Re: [Fed-Talk] Revised iPhone security info
Re: [Fed-Talk] Revised iPhone security info
- Subject: Re: [Fed-Talk] Revised iPhone security info
- From: "Wm. Cerniuk" <email@hidden>
- Date: Tue, 29 Sep 2009 05:49:17 -0400
Along the same lines, I happened to check for the updates to my Anti-
Virus software and found that VirusBarrier can now scan the iPhone and
iPod Touch (!!)
http://www.intego.com/virusbarrier/
Is this unique for cell phones? Can a PC scan a BlackBerry?
V/R,
Wm. Cerniuk
Ph: 703.594.7616
On Sep 28, 2009, at 10:30 PM, Rex Sanders wrote:
I've updated my guidance for iPhone OS 3.1 with the MMS update, and
tested on iPhone 3G and 3GS.
We don't have Apple iPhone Security Guidelines, or an approved STIG,
so I wrote the following information up for interim use.
These settings are based on the CIS "Security Configuration
Benchmark For Apple iPhone OS 2.2.1 Version 1.0.0 March 2009" http://www.cisecurity.org/tools2/iphone/CIS_iPhone_2.2.1_Benchmark_v1.0.0.pdf
using Level 1 settings without the iPhone Configuration Utility
(ICU). References like (CIS 1.1.1) refer to specific sections of the
Benchmark. Additional settings are based on independent USGS
research.
By using Apple's Enterprise deployment tools and MobileMe or
Exchange server, you could implement better iPhone security,
especially remote wipes. We're not using any of those yet, so these
instructions don't cover that.
I know these instructions won't meet everyone's needs, maybe this
will help someone.
-- Rex Sanders, USGS
*** iPhone Firmware Updates
Apple updates iPhone firmware from time to time, including security
fixes. Update your iPhone firmware before you do anything else. You
must keep your iPhone firmware up-to-date. (CIS 1.1.1)
1. Connect your iPhone to a computer running iTunes
2. Launch iTunes
3. In iTunes "Source" list, select your iPhone
4. Click the "Summary" Tab
5. Click "Check for Updates"
6. Download and install the latest software
7. Detach your iPhone from the computer
*** Recommended iPhone security settings
iPhone Home > Settings > Wi-Fi > Ask to Join Networks > OFF (CIS
1.1.5)
iPhone Home > Settings > General > Bluetooth > OFF -- If you don't
use a Bluetooth headset (CIS 1.1.7)
iPhone Home > Settings > General > Auto-Lock > 5 Minutes (CIS 1.1.10)
iPhone Home > Settings > General > Passcode Lock > Turn Passcode On
(CIS 1.1.9)
iPhone Home > Settings > General > Passcode Lock > Require Passcode
> After 15 minutes
iPhone Home > Settings > General > Passcode Lock > Erase Data > ON
(CIS 1.1.12)
iPhone Home > Settings > General > Restrictions > Enable
Restrictions. All settings should be ON except ...
iPhone Home > Settings > General > Restrictions > iTunes > OFF
iPhone Home > Settings > General > Restrictions > Installing Apps >
OFF -- Must turn ON again to install apps
iPhone Home > Settings > General > Home > Double-click the Home
Button for: > Home
iPhone Home > Settings > General > Date & Time > Set Automatically >
ON
iPhone Home > Settings > Mail, Contacts, Calendars > Load Remote
Images > OFF
iPhone Home > Settings > Mail, Contacts, Calendars > Fetch New Data
> Push > OFF
iPhone Home > Settings > Mail, Contacts, Calendars > Manually
iPhone Home > Settings > Mail, Contacts, Calendars > Signature >
Edit to remove "Sent from my iPhone"
iPhone Home > Settings > Phone > Show My Caller ID > OFF
iPhone Home > Settings > Safari > Fraud Warning > ON
iPhone Home > Settings > Safari > Block Pop-ups > ON
iPhone Home > Settings > Safari > Accept Cookies > From visited
iPhone Home > Settings > Safari > Clear History -- Clear by hand
from time to time
iPhone Home > Settings > Safari > Clear Cookies -- Clear by hand
from time to time
iPhone Home > Settings > Safari > Clear Cache -- Clear by hand from
time to time
iPhone Home > Settings > Messages> Show Preview > OFF -- If you get
sensitive SMS messages (CIS 1.1.11)
*** Splash Screen
You should add a splash screen for your iPhone, indicating that the
phone is US Government property, and including your contact
information to help people return a lost iPhone.
Simple, crude version:
1. iPhone Home > Notes
2. Press + in upper left corner to open new note
3. Type in a warning and your contact information, for example:
Property of United States Government
Unauthorized Use Prohibited
Return to:
Jane Doe, Big Government Agency
1600 Pennsylvania Ave
Washington, DC 12345
email@hidden
+1-800-555-1212
4. Take a Screen Shot:
4a. Press and hold Home button at bottom of screen
4b. Press and release Power button on top of iPhone.
You should hear a shutter snap sound.
5. iPhone Home > Photos > Camera Roll
6. Select the screen shot
7. Tap the image
8. Click the curved arrow button in lower left corner
9. Select "Use As Wallpaper"
10. Move and Scale the image as needed
11. Click "Set Wallpaper"
Want something fancier, with your agency logo? Print it on a sheet
of paper, take a picture with the iPhone, then follow steps 5-11.
Use big fonts!
*** Wiping your iPhone
Before you dispose of your iPhone or give it to someone else at your
agency, you must wipe the old information and settings to prevent
security problems.
Wiping also erases iPhone software updates, so you must update again
after wiping.
If your iPhone is below version 2.0, update before wiping.
To wipe your iPhone:
1. iPhone Home > Settings > General > Reset > Erase All Content and
Settings
This will take a few hours on iPhone and iPhone 3G, few seconds on
3GS
2. Plug your iPhone into a computer running iTunes
3. In iTunes "Source" list, select your iPhone
4. Click the "Summary" Tab
5. Click "Check for Updates"
6. Download and install the latest software
7. Detach your iPhone from the computer
*** iPhone info from Apple
Apple iPhone User Guide
http://manuals.info.apple.com/en_US/iPhone_User_Guide.pdf
Apple iPhone Enterprise Support web site, including tools for
managing iPhone settings.
http://www.apple.com/support/iphone/enterprise/
Apple iPhone Enterprise Deployment Guide
http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden