{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

Transcription

1 {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk

2

3 Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling all competitors in the market combined. With the newer models flying off the shelves, the number of ipad owners continues to soar. K-12 has been impacted by ipads from several perspectives. For example, teachers want access to BYOD (bring your own device) programs, and instruction is now being facilitated by the ipad and other tablets. The ipad s ability to engage students is irrefutable, and schools are impacted by everyone s interest in using the device at school. With the introduction of any new technology, however, comes risk. Apple s consumerdriven success has not garnered them many points in the school environment. As such, many district IT departments are reluctant to provision ipads for staff and students. That is about to change. Apple claims that increasing numbers of districts are deploying or piloting the ipad, and the company is working to achieve greater acceptance with the latest update to ios version 7 which adds many educational specific features. The company s updates to the ios have helped achieve that greater acceptance by enhancing many security features, such as enterprise single sign-on. The new ios also includes enhancements to device management and control, including single app mode for classrooms. The recent enhancements and features will foster better adoption and control over district-owned ipads. What follows are answers to some commonly asked questions surrounding the district-wide management of ipads. 1

4 ipad Security for K-12 Understanding & Mitigating Risk How can schools best manage applications at the student level? Once the excitement of getting ipads settles in, the anxiety of managing these devices kicks in. You can do it the hard way (manually), use configuration profiles, or use a mobile device management (MDM) solution. The obvious choice would be to use an MDM. An MDM allows you to simultaneously control and configure a large pool of ipads. Now with the advent of ios 7, Apple has greatly enhanced the management capabilities of ios, allowing far more control than ever before. How? The magical app to do this is the freely available Apple Configurator. This application allows you to create groups of devices and manage each group independently with its own configuration profile. When it comes to application ownership, there are three models: (1.) personal user can install; (2.) institutional district owns application licenses and they are transferrable; and (3.) a layered or shared model where districts and the user can install applications. It is probably safe to say that most districts deploy an institutional model. This model is designed for when ipads are shared between users. The Apple Configurator allows you to purchase and deploy applications, create devices and user groups, create a master or template for a group and push the configuration to other (ipads) in the group, and checkin/check-out devices to users. What authentication parameters are available on the ipad, and can I enforce secure passwords on the ipad centrally? The ipad s newest operating system (ios 7) allows system administrators to employ the same type of authentication parameters used in most information security policies. The following authentication settings are configurable on the ipad: Require passcode on device Allow simple value Require alphanumeric value Minimum passcode length Minimum number of complex characters Maximum passcode age Auto-lock Passcode history Grace period for device lock Maximum number of failed attempts 2 Employing these authentication parameters centrally can be achieved with the use of third-party MDM software. In order to distribute a policy across multiple devices, a

5 Plante Moran configuration profile can be installed on each device that manages security settings. This configuration profile can be protected from alteration by the end user by restricting access to the profile with the use of an administrator password, so only authorized individuals can make changes to the settings. Configuration profiles used in conjunction with MDM allow an administrator to make configuration changes centrally and push the updates out to users without the need of any interaction from the end user. What logging settings are available on the ipad? The ipad does not have built-in logging capabilities; however, with the use of third-party MDM software several different types of activity can be logged and monitored. Applications are available for the ipad that allow districts to centrally log and monitor the following types of activities: Unauthorized attempts to access secure networks Types of devices accessing the network Users authenticating to the network Applications installed on devices GPS location Device information Compliance and security information Should security for mobile devices like the ipad be included in annual security awareness training? The use of devices like the ipad in a school district pose several risks specific to the device (largely due to its mobility) that should be communicated to staff to ensure that the appropriate precautions are taken to secure your district s information. Mobile device security training should be administered to all employees who require the use of mobile devices like the ipad before they are allowed to connect these devices to the district s internal network. 3

6 ipad Security for K-12 Understanding & Mitigating Risk Are there ipad security training programs for IT administrators? Most vendors of MDM software offer training programs for their management systems. In some cases, vendors have created webinars that show the capabilities of their MDM products and, in turn, explain how the products are administered. Can I limit my staff s ability to download apps, or are there any security risks by letting them download whatever they want? End users can be restricted from downloading applications (apps) with the use of MDM software or the built-in parental controls. Most MDM software suites include the ability to completely restrict a user s ability to download apps, and some have options to make only approved apps available for download with the use of a configurable app market. The apps located in the Apple App Store are required to go through a screening process before they enter the market; however, in the past, apps have made it through Apple s code review process only to be later pulled for performing actions that Apple does not permit. This will occasionally occur despite Apple s best efforts. Allowing staff to jailbreak and install any apps they want could result in the propagation of malicious code across your entire network. 4 I am able to provide web filtering within the district, what happens when devices leave our network? Historically this has been a challenge with earlier versions of ios and the ipad. Districts ended up disabling the native web browser, Safari, and utilized third-party application web browsers in order to obtain the needed content filtering. Seeing this need, Apple has implemented low-level web filtering into ios 7 software. This means that all web traffic, irrespective of browser (Safari, Chrome, Dolphin) will be subjected to the enforced content filtering rules on any network. These settings are managed using MDM software and can

7 Plante Moran provide a whitelist and blacklist of sites, as well as the ability to analyze web content in real time to determine its appropriateness. This new functionality gives the district peace of mind that the device can be adequately filtered, regardless of the web browser and network connection. Can ipads be jailbroken like iphones? How do I prevent end users from doing that? Many idevice users may have heard of the term jailbreaking at some point. Jailbreaking allows users to gain full access and bypass built-in security features of the ios software. Jailbreaking utilities such as PwnageTool, redsn0w, and JailbreakMe.com have made it easier for even the least technical user to crack open the ipad and install software through unofficial channels. Districts should understand the potential security threats of jailbroken devices and implement strict controls to prevent it. In addition to restricting a user s ability to install applications, websites, or explicit media content, most MDM software also provides scanning capabilities to detect whether the operating system has been compromised. Also, use of ipads should be included as part of the district s acceptable use policy. Additionally, this risk can be mitigated by keeping the ipad s ios software current as Apple typically finds and resolves issues that enable devices to be jailbroken. Q Does the concept of local administrator apply? Can end users surpass district policies? The ipad s ios software restricts users from creating multiple user accounts. While this may be a limitation in some sense, it also effectively eliminates the risk of end users having local administrator account privileges. As long as devices are appropriately configured and enforced, administrators can be reasonably assured that ipad users cannot bypass district policies. 5

8 ipad Security for K-12 Understanding & Mitigating Risk Is there a secure mechanism for teachers, staff, and students to connect to our internal network remotely? The ipad s built-in VPN client currently supports the following VPN protocols by default: SSL VPN Cisco IPSec L2TP over IPSec PPTP In addition, third-party software can be installed that allows for additional protocol support. ios 7 natively introduces the concept of per-app VPN, which allows individual apps to establish a secure VPN connection and close that connection when it s no longer needed. This feature allows the VPN traffic to be isolated and not exposed to all apps running on the device. How do backups work? How do I ensure backups occur as scheduled? Users can use itunes to synchronize (sync) ipad data onto a laptop or workstation, and vice versa. itunes also creates a backup of ipad data and configurations via the itunes sync process and offers a restore feature for users wishing to return to a previously backed up state. Users can also use the backup and restore features to transfer information from one device to another. It should be noted that itunes keeps only one backup for each device. itunes can be configured to automatically launch the sync process every time an ipad is connected to the computer. Similarly, ipad backups should be configured to require encryption using Apple s iphone Configuration Utility. Apple continues to enhance, expand, and promote its cloud-based solution icloud for data synchronization and backup. The icloud backup service captures not only device-specific settings, but also app data, imessage (or SMS & MMS) data, and can also store your personal files. This data stored in Apple s servers could violate HIPAA HITEC. It is recommended that companies use Apple s configuration utility to disable icloud backups, icloud documents and data, and photo stream. 6

9 Plante Moran Vulnerability Threat Risk Information travels across wireless networks, which are often less secure than wired networks. Mobility provides users with the opportunity to leave district boundaries and thereby eliminates many security controls. Bluetooth technology is very convenient for many users to have hands-free conversations; however, it is often left on and then is discoverable. Unencrypted information is stored on the device. Lost data may affect staff productivity. The device has no authentication requirements applied. The district s IT department is not managing the device. The device allows for installation of unsigned third-party applications. Malicious outsiders can do harm to the district. Mobile devices cross boundaries and network perimeters, carrying malware, and can bring this malware into the district network. Hackers can discover the device and launch an attack. In the event that a malicious outsider intercepts data in transit or steals a device, or if the staff member loses the device, the data are readable and usable. Mobile devices may be lost or stolen due to their portability. Data on these devices are not always backed up. In the event that the device is lost or stolen, outsiders can access the device and all of its data. If no mobile device strategy exists, staff may choose to bring in their own, unsecured devices. While these devices may not connect to the virtual private network (VPN), they may interact with or store sensitive documents. Applications may carry malware that propagates Trojans or viruses; the applications may also transform the device into a gateway for malicious outsiders to enter the district s network. Information interception resulting in a breach of sensitive data, district reputation, adherence to regulation, and legal action. Malware propagation, which may result in data leakage, data corruption, and unavailability of necessary data. Device corruption, lost data, call interception, and possible exposure of sensitive information. Exposure of sensitive data, resulting in damage to the district, students, or staff. Staff dependent on mobile devices unable to work in the event of broken, lost, or stolen devices, and data that are not backed up. Data exposure, resulting in damage to the district and liability and regulation issues. Data leakage, malware propagation, and unknown data loss in the case of device loss or theft. Malware propagation, data leakage, and intrusion on the district s network. Source: ISACA Securing mobile devices,

10 ipad Security for K-12 Understanding & Mitigating Risk Without an enforceable way to require ipad backups, policies and procedures continue to play a significant role in backup management. Districts should communicate to end users the importance of frequent, periodic backups, and discourage the creation and/or storage of confidential or critical information on mobile devices like the ipad whenever possible. A Powerful Possibility There are many things that need to be taken into consideration when looking at incorporating the ipad, but we have to remember that the majority of these security implications will be addressed for any new technology. The main security risk that the ipad poses is its mobility and the decentralization of information, but there are ways to secure it and with business going mobile, this device can be a powerful tool. Districts should be well versed in the security implications an ipad brings to the table but they should also be aware that risks are no greater with the ipad than with any other emerging technology. It appears that this one s here to stay. Sources Apples-iPad/

11 ipad Security for K-12 Understanding & Mitigating Risk Contacts Judy Wright Partner Information Technology Consulting Direct Dial: Mobile: Fax: MARVIN SAUER Principal Information Technology Consulting Direct Dial: Mobile: Fax: SRI CHALASANI Senior Manager Information Technology Consulting Direct Dial: Mobile: Fax:

12 plantemoran.com