ENTERPRISE SECURITY IN ios Lecture 17b

Similar documents
ENTERPRISE SECURITY IN ios Lecture 17b

ipad in Business Mobile Device Management

Vodafone Secure Device Manager Administration User Guide

Apple Device Management

ipad in Business Security Overview

Apple ios Enterprise Mobility Management (cloud based)

AirWatch Container. VMware Workspace ONE UEM

Apple OS Deployment Guide for the Enterprise

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Managing Devices and Corporate Data on ios

If we provide the device, it is managed through Citrix XenMobile Enterprise. If you want access to our internal sites, then you have to be managed

VMware Workspace ONE UEM Integration with Apple School Manager

Salesforce Mobile App Security Guide

Provisioning Mobile Device Manager in the Control Panel. Admin Guide

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Mobile Device Growth 1

Sophos Mobile Control SaaS startup guide. Product version: 7

IOS Device Setup for MDM

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

7P MDM Server x - ios Client Guide 7P Mobile Device Management. Doc.Rel: 1.0/

Securing Today s Mobile Workforce

IPHONE DEP REGISTRATION... 4 IPHONE DEP REGISTRATION... 3

Sophos Mobile in Central

7P MDM Server x - ios Client Guide 7P Mobile Device Management. Doc.Rel: 1.0/

VIRTUSA BYOD PROGRAM

Building a BYOD Program Using Jamf Pro. Technical Paper Jamf Pro or Later 2 February 2018

Sophos Mobile Control startup guide. Product version: 7

The purpose of this document is to help you to get started with your ipad to access Lilly resources such as , calendar, Lilly apps and more.

Sophos Mobile Control SaaS startup guide. Product version: 6.1

Mobile Security using IBM Endpoint Manager Mobile Device Management

Sophos Mobile in Central

VMware AirWatch ios Platform Guide Deploying and managing ios devices

VMware AirWatch ios Platform Guide Deploying and managing ios devices. Workspace ONE UEM v9.4

Pulse Workspace Appliance. Administration Guide

Sophos Mobile. startup guide. Product Version: 8.1

NotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown

Integration with Apple Configurator 2. VMware Workspace ONE UEM 1902

Mobile Device Management. Get more out of ipad and iphone in higher education

What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services

Symantec Mobile Management 7.1 Implementation Guide

Salesforce1 Mobile Security White Paper. Revised: April 2014

Mobility Manager 9.5. Users Guide

How to Secure ipads, Tablets and Android Devices for Corporate Use. John Masserini CISO Dow Jones

The Device Has Left the Building

Enterprise Mobile Management (EMM) Policies

Colligo Briefcase. for Good Technology. Administrator Guide

VMware AirWatch ios Platform Guide Deploying and managing ios devices

Protecting Health Information

Sophos Mobile as a Service

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

VIRTUSA BYOD PROGRAM

ios 12: Change these privacy and security settings now

QuickStart Guide for Mobile Device Management. Version 8.7

This guide illustrates how to set up an Apple device for deployment, and deploy an application. It covers how to:

VMware AirWatch ios Platform Guide Deploying and managing ios devices

2015 Mobiliya. All Rights Reserved Page 2

Application / Document Management. MaaS360 e-learning Portal Course 3

SECURE, CENTRALIZED, SIMPLE

White paper. April Security

VMware Workspace ONE UEM ios Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

Google Identity Services for work

VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments

Managing Windows 8.1 Devices with XenMobile

Sophos Mobile SaaS startup guide. Product version: 7.1

Sophos Mobile as a Service

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Secure. Anytime. Anywhere.

The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management

Student ipad User and Setup Guide

PKI is Alive and Well: The Symantec Managed PKI Service

Delivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE

Salesforce Mobile App Security Guide

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices

The Future of Mobile Device Management

Functionality Restriction Settings for ios

ios Deployment Overview for Enterprise

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Mobile Device Management: Strategies for Success. Speaker: Keith Leone

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Mobile Device Management: A Real Need for the Mobile World

BYOD Business year of decision!

Symantec Mobile Management 7.2 MR1 Implementation Guide

ANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS

BYOD: BRING YOUR OWN DEVICE.

Mobile Device Management 101. Get more out of ipad in Education

Administering Jive Mobile Apps

one_mobile User Guide

Introducing. Introducing...

IBM Lotus Notes Traveler

BlackBerry Dynamics Security White Paper. Version 1.6

Administering Jive Mobile Apps for ios and Android

Eanes ios5 Upgrade Guide

Apple 9L Mac OS X Security and Mobility Download Full Version :

Six steps to control the uncontrollable

Sophos Mobile. startup guide. Product Version: 8.5

3CX Mobile Device Manager

2. Install The AirWatch App Once connected to the internet, download and install the AirWatch MDM Agent app from the Apple App Store.

Go Ahead Bring Your Own Device to Work... 1 Requirements... 1

White Paper Securing and protecting enterprise data on mobile devices

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Transcription:

ENTERPRISE SECURITY IN ios Lecture 17b COMPSCI 702 Security for Smart-Devices Muhammad Rizwan Asghar April 11, 2017

APPLE BUSINESS Apple s ios-based devices have gained popularity among consumers Apple devices are easiest to manage in the enterprise More enterprises have started allowing employees to access and store enterprise data on these devices 2

ENTERPRISE CONCERNS Enterprises have to manage devices that may be used to access or store the sensitive enterprise data Enterprise owned devices Bring Your Own Device (BYOD) This introduces the new security risks, e.g., Misplaced devices Lost devices Stolen devices Basically, the sensitive enterprise data could be at risk 3

ENTERPRISE NEEDS Control over devices by a number of ways Configuring devices (e.g., auto-lock) Managing data and app restrictions (e.g., no access to camera) Applying rules Strong passcode (8 characters) Remote wipe (after 10 tries) Avoiding issues in case of BYOD Users can do unsafe things say, installing/updating third party apps 4

NAÏVE APPROACH IT admins can do configurations manually Unfortunately, there are issues with a manual configuration It is labour-intensive and Error-prone Do we have a better solution? 5

ios CONFIGURATION MANAGEMENT ios-based devices are managed through the creation and installation of configuration profiles These profiles contain settings configured by an administrator for installation on a user s device Configuration profiles are centrally managed using Apple s iphone Configuration Utility (a free utility) Mobile Device Management (MDM) System 6

iphone CONFIGURATION UTILITY A graphical utility for iphone configuration It lets administrators create and manage configuration profiles These profiles can be installed onto ios devices Over a USB connection By sending via email or By hosting them on a web server Issue: not scalable It only manages a limited number of devices 7

MDM SYSTEMS Used to manage a large number of devices Apple offers an MDM system in Lion Server through the Profile Manager service This service works well for Workgroups and Small and Medium-sized Enterprises (SMEs) For large organisations, a commercial third party MDM solution would likely work best 8

CONFIGURATION PROFILES An XML property list file Known as plist Values stored in Base64 The plist data may optionally be signed and encrypted RFC 3852 Cryptographic Message Syntax (CMS) If sensitive information (e.g., a password) has to be sent over a network then it should be encrypted 9

PROFILE METADATA The configuration profile metadata includes The human-readable name Description of the profile Creating organisation Some other fields The configuration payloads are the most important portions of the profile 10

SOME CONFIGURATION PROFILE PAYLOAD TYPES Payload Removal Password Passcode Policy E-mail Restrictions Calendar Subscription VPN WiFi Description Password to remove locked profiles from the device Defines whether a passcode is required to unlock the device and how complex this passcode must be Configures the user s email account Restricts the user from performing certain actions e.g., using the camera Subscribes the user to a shared calendar Specifies a Virtual Private Network (VPN) configuration Configures the device to use the specified 802.11 network 11

CONFIGURATION PAYLOADS Removal password The password needed to turn off the configuration profile Configurations can also be set with Never remove have to clear the device to get rid of it Passcode policy It specifies how complex a passcode should be If there is no existing passcode or the existing one is not complex enough then the user is asked to set a new passcode 12

PASSCODE POLICY Source: ios Hacker s Handbook 13

DISTRIBUTING THE PROFILES USING THE iphone CONFIGURATION UTILITY Puts a root Certificate Authority (CA) in the keychain Each device connected over USB has its certificate created This certificate is used to encrypt configuration profiles It can also use email or the web to send profiles 14

DISTRIBUTING VIA MDM 3 components ios device Source: ios Hacker s Handbook Organisation s MDM server Apple s Push Notification Service (APNS) 15

HOW MDM WORKS A pub-sub model is used in this case The MDM server tells the APNS to publish a notification (on a particular topic) Devices inform the APNS which topics they are subscribing to The notification is sent to the subscribed devices The device then establishes a connection to the MDM server over HTTPS A remote wipe command can be initiated by MDM, Exchange or icloud 16

ENTERPRISE APPS An enterprise provisioning profile can be loaded along with the configuration profile Then, the in-house enterprise apps can be distributed Over The Air (OTA) or through MDM Enterprise provisioning profiles have to be renewed annually 17

THE KILL SWITCH & HARDWARE MODIFICATIONS The kill switch worries some companies What if Apple wants to shut our apps down? Some companies do not trust software restrictions Instead of relying on configuration profiles (say to turn cameras or WiFi off) companies can purchase special hardware (say ipads without cameras or WiFi) 18

SUMMARY Enterprises need to have control over devices which connect to their systems IT admins can do configurations manually, but it is labour-intensive and error-prone Configuration profiles can be installed automatically on devices to enforce policies and manage restrictions These can be distributed and centrally managed through the Configuration Utility or MDM systems 19

RESOURCES White Paper on ios Security https://www.apple.com/business/docs/ios_security_guide.pdf ios Hacker s Handbook Charlie Miller, Dionysus Blazarkis, Dino Dai Zovi, Stefan Esser,Vincenzo Iozzo, Ralf-Philipp Weinmann John Wiley & Sons, Inc., 2012 Apple Device Management https://www.apple.com/ipad/business/it/#management 20

ACKNOWLEDGEMENT Some slides are based on the presentation shared by Robert Sheehan, thanks to him! 21

Questions? Thanks for your attention! 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback