Network security iOS

Posted: December 1, 2012 in Articles
Tags: , ,

iOSIn addition to the basic functions of protection and security features and data encryption, iOS devices provide a wide range of network security features to securely transmit data over the network to both individual and corporate users. For corporate users, it is important that they can access corporate data from anywhere in the world. No less important and reliable user authentication and secure transmission of data. iOS uses, and gives developers access to the standard network protocols to create authorized, authenticated and encrypted connections.

iMessage – an application for instant messaging. In earlier versions it was only possible to exchange text messages. Starting with iOS 3.0, adds support for MMS messages.

Other mobile platforms to protect open ports may require additional installation of a firewall. By reducing the attack surface (no optional network utilities like telnet), iOS additional firewall does not. In addition, messages transmitted through the services of iMessage, FaceTime and Apple Push Notification Service is fully encrypted and authenticated.

SSL, TLS

iOS supports the Secure Socket Layer (SSL v3), and Transport Layer Security (TLS v1.1, TLS v1.2) and Datagram Transport Layer Security (DLTS). It should be noted that the protocols SSL v3/TLS v1.0 considered unsafe, because they are in the recent past was made known attack called BEAST. Applications such as Safari, Mail, Calendar automatically use the above protocols to set encrypted connection between the device and network services. In addition, developers can embed and TLS in their applications with high-level API (platform CFNetwork).

VPN

VPN-services virtually do not need additional configuration to work with iOS-devices. Devices running iOS support multiple authentication mechanisms and protocols of different companies. All of them are listed below.

– Juniper Networks, Cisco, Aruba Networks, SonicWALL, Check Point, F5 Networks SSL-VPN. To establish a VPN-connection to such a server, users need to download the appropriate client application from the Apple Store;

– Cisco IPSec with user authentication by password or token RSA SecurID, and authentication of the workstation on a shared secret or certificate. Cisco IPSec supports “VPN-On-Demand” for the domains of the control unit. In other words, no matter where the user is trying to connect with the specified domain, the connection will always be encrypted;

– L2TP/IPSec c user authentication by MS-CHAP v2, or RSA SecurID, and authentication of the workstation to the shared secret;
PPTP c user authentication by MS-CHAP v2, or RSA SecurID.

Wi-Fi

To provide authenticated access to wireless corporate network iOS supports most Wi-Fi protocols. Protocol WPA2 Enterprise uses 128-bit AES-encryption, which provides users with the highest level of data during transmission over the wireless network. In addition, devices with iOS support authentication via RADIUS. Among other supported authentication methods include the following: EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, PEAPv0, PEAPv1, LEAP.

Bluetooth

Bluetooth specification itself involves several modes of encryption, security, and multiple levels of service. As for the iOS, the operating system provides a third mode of encryption (Encryption Mode 3), fourth mode security (Security Mode 4) and the first level of service (Service Level 1).

Encryption Mode 3 means that encrypts all incoming and outgoing traffic.

Security Mode 4 – is a mode in which all security procedures are carried out after the connection between the devices. The fourth is secure key distribution is performed using the Diffie-Hellman based on elliptic curves (ECDH).

Finally, Service Level 1 – is the level of service that requires both authentication and authorization. At the first level of service given automatic access only to trusted devices, unauthorized devices to authenticate manually.

In the Bluetooth specification defines several so-called profiles. Profile – a set of features and functions that can perform device.

iOS supports six sections:

– Hands-Free Profile (HFP 1.5) – required to connect the device and wireless headset, sound is in mono;

– Phone Book Access Profile (PBAP) – for the exchange of records of phone books between devices;

– Advanced Audio Distribution Profile (A2DP) – designed for audio in stereo from a device to a wireless headset;

– Audio / Video Remote Control Profile (AVRCP) – profile allows you to use your device as a remote control of audio / video equipment;

– Personal Area Network Profile (PAN) – Profile uses the Bluetooth Network Encapsulation as a transport via Bluetooth-connection;

– Human Interface Device Profile (HID) – provides support for devices such as a mouse, joystick, keyboard.

Configuring the device

Especially for a centralized device settings (including security settings) Apple has developed a utility iPhone Configuration Utility. Utility is typically used by an enterprise administrator for mass customization of devices. The result set is created so-called configuration profile – file in XML. To maintain the integrity and confidentiality of the configuration file can be signed and encrypted, encrypted file on standard CMS (RFC 3852). Administrators also have the ability to “docked” profile to the device and prevent the user from deleting it. Profile created by iPhone Configurator Utilility, can have several sections.

Conclusion

Thus, the basic security features, encryption and network security in their totality create rather high and erect a solid bulwark of protection around the device and user information. Stronghold strong but not invulnerable. As demonstrated time and practice is not safe systems, and even the seemingly impregnable system sooner or later there is a jailbreak. Of course, jailbreak somehow lowers system security. Plays a major role and the correct setting of the system. But here we’re back to the choice of each individual: one decides to make him jailbreak on your device or not, everyone can decide which is more important: more security or more freedom?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s