Apple Releases iOS Security Specs
Apple released a nice document with details about iOS 5 security features. The document is NOT a hardening guide. Instead, it provides more insight into the iOS architecture and sandboxing feature, as well as lists of available security features.
This document should be read by anybody working on an iOS hardening guide to better judge the risks associated with iOS and various settings within iOS. One problem with standard hardening guides is that some of them may be too restrictive for your environment, and you should always customize them to your needs. The Apple documents will allow you to make more intelligent choices as to what hardening features to apply.
[1] http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf
[2] http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml
(A google search for "iOS hardening guide" will lead to a large number of relevant hardening guides you can use as a starting point for your own).
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments