your contacts are stored online, hosted by Sony Ericsson, and available on the web. This is convenient if you lose your smartphone, get a new one or if you want to use your contact list with several phones. After signing in to the designated Sony Ericsson website at www.sonyericsson.com/user, you can just download your list of contacts to any phone. The same principle is valid if you use the Google services for email, contacts and calendar. Then you sign in to your Google account in your smartphone, and the information in your smartphone is synchronised and stored with your Google service. Synchronise with Microsoft Exchange Server The Sony Ericsson Android smartphones use the Microsoft Exchange ActiveSync client to connect with your Microsoft Exchange Server and synchronise with your corporate email, calendar and contacts. Since it s a two-way communication, actions and changes that you perform in the smartphone or on the computer are all immediately reflected in the other device. Your smartphone contains the same information as on your Microsoft Exchange Server, and the server is a safe storage for your corporate email, calendar and contacts. 11 April 2011

Trademarks and acknowledgements The Liquid Identity and Liquid Energy logos and Xperia are trademarks or registered trademarks of Sony Ericsson Mobile Communications AB. Sony, "make.believe" is a trademark or registered trademark of Sony Corporation. Google, Android and Android Market are trademarks or registered trademarks of Google, Inc. Wi-Fi is a trademark or registered trademark of the Wi-Fi Alliance. DLNA is a trademark or registered trademark of the Digital Living Network Alliance. XHTML is a registered trademark of the W3C. Microsoft, Windows, Microsoft Exchange Server, Microsoft Exchange ActiveSync are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks and copyrights are the property of their respective owners. 12 April 2011

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback