Nowadays, iOS is becoming more and more prevalent in companies and larger organizations. Whether this is a trend that is driven by Bring Your Own Device (BYOD) or something that is coming from within the IT department, our knowledge of platforms is being stretched more and more all the time. It's getting harder and harder to be an expert on every platform that is in use in our organizations!
You need to secure your iOS devices. Learning iOS security gives you the knowledge to build security into large-scale iOS deployments. This book takes you through good security practices; these include configuring privacy options to keep personal data away from prying eyes, learning about encryption options to keep data safe at rest, securing apps to reduce the risks introduced by third-party apps, and then laying down practical steps and procedures for carrying out these steps, both on-screen on devices and at scale using Apple Configurator, profiles, and Mobile Device Management (MDM) solutions.
This book also includes a section on debugging and viewing data so that you can check out how to further secure items not covered in detail in the book. We teach you how to provide enterprise-class security to your iPhone, iPad, and iPod Touch deployments. This includes a quick run-down of basic security steps and mass deployment of these steps to aid in your large-scale deployment of iOS devices.
This book is meant to be an easy-to-digest guide that follows real-world examples to implement best security practices. Each topic is covered in a theoretical context and further resources are provided where they are needed/applicable.
Chapter 1, iOS Security Overview, is a quick-and-dirty overview of the many steps to take to initially secure an iPad, iPhone, and iPod Touch. The purpose of this chapter isn't to go into too much depth with any given technology, but to provide a cheat sheet of sorts to get you started with iOS security.
Chapter 2, Introducing App Security, is a more thorough review of how to choose apps and secure them during an iOS deployment. Here, we look at an overview of sandboxing techniques and how to use Single App Mode and keybags. We also look at in-house Apps.
Chapter 3, Encrypting Devices, explains the encryption types and techniques that are used in iOS. Here, we look at Touch ID, Apple Pay, network encryption, and privacy concerns.
Chapter 4, Organizational Controls, introduces Apple Configurator and profile management. Here, we also look at the Find My iPhone app as it pertains to Activation Lock, ActiveSync policies (EAS Policies), and device supervision.
Chapter 5, Mobile Device Management, looks at Apple's Profile Manager and a simple third-party MDM called Bushel. Here, we look at Over the Air (OTA) profile management.
Chapter 6, Debugging and Conclusion, covers ways to troubleshoot and debug devices in larger deployments. In this chapter, we'll look at how to find logs and interpret them, how to get more data than you can use from devices, and then we will wrap up the book.
This book focuses on using a Mac to manage Apple iOS devices. Therefore, you should have a Mac that runs OS X 10.10 or a higher version and an iOS device that runs iOS 8 or a higher version. You can use a Windows or Linux computer instead of a Mac, but not all of the content covered in this book will be applicable if you do this.
This book is intended for systems administrators and security professionals who want to learn how to implement good security practices on iOS devices. The readers should know something about the Information Technology industry, but they need not be veterans who have an experience of more than 30 years.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "While not exactly simple, one could use openssl on various operating systems, in tandem with a root certificate from a trusted certificate authority, to apply signatures to configuration profiles, which devices will then see as trusted."
Any command-line input or output is written as follows:
codesign -d -vv /Users/abanks/Music/iTunes/iTunes\ Media/Mobile\
Applications/Dropbox\ 3.5.2/Payload/Dropbox.app
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "This is exposed to end users with a Send All Traffic slider when optional.
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.