View RSS Feed

Grumbledook's stuff!

A Data Protection Interlude - Apple

Rate this Entry
by , 8th May 2012 at 12:05 PM (2574 Views)
Originally posted on Grumbledook Thinks

And so I take a quick interlude from my look at the recent Apple Workshops to think about a few queries some schools have raised in the last few weeks about Apple and Data Protection.

When it comes to their OS X devices (desktops and laptops) Apple have had some built in encryption for some time. FileVault was introduced in Mac OS X 10.3 and used to just encrypt user files. Not a perfect solution but the introduction of FileVault 2 in Mac OS X 10.7 (Lion) we now have a solution to encrypt the whole drive. The ICO has raised the need to encrypt laptops so if you have personal data on your MacBook then you should seriously look at FileVault for encryption. There are other commercial offerings and solutions which cover a variety of platforms, allowing for better audit and control ... but yes, there are going to be at some cost. In the same way that BitLocker is a fantastic way to deal with the issue on Windows 7 laptops (which has been blogged about by the Microsoft Education UK team) then it is good to consider making use of the built-in tools provided by Apple.

When we come to Apple's mobile OS, iOS, and the newer devices being used (iPhone 3GS and later models, all models of iPads and iPod Touch 3rd gen and later models) then these are all capable of going onto iOS 5. By default these devices make use of hardware encryption. Apple say, "Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages and attachments. Third-party applications can use the data protection APIs in iOS 4 and later to further protect application data."

The growing use of iOS devices as tools for Senior Leaders and teachers in schools will mean that sensitive emails and files are likely to be on these devices and so you need to take appropriate action to protect the data.

Apple do have a larger paper about iPad security and from my perspective it boils down to a few key facts.

1 - Set a passcode on your device. This will mean that should someone repeatedly attempt to get in then it will be wiped.

2 - Don't rely on a simple passcode. Whilst it is nice and easy to have a simple code of 4 numbers, it is not exactly secure. You wouldn't have a password of 4 characters for your desktop or laptop to log into your school network so why do it for a mobile device? If you look at your iPhone and check the pattern of smudges where your fingers type you can see where you enter it in ... and the direction of the smudge can make it easy to guess. Other mobile OS have a similar problem so it is nothing new.

3 - If you are using smart covers on iPads then make sure that you turn off the feature to automatically unlock when you open the cover. This sort of defeats the object of security. Fine for classroom devices but not for those with personal / sensitive data on.

4 - Tools such as the iPhone Configuration Utility (ICPU) allow you to create a profile for devices to change some of these settings. If you are creating settings for school devices or to allow devices to connect to school systems then you should look at this to force improvements. This will include password length, complexity, Autolock time period (I have mine for 1 minute and the maximum number of failed attempts to login before the device is wiped (mine is set to 4).

5 - Remote wipe should be available ... either via management tools within the school or if a personal device then via iCloud with Find My iPad.

Not an extensive list of how to deal with this and there are some other really pod guides out there, but hopefully this gets more people considering how they use Apple mobile devices and take a bit more care.

Updated 8th May 2012 at 01:41 PM by GrumbleDook

Categories
Uncategorized

Comments

  1. FN-GM's Avatar
    Thanks for the article, good read. It might be also worth looking at this thread, it highlights a flaw in firevault. - http://www.edugeek.net/forums/securi...log-files.html
  2. GrumbleDook's Avatar
    I've been using the developer build of 10.7.4 for the last 2 previews so knew that work is being done on this ... but it does raise about good practice of preventing booting into target mode, booting from external disks, etc ... I'll try and follow up with that shortly.
  3. FN-GM's Avatar
    10.7.4 has now been released to the general public and this issue has been fixed - Mac OS X 10.7.4 Update is Available [Direct Download Links]

Trackbacks

Total Trackbacks 0
Trackback URL: