iPad in Business Security Overview

iPad can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods for access to corporate services, and encryption for all data stored on the device. iPad also provides secure protection through the use of passcode policies that can be enforced and delivered over the air. And if the device falls into the wrong hands, users and IT administrators can initiate a remote wipe command to help ensure that private information is erased.

It’s helpful to understand the following when considering the security of iPad for the enterprise:

•Methodsthatpreventunauthorizeduseofthedevice•Protectingdataatrest,includingwhenadeviceislostorstolen•Networkingprotocolsandencryptionofdataintransmission•SecureplatformfoundationofiPhoneOS

Thesecapabilitiesworkinconcerttoprovideasecuremobilecomputingplatform.

Device Control and ProtectionEstablishing strong policies for access to iPad is critical to protecting corporate information.Passcodeenforcementisthefrontlineofdefenseagainstunauthorizedaccessandcanbeconfiguredandenforcedovertheair.Additionally,iPadprovides securemethodstoconfigurethedeviceinanenterpriseenvironmentwherespecific settings,policies,andrestrictionsmustbeinplace.Thesemethodsprovideflexibleoptionsforestablishingastandardlevelofprotectionforauthorizedusers.

Passcode policiesAdevicepasscodepreventsunauthorizedusersfromaccessingdatastoredoniPad orotherwisegainingaccesstothedevice.iPadallowsyoutoselectfromanextensive set of passcode requirements to meet your security needs, including timeout periods, passcode strength, and how often the passcode must be changed.

ThefollowingMicrosoftExchangeActiveSyncpasscodepoliciesaresupported:

• Enforcepasswordondevice•Minimumpasswordlength•Maximumfailedpasswordattempts•Numbersandlettersbothrequired• Inactivitytimeinminutes

Device protection• Strongpasscodes• Passcodeexpiration• Passcodereusehistory• Maximumfailedattempts• Over-the-airpasscodeenforcement• Progressivedeviceprotection

Data protection• Remoteandlocalwipe• Encryptedconfigurationprofiles• EncryptediTunesbackups• Hardwareencryption

Network security• CiscoIPSec,L2TP,PPTPVPNprotocols• SSL/TLSwithX.509certificates• WPA/WPA2Enterprisewith802.1X• Certificate-basedauthentication• RSASecurID,CRYPTOCard

Platform security• Runtimeprotection• Mandatorycodesigning• Keychainservices• CommonCryptoAPIs

2

TheseadditionalpasscodepoliciesaresupportedwithMicrosoftExchangeServer2007:

• Simplepasswordallowedorprohibited•Passwordexpiration•Passwordhistory•Policyrefreshinterval•Minimumnumberofcomplexcharactersinapassword

Policy enforcementThepoliciesdescribedcanbesetoniPadintwoways.IfthedeviceisconfiguredtoaccessaMicrosoftExchangeaccount,theExchangeActiveSyncpoliciesarepushed to the device over the air, enabling policies to be enforced and updated without any action by the user.

Policiescanalsobedistributedaspartofaconfigurationprofileforuserstoinstall.Aprofilecanbedefinedsothatdeletingtheprofileispossibleonlywithanadministrativepassword.Alternatively,youcandefinetheprofilesothatit’slockedtothedeviceandcannot be removed without completely erasing all of the device contents.

Secure device configurationConfigurationprofilesareXMLfilesthatcontaindevicesecuritypoliciesandrestrictions,VPNconfigurationinformation,Wi-Fisettings,emailandcalendaraccounts,andauth-enticationcredentialsthatpermitiPadtoworkwithyourenterprisesystems.Theability toestablishpasscodepoliciesalongwithdevicesettingsinaconfigurationprofileensuresthatdeviceswithinyourenterpriseareconfiguredcorrectlyandinaccordancewithsecuritystandardssetbyyourorganization.Andbecauseconfigurationprofiles canbebothencryptedandlocked,thesettingscannotberemoved,altered,orsharedwith others.

Configurationprofilescanbebothsignedandencrypted.Signingaconfiguration profileensuresthatthesettingsitenforcescannotbealteredinanyway.Encrypting aconfigurationprofileprotectstheprofile’scontentsandpermitsinstallationonly onthedeviceforwhichitwascreated.ConfigurationprofilesareencryptedusingCryptographicMessageSyntax(CMS),RFC3852,supporting3DESandAES-128.

Forthefirst-timedistributionofencryptedconfigurationprofiles,you’llneedtoinstallthemviaUSBsyncusingtheiPhoneConfigurationUtilityorviaover-the-airenrollmentandconfiguration.Inadditiontothesemethods,subsequentdistributionofencryptedconfigurationprofilescanbedeliveredviaemailattachmentorhostedonawebsite accessible to your users.

Device restrictions Device restrictions determine which iPad features your users can access. Typically, these involvenetwork-enabledapplicationssuchasSafari,YouTube,ortheiTunesStore,butrestrictions can also control actions such as application installations. Device restrictions allowyoutoappropriatelyconfigurethedeviceandsetpermissionsforemployeestousethedeviceinwaysthatareconsistentwithyourbusinesspractices.Restrictions areenforcedusingaconfigurationprofile,ortheycanbemanuallyconfiguredon each device.

Inadditiontosettingrestrictionsandpoliciesonthedevice,theiTunesdesktop applicationcanbeconfiguredandcontrolledbyIT.Thisincludesdisablingaccesstoexplicitcontent,definingwhichnetworkservicesuserscanaccesswithiniTunes,andwhether new software updates are available for them to install.

Available restrictions• AccesstoexplicitmediainiTunesStore• UseofSafari• UseofYouTube• AccesstoiTunesStore• UseofAppStoreandiTunestoinstall

applications

3

Data ProtectionProtecting data stored on iPad is important for any environment with a high level of sensitive corporate or customer information. In addition to encrypting data in transmission, iPad provides hardware encryption for data stored on the device.

If a device is lost or stolen, it’s important to deactivate and erase the device. It’s also a goodideatohaveapolicyinplacethatwillwipethedeviceafteradefinednumber offailedpasscodeattempts—akeydeterrentagainstattemptstogainunauthorizedaccess to the device.

EncryptioniPadoffers256-bitAESencodinghardware-basedencryptiontoprotectalldataonthedevice. Encryption is always enabled and cannot be disabled by users.

Additionally,databackedupiniTunestoauser’scomputercanbeencrypted.Whenanencryptedconfigurationprofileisstoredontheuser’sdevice,thiscapabilityisenforcedautomatically. And to further protect application data, developers have access to APIs that enable them to encrypt data within their own application data stores.

Remote wipeiPad supports remote wipe. If a device is lost or stolen, the administrator or device owner can issue a remote wipe command that removes all data and deactivates the device.IfthedeviceisconfiguredwithanExchangeaccount,theadministratorcan initiatearemotewipecommandusingtheExchangeManagementConsole(ExchangeServer2007)ortheExchangeActiveSyncMobileAdministrationWebtool(ExchangeServer2003or2007).UsersofExchangeServer2007canalsoinitiateremotewipe commandsdirectlyusingOutlookWebAccess.

Local wipeDevicescanalsobeconfiguredtoautomaticallyinitiatealocalwipeafterseveralfailedpasscodeattempts.Thisisakeydeterrentagainstbruteforceattemptstogainaccesstothedevice.Bydefault,iPadwillautomaticallywipethedeviceafter10failedpasscodeattempts.Aswithotherpasscodepolicies,themaximumnumberoffailedattemptscanbeestablishedviaaconfigurationprofileorenforcedovertheairviaExchangeActiveSyncpolicies.

SecureNetworkCommunicationMobileusersneedtoaccesscorporatenetworksfromanywhere.Soit’simportant thattheyareauthorizedandthatdataisprotectedduringtransmission.iPadprovidesproventechnologiestoaccomplishthesesecurityobjectivesforbothWi-Fiandcellulardatanetworkconnections.

VPNManyenterpriseenvironmentsusesomeformofvirtualprivatenetworking.These securenetworkservicesarealreadydeployedandtypicallyrequireminimalsetup andconfigurationtoworkwithiPad.

iPadintegrateswithabroadrangeofcommonlyusedVPNtechnologiesthrough supportforCiscoIPSec,L2TP,andPPTP.SupportfortheseprotocolsensuresthehighestlevelofIP-basedencryptionfortransmissionofsensitiveinformation.iPadsupports networkproxyconfigurationaswellassplitIPtunnelingsothattraffictopublicor privatenetworkdomainsisrelayedaccordingtoyourspecificcompanypolicies.

Progressive device protectioniPadcanbeconfiguredtoautomaticallyinitiate a wipe after several failed passcode attempts. If a user repeatedly enters the wrong passcode, iPad will be disabled for increasingly longer inter-vals. After too many unsuccessful attempts, all data and settings on the device will be erased.

4

InadditiontoenablingsecureaccesstoexistingVPNenvironments,iPadoffersprovenmethodsforuserauthentication.Authenticationviastandardx.509digitalcertificatesprovides users with streamlined access to company resources and a viable alternative tousinghardware-basedtokens.Additionally,certificateauthenticationenablesiPadtotakeadvantageofVPNOnDemand,makingtheVPNauthenticationprocesstransparentwhilestillprovidingstrong,credentialedaccesstonetworkservices.

Forenterpriseenvironmentsthatrequireatwo-factortoken,iPadintegrateswithRSASecurIDandCRYPTOCard.

SSL/TLSiPadsupportsSSLv3aswellasTransportLayerSecurity(TLS)v1,thenext-generationsecuritystandardfortheInternet.Safari,Calendar,Mail,andotherInternetapplicationsautomatically start these mechanisms to enable an encrypted communication channel between iPad and corporate services.

WPA/WPA2iPadsupportsWPA2Enterprisetoprovideauthenticatedaccesstoyourenterprise wirelessnetwork.WPA2Enterpriseuses128-bitAESencryption,givingusersthehighestlevel of assurance that their data will remain protected when they send and receive communicationsoveraWi-Finetworkconnection.Andwithsupportfor802.1x,iPad canbeintegratedintoabroadrangeofRADIUSauthenticationenvironments.

SecurePlatformFoundationiPhoneOSisaplatformdesignedwithsecurityatitscore.Itincludesa“sandboxed”approach to application runtime protection and requires mandatory application signing toensurethatapplicationscannotbetamperedwith.iPhoneOSalsohasasecure frameworkthatfacilitatessecurestorageofapplicationandnetworkservicecredentialsinanencryptedkeychain.Fordevelopers,itoffersacommoncryptoarchitecturethat can be used to encrypt application data stores.

Runtime protectionApplicationsonthedeviceare“sandboxed”sotheycannotaccessdatastoredbyotherapplications.Inaddition,systemfiles,resources,andthekernelareshieldedfromtheuser’s application space. If an application needs to access data from another application, itcandosousingonlytheAPIsandservicesprovidedbyiPhoneOS.Codegeneration is also prevented.

Mandatory code signingAll iPad applications must be signed. The applications provided with the device are signedbyApple.Third-partyapplicationsaresignedbythedeveloperusinganApple-issuedcertificate.Thisensuresthatapplicationshaven’tbeentamperedwithoraltered.Additionally,runtimechecksaremadetoensurethatanapplicationhasn’tbecome“untrusted”sinceitslastuse.

Theuseofcustomorin-houseapplicationscanbecontrolledwithaprovisioningprofile.Usersmusthavetheprovisioningprofileinstalledtoexecutetheapplication.Administratorscanalsorestricttheuseofanapplicationtospecificdevices.

Secure authentication frameworkiPadprovidesasecure,encryptedkeychainforstoringdigitalidentities,usernames, andpasswords.Keychaindataispartitionedsothatcredentialsstoredbythird-partyapplicationscannotbeaccessedbyapplicationswithadifferentidentity.Thisprovidesthe mechanism for securing authentication credentials on iPad across a range of applications and services within the enterprise.

VPN protocols• CiscoIPSec• L2TP/IPSec• PPTP

Authentication methods• Password(MS-CHAPv2)• RSASecurID• CRYPTOCard• x.509digitalcertificates• Sharedsecret

802.1x authentication protocols• EAP-TLS• EAP-TTLS• EAP-FAST• EAP-SIM• PEAPv0,v1• LEAP

Supported certificate formatsiPadsupportsX.509certificateswith RSAkeys.Thefileextensions.cer,.crt, and.derarerecognized.

5

©2010AppleInc.Allrightsreserved.Apple,theApplelogo,iPhone,iTunes,andSafariaretrademarksofAppleInc.,registeredintheU.S.andothercountries.iPadisatrademarkofAppleInc.iTunesStoreisaservicemarkofAppleInc.,registeredintheU.S.andothercountries.Otherproductandcompanynamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.Productspecificationsaresubjecttochangewithoutnotice.Thismaterialisprovidedforinformationpurposesonly;Appleassumesnoliabilityrelatedtoitsuse.April2010L418700A

Common crypto architectureApplication developers have access to encryption APIs that they can use to further protect their application data. Data can be symmetrically encrypted using proven methodssuchasAES,RC4,or3DES.Inaddition,iPadprovideshardwareaccelerationforAESandSHA1encryption,maximizingapplicationperformance.

RevolutionaryProduct,SecureThroughoutiPadprovidesencryptedprotectionofdataintransit,atrest,orbackeduptoiTunes.Whetherauserisaccessingcorporateemail,visitingaprivatewebsite,orauthenticating tothecorporatenetwork,iPadprovidesassurancethatonlyauthorizeduserscanaccesssensitivecorporateinformation.Andwithsupportforenterprise-grade networkingandcomprehensivemethodstopreventdataloss,youcandeployiPadwithconfidence,knowingthatyou’reimplementingprovenmobiledevicesecurityand data protection methods.

AdditionalResourcesEnterprise Deployment Guidehttp://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

EnterpriseDeploymentResourcesandScenarioswww.apple.com/ipad/business