Bayalink Liberty 25 u LBY25 Benutzerhandbuch
Produktcode
LBY25
Bayalink Liberty R1.7 and R2.0 Security and Deployment Overview
Copyright 2009 Bayalink Solutions Corp.
Page 3
Port 3125 – Serves handheld resource calls such as sending and receiving email, making phone calls,
updating the calendar, etcetera. This is the primary port used by the Liberty Viewer.
Port 3126 – Provides HTTP proxy services on the Carrier or WiFi direct backbones. NOTE: this can be
disabled through enterprise IT Policy.
Port 3127 - Provides HTTP proxy services on the BES/MDS backbone enabling secure access to
intranet resources and applications.
Port 3128 – A special port that allows the Liberty Viewer to establish secure Remote Desktop
connections to computers running behind the firewall in the enterprise or to servers on the
Internet as specified by the User.
NOTE: The Liberty Core implements a lightweight firewall that will only allow connections to these ports
from the local machine and in the case of connections on 3125, as mentioned, it only allows connections
from the Liberty Viewer.
Handheld data store access
The latest handhelds have many gigabytes of storage available via removable microSD card technology.
Enterprises concerned with security while compelled to enable their User community to take advantage
of this storage should apply a rigid data security policy. Generally the storage should be encrypted since
it is removable. Further it is recommended that Mass Storage Mode not be enabled for the flash drives.
By allowing mass storage mode the enterprise exposes the possibility of corporate data being
compromised when the handheld is connected to an un-trusted endpoint.
Bayalink Liberty provides secure access to the handheld file stores and makes them available through
Liberty via its Virtual File System technology.
Virtual File System (VFS) services are provided by the Liberty Core and allow the Viewer, browsers, and
Windows Explorer to access the data stores of the handheld in a controlled and secure way. Enterprises
can enable their users for flash storage use, enforce data encryption and turn off mass storage
capabilities yet still allow secure access to the flash storage resources via the Liberty VFS facility. The VFS
can be configured by IT Policy, or by the handheld options otherwise, to set the level of control and
restrictions to the handheld’s file system. As an example you can allow VFS access via the Browser but
not the File Explorer or vice verse, you can require a challenge for authentication when a browser or the
File Explorer attempt to connect to the VFS, among others.
Data Residuals and Leakage
In many deployment scenarios (mostly those where Liberty is being used on an endpoint that is not the
User’s own trusted computer: such as in a lounge or on a plane etcetera) concerns about data being left
behind on the endpoint (Data Residuals) and data unknowingly being “scraped” and sent over the
Internet (Data Leakage) are well understood.