Apple

On Tue, Sep 29, 2009 at 11:22 AM, Pike, Michael (IHS/NPA) <email@hidden> wrote:

In my opinion (which is all it is), I think AV software on an iPhone is pretty close to uesless. First, apps run in a sandbox, very difficult to do anything outside of your own area.... (one protection measure).. secondly, anything that is on the iPhone has to be approved by Apple... I won't go into much detail, but Apple monitors all of the activity of the software to see if it goes somewhere it shouldn't and I would think reject it.

Those two elements alone are enough for me to feel ok on the phone, and if I ever doubt I will wipe it out.

mike

-----Original Message-----
From: fed-talk-bounces+michael.pike=ihs.gov@lists.apple.com on behalf of Wm. Cerniuk
Sent: Tue 9/29/2009 3:49 AM
To: Rex Sanders
Cc: email@hidden
Subject: Re: [Fed-Talk] Revised iPhone security info

Along the same lines, I happened to check for the updates to my Anti-
Virus software and found that VirusBarrier can now scan the iPhone and
iPod Touch (!!)

http://www.intego.com/virusbarrier/

Is this unique for cell phones? Can a PC scan a BlackBerry?

V/R,
Wm. Cerniuk

Ph: 703.594.7616

On Sep 28, 2009, at 10:30 PM, Rex Sanders wrote:

> I've updated my guidance for iPhone OS 3.1 with the MMS update, and
> tested on iPhone 3G and 3GS.
>
> We don't have Apple iPhone Security Guidelines, or an approved STIG,
> so I wrote the following information up for interim use.
>
> These settings are based on the CIS "Security Configuration
> Benchmark For Apple iPhone OS 2.2.1 Version 1.0.0 March 2009" http://www.cisecurity.org/tools2/iphone/CIS_iPhone_2.2.1_Benchmark_v1.0.0.pdf
> using Level 1 settings without the iPhone Configuration Utility
> (ICU). References like (CIS 1.1.1) refer to specific sections of the
> Benchmark. Additional settings are based on independent USGS
> research.
>
> By using Apple's Enterprise deployment tools and MobileMe or
> Exchange server, you could implement better iPhone security,
> especially remote wipes. We're not using any of those yet, so these
> instructions don't cover that.
>
> I know these instructions won't meet everyone's needs, maybe this
> will help someone.
>
> -- Rex Sanders, USGS
>
>
> *** iPhone Firmware Updates
>
> Apple updates iPhone firmware from time to time, including security
> fixes. Update your iPhone firmware before you do anything else. You
> must keep your iPhone firmware up-to-date. (CIS 1.1.1)
>
> 1. Connect your iPhone to a computer running iTunes
> 2. Launch iTunes
> 3. In iTunes "Source" list, select your iPhone
> 4. Click the "Summary" Tab
> 5. Click "Check for Updates"
> 6. Download and install the latest software
> 7. Detach your iPhone from the computer
>
>
> *** Recommended iPhone security settings
>
> iPhone Home > Settings > Wi-Fi > Ask to Join Networks > OFF (CIS
> 1.1.5)
> iPhone Home > Settings > General > Bluetooth > OFF -- If you don't
> use a Bluetooth headset (CIS 1.1.7)
> iPhone Home > Settings > General > Auto-Lock > 5 Minutes (CIS 1.1.10)
> iPhone Home > Settings > General > Passcode Lock > Turn Passcode On
> (CIS 1.1.9)
> iPhone Home > Settings > General > Passcode Lock > Require Passcode
> > After 15 minutes
> iPhone Home > Settings > General > Passcode Lock > Erase Data > ON
> (CIS 1.1.12)
> iPhone Home > Settings > General > Restrictions > Enable
> Restrictions. All settings should be ON except ...
> iPhone Home > Settings > General > Restrictions > iTunes > OFF
> iPhone Home > Settings > General > Restrictions > Installing Apps >
> OFF -- Must turn ON again to install apps
> iPhone Home > Settings > General > Home > Double-click the Home
> Button for: > Home
> iPhone Home > Settings > General > Date & Time > Set Automatically >
> ON
> iPhone Home > Settings > Mail, Contacts, Calendars > Load Remote
> Images > OFF
> iPhone Home > Settings > Mail, Contacts, Calendars > Fetch New Data
> > Push > OFF
> iPhone Home > Settings > Mail, Contacts, Calendars > Manually
> iPhone Home > Settings > Mail, Contacts, Calendars > Signature >
> Edit to remove "Sent from my iPhone"
> iPhone Home > Settings > Phone > Show My Caller ID > OFF
> iPhone Home > Settings > Safari > Fraud Warning > ON
> iPhone Home > Settings > Safari > Block Pop-ups > ON
> iPhone Home > Settings > Safari > Accept Cookies > From visited
> iPhone Home > Settings > Safari > Clear History -- Clear by hand
> from time to time
> iPhone Home > Settings > Safari > Clear Cookies -- Clear by hand
> from time to time
> iPhone Home > Settings > Safari > Clear Cache -- Clear by hand from
> time to time
> iPhone Home > Settings > Messages> Show Preview > OFF -- If you get
> sensitive SMS messages (CIS 1.1.11)
>
>
> *** Splash Screen
>
> You should add a splash screen for your iPhone, indicating that the
> phone is US Government property, and including your contact
> information to help people return a lost iPhone.
>
> Simple, crude version:
>
> 1. iPhone Home > Notes
> 2. Press + in upper left corner to open new note
> 3. Type in a warning and your contact information, for example:
>
>       Property of United States Government
>       Unauthorized Use Prohibited
>
>       Return to:
>       Jane Doe, Big Government Agency
>       1600 Pennsylvania Ave
>       Washington, DC 12345
>       email@hidden
>       +1-800-555-1212
>
> 4. Take a Screen Shot:
>       4a. Press and hold Home button at bottom of screen
>       4b. Press and release Power button on top of iPhone.
>           You should hear a shutter snap sound.
> 5. iPhone Home > Photos > Camera Roll
> 6. Select the screen shot
> 7. Tap the image
> 8. Click the curved arrow button in lower left corner
> 9. Select "Use As Wallpaper"
> 10. Move and Scale the image as needed
> 11. Click "Set Wallpaper"
>
> Want something fancier, with your agency logo? Print it on a sheet
> of paper, take a picture with the iPhone, then follow steps 5-11.
> Use big fonts!
>
>
> *** Wiping your iPhone
>
> Before you dispose of your iPhone or give it to someone else at your
> agency, you must wipe the old information and settings to prevent
> security problems.
>
> Wiping also erases iPhone software updates, so you must update again
> after wiping.
>
> If your iPhone is below version 2.0, update before wiping.
>
> To wipe your iPhone:
>
> 1. iPhone Home > Settings > General > Reset > Erase All Content and
> Settings
>       This will take a few hours on iPhone and iPhone 3G, few seconds on
> 3GS
> 2. Plug your iPhone into a computer running iTunes
> 3. In iTunes "Source" list, select your iPhone
> 4. Click the "Summary" Tab
> 5. Click "Check for Updates"
> 6. Download and install the latest software
> 7. Detach your iPhone from the computer
>
>
> *** iPhone info from Apple
>
> Apple iPhone User Guide
> http://manuals.info.apple.com/en_US/iPhone_User_Guide.pdf
>
> Apple iPhone Enterprise Support web site, including tools for
> managing iPhone settings.
> http://www.apple.com/support/iphone/enterprise/
>
> Apple iPhone Enterprise Deployment Guide
> http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>Re: [Fed-Talk] Revised iPhone security info (From: "Wm. Cerniuk" <email@hidden>)
	>RE: [Fed-Talk] Revised iPhone security info (From: "Pike, Michael (IHS/NPA)" <email@hidden>)
	>Re: [Fed-Talk] Revised iPhone security info (From: Joel Esler <email@hidden>)