iOS Hardening Configuration Guide - DSD
iOS Hardening Configuration Guide - DSD
iOS Hardening Configuration Guide - DSD
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The fireewall<br />
rules aapplied<br />
to th he devices, APN subne et, and VPN N subnet, ass<br />
well as the e EAS,<br />
MDM seerver<br />
in thee<br />
DMZ, shou uld allow acccess<br />
to the e APNS for these t servicces<br />
to work k.<br />
Data RRoaming<br />
Data rooaming<br />
geneerally<br />
refers s to a process<br />
by which h a device from<br />
a speccific<br />
carrier’s s<br />
networkk<br />
can take aadvantage<br />
of o the data sservice<br />
on a different carrier. c For eexample<br />
a device<br />
with a SSIM<br />
from ann<br />
Australian carrier, being<br />
used in the US on a US carrieer’s<br />
network k and<br />
taking aadvantage<br />
oof<br />
the carrie er’s data infrrastructure.<br />
Note that roaming r neeed<br />
not be<br />
internattional;<br />
in some<br />
countrie es carriers wwith<br />
differen nt coverage e areas mayy<br />
allow some<br />
data<br />
roamingg<br />
to avoid innfrastructure<br />
e duplicatioon.<br />
There aare<br />
two main<br />
risks asso ociated withh<br />
data roam ming:<br />
�<br />
�<br />
When roamming<br />
interna ationally, theere<br />
are both h implied an nd actual lowwer<br />
levels of o trust<br />
with the levvel<br />
of eaves sdropping and<br />
traffic an nalysis occu urring on thee<br />
foreign ne etwork.<br />
As soon ass<br />
traffic goes s internationnal,<br />
it is ofte en not subje ect to privaccy<br />
and cons sumer<br />
protection rrequirements<br />
in the same<br />
way as purely dom mestic commmunications<br />
in the<br />
host countrry.<br />
It is incorrect<br />
to assume<br />
that rig ghts protect ting individuual’s<br />
privacy y are<br />
uniform inteernationally<br />
y.<br />
If data roamming<br />
is switc ched off forr<br />
cost mana agement, the en the devicce<br />
is “off the e grid”<br />
for manageement<br />
and monitoring m cconsoles<br />
su uch as EAS,<br />
MDM conssoles,<br />
or<br />
MobileMe’ss<br />
“Find My iPhone”.<br />
In some cases s, private da ata APN caan<br />
be preserved<br />
across international<br />
bo oundaries bbecause<br />
of commercial<br />
c arrangemeents<br />
betwee en<br />
carriers - noote<br />
that dat ta costs cann<br />
still be hig gh.<br />
8 | Defence S ignals<br />
Directo<br />
rate