iOS Hardening Configuration Guide - DSD

More documents

Recommendations

Info

For further information consult the following resources: � Apple Product Security website (www.apple.com/support/security/)—access to security information and resources, including security updates and notifications. � An RSS feed listing the latest updates to Snow Leopard Server documentation and on screen help is available. To view the feed use an RSS reader application: feed://helposx.apple.com/rss/snowleopard/serverdocupdates.xml � Developer documentation is available from developer.apple.com/iphone. Registered developers get access to WWDC session videos and PDF documents. Free registration allowing access to documentation and developer SDK is available. � Apple Product Security Mailing Lists website (http://lists.apple.com/mailman/listinfo/security-announce)—mailing lists for communicating by email with other administrators about security notifications and announcements. � iPhone, iPad and iPod Touch manuals (http://support.apple.com/manuals) —PDF versions of all product documentations. � iPhone, iPad and iPod Touch user guides - available as HTML5 web applications that work offline on the devices (http://help.apple.com/iphone, http://help.apple.com/ipad, http://help.apple.com/ipodtouch). � iPhone in Business website (http://www.apple.com/iphone/business/integration/)— reference point for all enterprise related documentation for iOS integration. � Apple Developer Website (http://developer.apple.com) registration required, contains extensive information on enterprise deployment of iOS devices, developer documentation on APIs and programming techniques for both web based and native iOS applications. � iOS Enterprise Deployment Articles - (http://developer.apple.com/library/ios/) – provides a detailed reference on a variety of enterprise deployment themes. These can be found in the iOS Developer Library under the “Networking & Internet” – “Enterprise Deployment” topic. � Apple Discussions website (http://discussions.apple.com)—a way to share questions, knowledge, and advice with other administrators. � Apple Mailing Lists website (http://www.lists.apple.com)—subscribe to mailing lists so you can communicate with other administrators using email. � Open Source website (http://developer.apple.com/opensource/)—access to Darwin open source code, developer information, and FAQs. 5 | D efence Signals Directorate
Chappter Onne Introoductioon to Mobile M DDevice e Secur rity Arcchitecture Mobile devices faace the sam me securitty challenges as traditional deskktop comp puters, but theeir mobility means the ey are alsoo exposed to a set of risks quitee different to t those oof a compuuter in a fix xed locationn. This chapter providdes the plan nning stepss and archite ecture cons siderations nnecessary to t set up a seecure enviroonment for mobile m devicces. Much of o the conte ent in this chhapter is pla atform agnostic, but somee detail is written w to speecific featur res available e in iOS 4. Not all of th hese options discussed will be exer rcised in all environme ents. Agenc cies need too take into account a their owwn environmment and co onsider theirr acceptable e level of re esidual risk. Assummptions This chapter makees some bas sic assumpttions as to the t pervasiv ve threat ennvironment: � � � � � 1 Althoug at some po all radiated all convent channel 1 oint, there will w be no neetwork connection present; communication from tthe device has h the pote ential to be monitored; ional locatio on, voice annd SMS/MM MS commun nications aree on an inse ecure ; certain infraastructure supporting s mmobile devic ces can be trusted; andd carrier infraastructure cannot alwayys be truste ed as secure in all counntries. gh GSM for eexample is encrypted e on some carrie er networks, it is not encry rypted on all, and some off the GSM enncryption algorithms suchh as A5/1 on 2G networks are vulneraable to attack k with rainbow tables. Withh moderate re esources, it is also feasib ble to execute a MITM atttack against GSM voice annd have the MMITM tell clie ent devices too drop any GSM G encryption. 6 | Defence S ignals Directo rate
Page 1 and 2: iOS Hardening Configuration Guide F
Page 3 and 4: Audience This guide is for users an
Page 5: Using this Guide The following list
Page 9 and 10: The fireewall rules aapplied to th
Page 11 and 12: ensured, due to both ‘Man-in-the-
Page 13 and 14: Question Comments/Selection Does my
Page 15 and 16: Chapter Two Installing iOS 4 This c
Page 17 and 18: Chappter Thhree Secuurity Feeatures
Page 19 and 20: Find My iPhone user interface Gener
Page 21 and 22: Conteent Filterinng Access to intra
Page 23 and 24: Chapter Four Suggested Policies Thi
Page 25 and 26: Feature Unclassified XX-in-Confiden
Page 27 and 28: � � � Passcode (can be set vi
Page 29 and 30: VPN � IPSec and SSL are DSD Appro
Page 31 and 32: Chapter Six Mobile Device Managemen
Page 33 and 34: Example of approved or re ecommendd
Page 35 and 36: Task Comments Provide staff with tr
Page 37 and 38: Appendix B Configuration Profiles F
Page 39 and 40: Appendix C Sample Scripts This appe
Page 41 and 42: make new VPN payload with propertie
Page 43 and 44: Appendix E Risk Management Guide Th
Page 45 and 46: Firewall Risk Mitigations Implied P

iOS Hardening Configuration Guide - DSD

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?