iOS Hardening Configuration Guide - DSD
iOS Hardening Configuration Guide - DSD
iOS Hardening Configuration Guide - DSD
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Firewall<br />
Risk Mitigations Implied Preconditions<br />
Data compromise via<br />
host computer backup<br />
Data compromise via<br />
Bluetooth<br />
Use of Custom APN on 3G,<br />
802.1X, SSL VPN.<br />
Force encrypted profile onto device,<br />
User education, Physical security of<br />
backup host, iTunes in host SOE.<br />
<strong>iOS</strong> 4.3.3 only includes 4 or 6 of the<br />
26 Bluetooth profiles, depending on<br />
device, and specifically does not<br />
include file transfer related<br />
Bluetooth profiles. Included profiles<br />
are for microphone, speakers, and<br />
human input devices, as well as<br />
Apps that use a Bluetooth PAN.<br />
See<br />
http://support.apple.com/kb/HT3647<br />
A custom APN is an<br />
arrangement with your<br />
telephone carrier. This<br />
allows devices on 3G<br />
data to have a<br />
deterministic IP range that<br />
can be more easily<br />
firewalled or proxied.<br />
SSL CA infrastructure to<br />
sign and encrypt profiles<br />
into agency chain of trust.<br />
Potentially allow use of<br />
locked down iTunes<br />
configuration on agency<br />
computers so backup<br />
resides on agency assets.<br />
Apps that share<br />
information via Bluetooth<br />
PAN not approved for use<br />
on devices where this<br />
vector is a concern.<br />
44 | D efence Signals Directorate