iOS Hardening Configuration Guide - DSD

More documents

Recommendations

Info

Device Security off the Network Once a device is off the data network, then protection of data on the device is determined by how the device implements data protection locally. There can be no referral to a server for policy, or a remote wipe command, if there is no network present. When off the network, the security of the device is determined by: � what policy has been cached locally from Exchange ActiveSync (EAS) or Configuration Profiles; � what the security settings set locally on the device are; � the device’s cryptographic capabilities; and � the strength of the device passcode. In addition, the device should have been restored to iOS 4 to enable all data protection filesystem features when the passcode is enabled. Device Security on the Network The general principle that applies for all data when the device is on a network, is that wherever possible, all network traffic should be encrypted, noting that all classified network traffic must be encrypted as per the cryptographic fundamentals section in the ISM. This is not merely achieved by turning on a Virtual Private Network (VPN) for all traffic. Typically this involves using a mixture of: � SSL to encrypt connections to specific hosts such as mail servers or management servers that need to be highly reachable; � SSL for any traffic that has sensitive data on it; � a VPN for more general intranet access; � WPA2 with EAP-TLS as a minimum for Wi-Fi security; � 802.1X authentication on Wi-Fi networks combined with Network Access Controls to compartmentalise Wi-Fi access to defined security domains; � a custom, authenticated APN 2 in conjunction with Carriers to compartmentalise 3G data traffic to defined security domains; and � data at rest encryption on mobile devices and servers they connect to. Apple Push Notification Service Many apps and services associated with iOS devices take advantage of the Apple Push Notification Service (APNS). APNS allows digitally signed application identifiers to be sent small notifications, such as updating the badge on an icon, playing an alert tone, or displaying a short text message. Examples of apps that may use APNS include push email notification, Mobile Device Management (MDM) servers, and iOS client/server applications that are able to execute in the background (e.g. VOIP apps, streaming audio apps, or apps that need to be location aware). When APNS is used by an MDM server, it is a simple ping to the MDM agent on the device to “phone home” to its parent MDM server instance, and exchange XML queries and responses inside an SSL tunnel. 2 Access Point Name (APN) See your carrier for more detail. 7 | D efence Signals Directorate
The fireewall rules aapplied to th he devices, APN subne et, and VPN N subnet, ass well as the e EAS, MDM seerver in thee DMZ, shou uld allow acccess to the e APNS for these t servicces to work k. Data RRoaming Data rooaming geneerally refers s to a process by which h a device from a speccific carrier’s s networkk can take aadvantage of o the data sservice on a different carrier. c For eexample a device with a SSIM from ann Australian carrier, being used in the US on a US carrieer’s network k and taking aadvantage oof the carrie er’s data infrrastructure. Note that roaming r neeed not be internattional; in some countrie es carriers wwith differen nt coverage e areas mayy allow some data roamingg to avoid innfrastructure e duplicatioon. There aare two main risks asso ociated withh data roam ming: � � When roamming interna ationally, theere are both h implied an nd actual lowwer levels of o trust with the levvel of eaves sdropping and traffic an nalysis occu urring on thee foreign ne etwork. As soon ass traffic goes s internationnal, it is ofte en not subje ect to privaccy and cons sumer protection rrequirements in the same way as purely dom mestic commmunications in the host countrry. It is incorrect to assume that rig ghts protect ting individuual’s privacy y are uniform inteernationally y. If data roamming is switc ched off forr cost mana agement, the en the devicce is “off the e grid” for manageement and monitoring m cconsoles su uch as EAS, MDM conssoles, or MobileMe’ss “Find My iPhone”. In some cases s, private da ata APN caan be preserved across international bo oundaries bbecause of commercial c arrangemeents betwee en carriers - noote that dat ta costs cann still be hig gh. 8 | Defence S ignals Directo rate
Page 1 and 2: iOS Hardening Configuration Guide F
Page 3 and 4: Audience This guide is for users an
Page 5 and 6: Using this Guide The following list
Page 7: Chappter Onne Introoductioon to Mob
Page 11 and 12: ensured, due to both ‘Man-in-the-
Page 13 and 14: Question Comments/Selection Does my
Page 15 and 16: Chapter Two Installing iOS 4 This c
Page 17 and 18: Chappter Thhree Secuurity Feeatures
Page 19 and 20: Find My iPhone user interface Gener
Page 21 and 22: Conteent Filterinng Access to intra
Page 23 and 24: Chapter Four Suggested Policies Thi
Page 25 and 26: Feature Unclassified XX-in-Confiden
Page 27 and 28: � � � Passcode (can be set vi
Page 29 and 30: VPN � IPSec and SSL are DSD Appro
Page 31 and 32: Chapter Six Mobile Device Managemen
Page 33 and 34: Example of approved or re ecommendd
Page 35 and 36: Task Comments Provide staff with tr
Page 37 and 38: Appendix B Configuration Profiles F
Page 39 and 40: Appendix C Sample Scripts This appe
Page 41 and 42: make new VPN payload with propertie
Page 43 and 44: Appendix E Risk Management Guide Th
Page 45 and 46: Firewall Risk Mitigations Implied P

iOS Hardening Configuration Guide - DSD

Create successful ePaper yourself

Delete template?

Save as template?