ENTERPRISE SECURITY. ios Security Lecture 5 COMPSCI 702



Similar documents
APPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES

iphone in Business Mobile Device Management

ipad in Business Mobile Device Management

Deploying iphone and ipad Mobile Device Management

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

Deploying iphone and ipad Security Overview

Mobile Device Management Solution Hexnode MDM

Mobile Device Management AirWatch Enrolment ios Devices (ipad, iphone, ipod) Documentation - End User

How to wipe personal data and from a lost or stolen mobile device

Sophos Mobile Control User guide for Apple ios. Product version: 4

Telstra Mobile Device Management (T MDM) Getting Started Guide

TLC 3 Student Mobile Device Configuration Specifications

Sophos Mobile Control User guide for Apple ios

Ensuring the security of your mobile business intelligence

Mobile Iron User Guide

ipad in Business Security

Mobile Device Management ios Policies

User Manual for Version Mobile Device Management (MDM) User Manual

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

MDM User Guide June 2012

iphone in Business Security Overview

eschoolpad for ipad INSTALLATION GUIDE v3.0 Prepared by: Avrio Solutions Company Limited

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

company policies are adhered to and all parties (traders,

Sophos Mobile Control User guide for Apple ios. Product version: 2 Document date: December 2011

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com

Mobile Configuration Profiles for ios Devices Technical Note

Absolute Manage MDM. John Wu Systems Engineer

Vodafone Secure Device Manager Administration User Guide

District 211 Technology. ipad Setup Instructions

ios Enterprise Deployment Overview

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios Devices

Health Science Center AirWatch Installation and Enrollment Instructions For Apple ios 8 Devices

Guidance End User Devices Security Guidance: Apple ios 7

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

Mobile Device Management and Security Glossary

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT

Sophos Mobile Control Startup guide. Product version: 3

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

Sophos Mobile Control Startup guide. Product version: 3.5

BYOD Guidance: BlackBerry Secure Work Space

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

Managing OS X with Configuration Profiles

Getting Started - MDM Setup

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Ensuring the security of your mobile business intelligence

Students Mobile Messaging Registration & Configuration

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

QuickStart Guide for Mobile Device Management

ipad Set Up Guide: Staff! 1 of! 20

Introduction...3. Creating an Apple ID...3. Setting Up Your ipad...4. Connecting to Genesis...4. Setting Up Your ipad...5. ipad Name Change...

ios How to Back Up from icloud

Apple Configurator MDM Site - Review

Creating an Apple APNS Certificate

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

iphone in Business How-To Setup Guide for Users

Copyright 2013, 3CX Ltd.

QuickStart Guide for Mobile Device Management. Version 8.6

1:1 ipad Program Device Setup Guide

Introduction to AirWatch and Configurator

Setting Up groov Mobile Apps. Introduction. Setting Up groov Mobile Apps. Using the ios Mobile App

Rocket Mail Smartphone Configuration Guide. Version 2.0

MDM Mobile Device Management

How To Use An Android Phone With A Microsoft Powerbook 2.5 (Ios) And A Microsatellite (Xen Mobile) Device (For A Free Download) For A Business

Cloud Services MDM. Control Panel Provisioning Guide

1. Set a longer (and stronger) six-digit passcode. 2. Prevent apps from uploading your data

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Cloud Services MDM. ios User Guide

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Mobile App Containers: Product Or Feature?

Bell Mobile Device Management (MDM)

How to configure Mac OS X Server

curbi for Schools Technical Overview October 2014

How To Manage A Mobile Device Management (Mdm) Solution

ManageEngine Desktop Central. Mobile Device Management User Guide

Mobility Manager 9.5. Users Guide

End User Devices Security Guidance: Apple OS X 10.10

Connect for iphone. Aug, 2012 Ver 5.3b AWest. 1 P age

FAQ for ipad (ios 5.x)

Preparing for GO!Enterprise MDM On-Demand Service

Dacorum U3A Apple Mac Users Group Agenda TUESDAY 7th July 2015 Time Machine Backups for your MAC & ipad?

Mobile Device Management

Getting to know your ipad For Beginners

Security for mobile apps

Healthcare Buyers Guide: Mobile Device Management

How to Obtain an APNs Certificate for CA MDM

Cisco Mobile Collaboration Management Service

Deploying iphone and ipad Apple Configurator

Salmon Group, Inc. An 8(a) Certified, Veteran owned company

GO!NotifyLink ActiveSync Solution for ios Devices

Mobile App User's Guide

Kaspersky Security for Mobile Administrator's Guide

Guidance End User Devices Security Guidance: Apple OS X 10.9

Transcription:

ENTERPRISE SECURITY ios Security Lecture 5 COMPSCI 702

APPLE BUSINESS Apple s ios-based devices have gained popularity among consumers 61.2 million handsets sold in Q1 (2015) More enterprises have started allowing employees to access and store enterprise data on these devices 2

ENTERPRISE CONCERNS Enterprises have to manage devices that may be used to access or store the sensitive enterprise data Enterprise owned devices Bring Your Own Device (BYOD) This introduces the new security risks, e.g., Misplaced devices Lost devices Stolen devices Basically, the sensitive enterprise data could be at risk 3

ENTERPRISE NEEDS Control over devices, which access or store the sensitive enterprise data, by a number of ways Configuring devices (e.g., auto-lock) Managing data and app restrictions (e.g., no access to camera) Applying rules Strong passcode (8 characters) Remote wipe (after 10 tries) Avoiding issues in case of BYOD Users can do unsafe things say, installing/updating 3 rd party apps 4

NAÏVE APPROACH IT admins can do configurations manually Unfortunately, there are issues It is labour-intensive and Error-prone Can we have a better solution? 5

ios CONFIGURATION MANAGEMENT ios-based devices are managed through the creation and installation of configuration profiles These profiles contain settings configured by an administration for installation on a user s device Configuration profiles are centrally managed using Apple s iphone Configuration Utility (a free utility) Mobile Device Management (MDM) System 6

iphone CONFIGURATION UTILITY A graphical utility for iphone configuration It lets administrators create and manage configuration profiles These profiles can be installed onto ios devices Over a USB connection By sending via email or By hosting them on a web server Issue: not scalable It only manages a limited number of devices 7

MDM SYSTEMS Used to manage a large number of devices Apple offers an MDM system in Lion Server through the Profile Manager service This service works well for Workgroups and Small-to-Medium-sized Enterprises (SMEs) For large organisations, a commercial 3 rd party MDM solution would likely work best 8

CONFIGURATION PROFILES An XML property list file Known as plist Values stored in Base64 The plist data may optionally be signed and encrypted RFC 3852 Cryptographic Message Syntax (CMS) If sensitive information (e.g., a password) has to be sent over a network then it should be encrypted 9

PROFILE METADATA The configuration profile metadata includes The human-readable name Description of the profile Creating organisation Some other fields The configuration payloads are the most important portions of the profile 10

SOME CONFIGURATION PROFILE PAYLOAD TYPES Payload Removal Password Passcode Policy E-mail Description Password to remove locked profiles from the device Defines whether a passcode is required to unlock the device and how complex this passcode must be Configures the user s email account Restrictions Calendar Subscription VPN Restricts the user from performing certain actions e.g., using the camera Subscribes the user to a shared calendar Specifies a Virtual Private Network (VPN) configuration Wi-Fi Configures the device to use the specified 802.11 network 11

CONFIGURATION PAYLOADS Removal password The password needed to turn off the configuration profile Configurations can also be set with Never remove have to clear the device to get rid of it Passcode policy It specifies how complex a passcode should be If there is no existing passcode or the existing one is not complex enough then the user is asked to set a new passcode 12

PASSCODE POLICY From ios Hacker s Handbook

DISTRIBUTINGTHE PROFILES WITHTHE iphone CONFIGURATION UTILITY Puts a root certificate authority in the keychain Each device connected over USB has its certificate created This certificate is then used to protect the profiles It can then use email or the web to send profiles 14

DISTRIBUTINGVIA MDM 3 components ios device Organisation s MDM server Apple s Push Notification Service (APNS) From ios Hacker s Handbook 15

HOW MDM WORKS A pub-sub model is used in this case The MDM server tells theapns to publish a notification (on a particular topic) Devices inform theapns which topics they are subscribing to The notification is sent The device then establishes a connection to the MDM server over HTTPS A remote wipe command can be initiated by MDM,Exchange or icloud 16

ENTERPRISE APPS An enterprise provisioning profile can be loaded along with the configuration profile Then, the in-house enterprise apps can be distributed over the air or through MDM Enterprise provisioning profiles have to be renewed annually 17

THE KILL SWITCH & HARDWARE MODIFICATIONS The kill switch worries some companies What ifapple wants to shut our apps down? Some companies do not trust software restrictions Instead of relying on configuration profiles (say to turn cameras or Wi-Fi off) companies can purchase special hardware (say ipads without cameras orwi-fi) 18

THE PASSCODE BYPASS BUG February 2013 - ios 6.1 1. Lock device 2. Slide to unlock 3.Tap emergency call 4. Hold sleep button until the power down prompt shows. Click cancel, you will notice the status bar turn blue.type in 911 or your emergency number and click call then cancel it asap so the call does not go through. 5. Lock your device with the sleep button then turn it on using the home button. 6. Slide to unlock then hold the sleep button and in 3 seconds tap emergency call.this will spazz out the phone and cause it to open. [Make sure to continuously hold the sleep button until you are done looking in the phone] It only provided access to the phone function 19

SUMMARY Enterprises need to have control over devices which connect to their systems To enable security-related configuration settings IT admins can do configurations manually, but it is labourintensive and error-prone Configuration profiles can be installed automatically on devices to enforce policies and manage restrictions These can be distributed and centrally managed through the Configuration Utility or MDM systems 20

RESOURCES White Paper on ios Security: https://www.apple.com/business/docs/ios_security_guide.pdf ios Hacker s Handbook: http://www.it-docs.net/ddata/781.pdf Apple Device Management: https://www.apple.com/ipad/business/it/management.html Apple s 61M iphone sale in Q1 2015: http://techcrunch.com/2015/04/27/apples-iphone-sales-q2-2015/ The Passcode Bypass Bug: http://www.macrumors.com/2013/02/14/ios-6-1-bug-enablesbypassing-passcode-lock-to-access-phone-and-contacts/ 21