20,99 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
This book is intended for mobile security professionals who want to learn how to secure iOS operating systems and its applications. Any knowledge of iOS architecture would be an added advantage.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 168
Veröffentlichungsjahr: 2015
Ähnliche
Table of Contents
Learning iOS Security
Learning iOS Security
Copyright © 2015 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: February 2015
Production reference: 2240215
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78355-174-3
www.packtpub.com
Credits
Authors
Allister Banks
Charles S. Edge
Reviewers
Jeremy Agostino
William Smith
Commissioning Editor
Ashwin Nair
Acquisition Editor
Hemal Desai
Content Development Editor
Mamata Walkar
Technical Editor
Menza Mathew
Copy Editors
Jasmine Nadar
Wishva Shah
Project Coordinator
Shipra Chawhan
Proofreaders
Safis Editing
Paul Hindle
Indexer
Tejal Soni
Production Coordinator
Melwyn D'sa
Cover Work
Melwyn D'sa
About the Authors
Allister Banks is an enthusiast. He's very excited to be in the exceedingly limited, exclusive club of coauthors of Charles S. Edge. After working for a decade with IT consulting companies on both the coasts of the U.S., he now works for a medical-focused institution with education and data center aspects. He has given speeches at LOPSA-East, MacTech Conference, and MacAdmins Conference at Penn State. He lives in New York. He contributes to various open source projects and speaks enough Japanese to order food.
Charles S. Edge has been working with Apple products since he was a child. Professionally, Charles started with the Mac OS and Apple server offerings in 1999 after working of years with various flavors of Unix. Charles began his consulting career with Support Technologies and Andersen Consulting. As the chief technology officer of 318, Inc., a consulting firm in Santa Monica, California, Charles built and nurtured a team of over 50 engineers, which was the largest Mac team in the world at that time. Charles is now a product manager at JAMF Software, with a focus on Bushel (http://www.bushel.com).
Charles has spoken at a variety of conferences including DefCon, BlackHat, LinuxWorld, MacWorld, MacSysAdmin, and Apple Worldwide Developers Conference. Charles has also written 12 books, over 3,000 blog posts, and a number of printed articles on Apple products.
About the Reviewers
Jeremy Agostino is a longtime Mac and iOS developer with a professional focus on hardware support and device drivers. He has assisted in the design and implementation of custom technical solutions to manage some of the largest iOS deployments in the U.S. Jeremy is currently leading the engineering team at Ground Control Solutions, where he is developing a powerful deployment and management tool for iOS devices.
William Smith is a solutions architect for 318, Inc., which is an IT consultancy that is based in Santa Monica, California. He is a technology veteran with more than 20 years of experience. He lives in Saint Paul, Minnesota, where he has provided training and consulting services on behalf of customers such as Apple and JAMF Software.
William enjoys writing and presenting on technology topics and he has spoken at JAMF Nation User Conference, MacIT, PSU MacAdmins, and other conferences. He has been a Microsoft MVP for more than 11 years and is co-owner of OfficeforMacHelp.com. Currently, he is a part of the steering committee for the new Twin Cities Mac Admins professionals group—a community that supports all things Apple, from education to enterprise.
www.PacktPub.com
Support files, eBooks, discount offers, and more
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Free access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.
Preface
Nowadays, iOS is becoming more and more prevalent in companies and larger organizations. Whether this is a trend that is driven by Bring Your Own Device (BYOD) or something that is coming from within the IT department, our knowledge of platforms is being stretched more and more all the time. It's getting harder and harder to be an expert on every platform that is in use in our organizations!
You need to secure your iOS devices. Learning iOS security gives you the knowledge to build security into large-scale iOS deployments. This book takes you through good security practices; these include configuring privacy options to keep personal data away from prying eyes, learning about encryption options to keep data safe at rest, securing apps to reduce the risks introduced by third-party apps, and then laying down practical steps and procedures for carrying out these steps, both on-screen on devices and at scale using Apple Configurator, profiles, and Mobile Device Management (MDM) solutions.
This book also includes a section on debugging and viewing data so that you can check out how to further secure items not covered in detail in the book. We teach you how to provide enterprise-class security to your iPhone, iPad, and iPod Touch deployments. This includes a quick run-down of basic security steps and mass deployment of these steps to aid in your large-scale deployment of iOS devices.
This book is meant to be an easy-to-digest guide that follows real-world examples to implement best security practices. Each topic is covered in a theoretical context and further resources are provided where they are needed/applicable.
What this book covers
Chapter 1, iOS Security Overview, is a quick-and-dirty overview of the many steps to take to initially secure an iPad, iPhone, and iPod Touch. The purpose of this chapter isn't to go into too much depth with any given technology, but to provide a cheat sheet of sorts to get you started with iOS security.
Chapter 2, Introducing App Security, is a more thorough review of how to choose apps and secure them during an iOS deployment. Here, we look at an overview of sandboxing techniques and how to use Single App Mode and keybags. We also look at in-house Apps.
Chapter 3, Encrypting Devices, explains the encryption types and techniques that are used in iOS. Here, we look at Touch ID, Apple Pay, network encryption, and privacy concerns.
Chapter 4, Organizational Controls, introduces Apple Configurator and profile management. Here, we also look at the Find My iPhone app as it pertains to Activation Lock, ActiveSync policies (EAS Policies), and device supervision.
Chapter 5, Mobile Device Management, looks at Apple's Profile Manager and a simple third-party MDM called Bushel. Here, we look at Over the Air (OTA) profile management.
Chapter 6, Debugging and Conclusion, covers ways to troubleshoot and debug devices in larger deployments. In this chapter, we'll look at how to find logs and interpret them, how to get more data than you can use from devices, and then we will wrap up the book.
What you need for this book
This book focuses on using a Mac to manage Apple iOS devices. Therefore, you should have a Mac that runs OS X 10.10 or a higher version and an iOS device that runs iOS 8 or a higher version. You can use a Windows or Linux computer instead of a Mac, but not all of the content covered in this book will be applicable if you do this.
Who this book is for
This book is intended for systems administrators and security professionals who want to learn how to implement good security practices on iOS devices. The readers should know something about the Information Technology industry, but they need not be veterans who have an experience of more than 30 years.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "While not exactly simple, one could use openssl on various operating systems, in tandem with a root certificate from a trusted certificate authority, to apply signatures to configuration profiles, which devices will then see as trusted."
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "This is exposed to end users with a Send All Traffic slider when optional.
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the erratasubmissionform link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.
Chapter 1. iOS Security Overview
Out of the box, iOS is one of the most secure operating systems available. There are a number of factors that contribute to the elevated security level. These include the fact that users cannot access the underlying operating system. Apps also have data in a silo (sandbox), so instead of accessing the system's internals they can access the silo. App developers choose whether to store settings such as passwords in the app or on iCloud Keychain, which is a secure location for such data on a device. Finally, Apple has a number of controls in place on devices to help protect users while providing an elegant user experience.
However, devices can be made even more secure than they are now. In this chapter, we're going to get some basic security tasks under our belt in order to get some basic best practices of security. Where we feel more explanation is needed about what we did on devices, we'll explore the technology itself either in this chapter, or others.
This chapter will cover the following topics:
To kick off the overview of iOS security, we'll quickly secure our systems by initially providing a simple checklist of tasks, where we'll configure a few device protections that we feel everyone should use. Then, we'll look at how to take a backup of our devices and finally, at how to use a built-in web browser and protections around a browser.
Pairing
When you connect a device to a computer that runs iTunes for the first time, you are prompted to enter a password. Doing so allows you to synchronize the device to a computer. Applications that can communicate over this channel include iTunes, iPhoto, Xcode, and others.
To pair a device to a Mac, simply plug the device in (if you have a passcode, you'll need to enter that in order to pair the device.) When the device is plugged in, you'll be prompted on both the device and the computer to establish a trust. Simply tap on Trust on the iOS device, as shown in the following screenshot:
Trusting a computer
For the computer to communicate with the iOS device, you'll also need to accept the pairing on your computer (although, when you use libimobiledevice, which is the command to pair, does not require doing so, because you use the command line to accept. This command is covered in Chapter 6, Debugging and Conclusion). When prompted, click on Continue to establish the pairing, as seen in the following screenshot (the screenshot is the same in Windows):
Trusting a device
When a device is paired, a file is created in /var/db/lockdown, which is the UDID of the device with a property list (plist) extension. A property list is an Apple XML file that stores a variety of attributes. In Windows, iOS data is stored in the MobileSync folder, which you can access by navigating to \Users\(username)\AppData\Roaming\Apple Computer\MobileSync. The information in this file sets up a trust between the computers and includes the following attributes:
Why does this matter? It's important to know how a device interfaces with a computer. These files can be moved between computers and contain a variety of information about a device, including private keys.
Having keys isn't all that is required for a computer to communicate with a device. When the devices are interfacing with a computer over USB, if you have a passcode enabled on the device, you will be required to enter that passcode in order to unlock the device.
Once a computer is able to communicate with a device, you need to be careful as the backups of a device, apps that get synchronized to a device, and other data that gets exchanged with a device can be exposed while at rest on devices.
Backing up your device
What do most people do to maximize the security of iOS devices? Before we do anything, we need to take a backup of our devices. This protects the device from us by providing a restore point. This also secures the data from the possibility of losing it through a silly mistake. There are two ways, which are most commonly used to take backups: iCloud and iTunes. As the names imply, the first makes backups for the data on Apple's cloud service and the second on desktop computers.
We'll cover how to take a backup on iCloud first.
iCloud backups
An iCloud account comes with free storage, to
