This document summarizes a presentation on iPhone and iPad security. It discusses how to configure passcode policy and other restrictions on devices through configuration profiles. It also covers securing data through encryption, securing network communications through VPNs and SSL, and developing secure applications that properly handle authentication, authorization, data storage and cryptography. The presentation warns of risks from jailbreaking devices and accessing unsecured configuration profiles and provides recommendations for addressing these risks.

1. Mobility WebCastiPhone and iPad SecuritySimon GuestDirector, Mobility SolutionsNeudesic, LLCsimon.guest@neudesic.com

2. Common QuestionsI don’t want my employees doing [x]. How do I configure policy?What happens if I leave my device on the [bus|train|plane]?How do I secure communication from the device?I’m writing an application. How do I make my application secure?What other bad stuff should I be thinking about?

3. 23451PolicyDataNetworkApplicationBad StuffAgenda

4. 23451PolicyDataNetworkApplicationBad StuffAgendaI don’t want my employees doing [x] on their device. How do I configure policy?

5. PolicyPasscode PolicyFirst line of defense for device security

6. Prompts user for code, entered on startup and wake

7. With no code, emergency calls onlyConfiguring on the DeviceEnforce on device (turn on/off)

8. Simple (4 pin) or Complex (Alphanumeric)

9. Wipe on x incorrect attempts (default 10)

10. Used in combination with auto-lockPolicyConfiguration Profile settings for PasscodeRequire passcode on device (Yes/No)

11. Allow simple (4 digit PIN) or alphanumeric

12. Passcode length (1 – 16 chars)

13. Minimum number of complex characters

14. Minimum passcode age (None/1 – 730 days)

15. Auto lock (None/1-5 mins)

16. Passcode history (None/1-50 passcodes)

17. Grace period for device lock (None to 4 hrs)

18. Max number of failed attempts (4 – 16)PolicyConfiguration Profile settings for PasscodeRequire passcode on device (Yes/No)

19. Allow simple (4 digit PIN) or alphanumeric

20. Passcode length (1 – 16 chars)

21. Minimum number of complex characters

22. Minimum passcode age (None/1 – 730 days)

23. Auto lock (None/1-5 mins)

24. Passcode history (None/1-50 passcodes)

25. Grace period for device lock (None to 4 hrs)

26. Max number of failed attempts (4 – 16)PolicyConfiguration Profile settings for PasscodeRequire passcode on device (Yes/No)

27. Allow simple (4 digit PIN) or alphanumeric

28. Passcode length (1 – 16 chars)

29. Minimum number of complex characters

30. Minimum passcode age (None/1 – 730 days)

31. Auto lock (None/1-5 mins)

32. Passcode history (None/1-50 passcodes)

33. Grace period for device lock (None to 4 hrs)

34. Max number of failed attempts (4 – 16)PolicyPasscode PolicyFirst line of defense for device security

35. Defaults to 4 digit pin code, entered on startup and wakeDevice SettingsEnforce on device (turn on/off)

36. Simple (4 pin) or Complex (Alphanumeric)

37. Wipe on x incorrect attempts (default 10)

38. Used in combination with auto-lockPolicy

39. PolicyRestrictions on Device FeaturesInstalling Apps, Camera, Facetime, Screen Capture, Sync while Roaming, Voice Dialing, In App Purchases, Multi-player Gaming, Game Center FriendsRestrictions on ApplicationsAccess to YouTube, iTunes, and Safari (various settings)Content Rating RestrictionsRegional setting, with maximum content ratings across Movies, TV Shows, and AppsPolicyAdditional Settings for ConfigurationWiFi access point

40. VPN

41. Email

42. ActiveSync

43. LDAP Directory

44. CalDAV

45. CardDAV