0 évaluation0% ont trouvé ce document utile (0 vote)
712 vues4 pages
Go to Settings> Gelleral > Bluetooth Set "Bluetooth" to OFF Disable Location Services Unless Needed Location Services ca n be used by Appli cations on your iOS device 1'0 track yo ur locarion. Secure Safari Settings AuroFill should be di sabled in SaElri. 111i s will prevenr SaEui From storing potentially sensitive contact inf()[marion on your devi ce, s
Go to Settings> Gelleral > Bluetooth Set "Bluetooth" to OFF Disable Location Services Unless Needed Location Services ca n be used by Appli cations on your iOS device 1'0 track yo ur locarion. Secure Safari Settings AuroFill should be di sabled in SaElri. 111i s will prevenr SaEui From storing potentially sensitive contact inf()[marion on your devi ce, s
Droits d'auteur :
Attribution Non-Commercial (BY-NC)
Formats disponibles
Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
Go to Settings> Gelleral > Bluetooth Set "Bluetooth" to OFF Disable Location Services Unless Needed Location Services ca n be used by Appli cations on your iOS device 1'0 track yo ur locarion. Secure Safari Settings AuroFill should be di sabled in SaElri. 111i s will prevenr SaEui From storing potentially sensitive contact inf()[marion on your devi ce, s
Droits d'auteur :
Attribution Non-Commercial (BY-NC)
Formats disponibles
Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
13lucroorh should on ly be rurned on when absolurel)'
essar)'. \X'hcn nor in use, it shoul I be disabled (() prevenr orher devi ces from discovering your iOS device and attempring ro connect ro ir. Go to Settings> Gelleral > Bluctooth Set "Bluetooth" to OFF Disable Location Services Unless Needed Location Services ca n be used by Appli cations on your iOS device 1'0 track yo ur locarion. Unkss rhc.: re is some cri ti cal need rOt" Applic Hi ons to know your location at all times, Loca rion Servi ces shoul d he turned ofl. or I'Oggkd on and oA- onl ), as needed. Go to Sellings ( Setlings > General on iPads ) SCt "Location Services" to OFF Appli cations rhar usc Location Servi cls will ask to ust' Locati on Services rhe first rime rhey arc launched. Consider rhese requesrs ca refull y and only enahl e Location Services when absolurely necessa ry. Secure Safari Settings AuroFill should be di sabled in SaElri. 111i s will prevenr SaEui From storing potentially sensitive contact inf()[marion On your devi ce, sLl ch as usernames and passwords. Go to Settings> Safari Sct "AutoFill" to OFF JavaScripr supporr ca n be disahled ro pn:l'enr m:tliciously crafted JavaScriprs from hatming your iOS dcvice. However, disabling Jav;lScri pt ca n l11ake l11 an), wchsitcs unusabl e, so it ma)' be necessary [0 leavc it on. If it is pracri cal: Go to Settings> Saf.ui Sct "JavaScript" to OFF Cookies ca n comprol11is(; personal informati on and hrowsing habit S. To prevcnr this from happening, disable [hem when possibl e or Sl' t your iOS d ' vice [0 only accept cooki e'S from visited sit cs. The rollowing setting is Llnlikely ro brcak the functiona lit), of most I" 'bsircs: Go to Settings> Safari> Accept Cookies Set "Accept Cookies" to From visited - ---- --..;:;. , - -- -- f .. -- \ I , Secure Mail Settings Ensure rhar all Mail connccrions are encrypred. This requires that your email server support encryption, whi ch most do. \'(/ irhour encryprion supporr, your messages will be sent in rhe clear, whi ch could make it possihle ror someone to i mercepr and read rht'm. Go to Settings > Mail, Contacts, Calendars For each accoullt ill the list: Go to SMTp, sclect a scrvcr lIamc frOIll the list Set "Use SSL" to ON For each accoullt in rhe list: Go to Advanced Set "Use SSL" to ON \X' hcn accessing web mail thl"llugh Sabri , make surc the login page is encrypted hefon: entering your dara. Ir it is encrypted, the URL will starr wirh "Imps" instead of "hnp, " and a lock icon will appear ro the ri ght of the URI.. RenlOle image loading should he disabled in J"bil. 1 hi s can prevenr maliciously craft ed images from harming your iO, device. It will also prevent attackers from linking your network address infor mation [0 your email accou nt. Go to Settings> Mail , Contacts, Set "Load Remote Images" to OrF Consider the iPhone Configuration Utility \Xlith rhe rel ease of iOS 4, some securiry scrrings thar could onl y he 3l'plic.:d through the: iPhone Configuration Utilit), ca n now be found in Scttings > General> Restrictions. -nlis includes disahling the ca mera ri nd built-in iOS applications like and YouTube. For other important setrings. such as rhe abili ty to ("oree encrypted backups, SCt more complex 1'1 Ns, and mabie remote wipes, rht: iPhonc Confi guration Ut ilir), is a frel' tool dla r Apple provides directl), through their website: h np:1 I ww\\'. apple .co m I Sll ppo t-r/i phond en t('rpri sel Full instructions on how to use thi s tool arc provided ar rhl.: sa llll" location. The Information ASSllmnce Mission at NSA Security Tips for Personally Managed Apple iPhones and iPads Systems and Network Analysis Center National Security Agency 9800 Savage Road FI. Meade, MD 20755 htlp:llwww.nS3,gov/snac What This Guide Provides This palllphicr provides sccuriry reCOllllll Cn(bti o ns for personall y managed Apple il'hones and iPads running iOS 4. In [hi., sir u:Hion . rhe IIScr exercises adminisrrarive cnnrrol over the device. whet her the device was purchased hy that use r or by rh e clltcrprisc. 1his pamphlet docs not addr('ss the subsranrial security and confi gurati on iss ues involved wit h deploying or using iOS devices in an enterpri se ('nvironmcnt. Such iss ucs, including the Illanagt' lllent of configuration profiles. network infrasr rtlCllIre settings, to VI' s, and Exchange I\ctiveSync, nrc covered on Apple's websit e :11 h up:1 Iwww. appl e.com/supporr/iphonc/c nterpri se/ . Poli cy settings for [)ep:ntment of (000) and other U.S. Federal GovcrnmclH environmclHs are covcred el sewhere. DoD users should consult 0 1 ' J\ publica tions. Other U.S. Fcdcrnl GovCrnl11elll users should consult N IST puhlica t ions slI ch as SP tlOO-124 r,I/ide/illl's fill Ct,1I P/mll l' 11IIt! I'DA SI'Cllrity and SP XOO-53 Nl'(OIl IlIl /' I/{/L't! Srm rity GIll/trois ;;11' Fedeml llifor/llfitioll S),stCilIS (htrp:llcsrc. n isr .gov/publ icar ions/PuhsSPs.hrlll l). Maintain Physical Security Always mainta in phys ica l control of your iOS device. All L'iectronic dcvi ces are subject to physical att acks, but the ponable nawre of cellular phones and iPads purs rhcm at pani cular ri sk. Publicly availahle rools allow an attacker with phys ica l access ro your devi ce to bypass somc of irs secur ity mechanis ms. ' I he best protection aga inst physical attacks is m ensure that ynur iOS device' never fa ll s into the wrong hands. Consider the ri sks of.storing sensiti ve data on yo ur devi ce. 111is includes corporate infor mati on. credir ca rd numbers. S:l wel passwords, and personal d:ll :l . If" mobil e device hils Ollt of your control, conside r all rhe dal a colllained on it compromised. Apply the Latest Software Updates Always apply the Iatesr software updat es ror iOS. as these include illlporranr security patches. These updates ca n only be applied through :l Inrernct-conll ccred pcrsonal compUter running iTunes. II is the rcs ponsibiliry of rhe individLl aIuscr to ensure that the devi ce has t he int esr wrsion or iOS and iTuncs sofrware. Rcgubrl y check (or sofrwarc updares lor iOS and ror ililllLs. l30th updares will occur each time your iOS dev icc is synced wi rh iTlInes. Only sync your iOS device or insrall iOS updates (rom :1 t rustnI computer. Do Not Jailbreak Your iPhone or iPad ".I:1ilbreaking" is the term [har refers to the proccss of the iOS device's np systcm in violation of the cnd-uscr li c('nse agrecmc nt. Jailbreaking signifi cantl y damages rhe device's abi li ty to n:sist arra<; ks bcca tu' it di sa bles rh e cnforccmclll of code signarurc$, whi ch is an important sccuriry feature. Jailhreaki ng an iPhonc or iPad makes the attacker's joh suhsralHia ll y easier. Most puhlicly released attacks targeted at iOS dcvices re(luire that they first be jailbroken. Another concern relared ro jailbreaking is rhe quality of the tools :lnd appli ca tions provided hy the jailhreaking cOll1nltlniry. 111('se free appli cations are developed wirh littlc oversight and li mircd tes ring. -I hey may include viruses or ot her malwarc, and they may inAi ct lasting harm on your devi ce hy Im:aking it permanentl y or corrupting your elata. Enable Auto-Lock and Passcode Lock ' I he AutO- Lock feature makes the screen lock automati ca ll y after a spc<; ifi ed inacrivit), peri od. Ensure thar Auto-Lock is ac ti vated. 1\ value of 3 minutes or less is recommended. Go to Settings> General> Auto-Lock Set "Auto-Lock" to 3 Minutes By irself, Auto-Lock does not constitute a security feature, but whl'll combined wit h Passcode Luck, it will deler a casual arrcmpt to access your data . Usc rhe Passcode I.ock feamre to assign a four-di git PI N ro your iOS devi ce. With rhe prompr rime scr to " I III III cd i:lIci y" the device will always require entry of the correct PI N in order to unlock rhc sc recn. Go to Settings > General> Passcode LocI< Sct "Passcoclc LocI<" to ON Sct "Require Passcode" to Immediately Note: On the samC' screen, turn off Simple' Passcode 10 cnablc- (u ll alpha- numeric passwords. For addirional secu riry, usc rhe Erase Data fearure {O alluscr-crca red data arter te n I: likd passcode allemprs. ' Ihis feature also greatly increases the time bcrwcen fail ed access arrempl s to slow down more persislenr attackers. Go to SCI( i IIgs > GCllcral > Passcodc LocI< Sct "Erase Data" to ON Do Not Join Untrusted Wireless Networks \Xlhe n possibl e, avoid or limit the USc of wireless networks. \Xl he n nor activel y using wirci ess, turn it uff to prevc llt any accidcnral expos ure. Go to Settings> Wi - Fi Sct "Wi-Fi" to OFF Res iSl the tcmptation ttl usc free \Xli - Fi access points. lhese typically ofte r no prorection for wirelessly rransmined data, meaning that anyone in the vi cinil y could intercept all traffi c. tra nsmirrcd or received. Insread, ifir is absolutely necessary to usc a wireless nctwork, choo." a known one and ensure that its rraffi c is encrypted, prdc rably wirh \XlPA. Prorected networks arc designated in the list of ava ilable networks by a pi crure of a lock nexr to their names. To avoid accidelltall y joining an ulltrusred network, rllrn oO- "Ask to Join etworks." ' Ihis will not prcvcIH your iOS device From reconn 'cting to networks ir has joi ned in rhe past , hut it will rcquire future wirel ess conncctions to be l1lade manually by selecting a nerwork fro m '1 list. Go to Settings> Wi -Fi Set "Ask toJoin Networks" to OFF t ott' : EVt' n i( thi s sell ing is disahled, your phone will still automar icall y rejoin previously visited networks rh ar have nor heen expli citl y forgotten. Another precaUtion is to c hoose 'Torgcr thi s ncrwork" at the end of every wireless session . This will rcduce rhe chance that )'our iOS devi ce may accidclllally join another wireless network wirh the sa me na me. It is important to sek cr this opti on belo re leaving rhe ph)'sica l ra nge of rhe ne rwo rk in qucstion. Otherwise, the network will no longer appear in rhe lisr of available nnworks. and it will not be possible to rClll ()VC it. Go to Settings> Wi -Fi Select a network from the list Set" Forget this nctwork"