Feeds

Australia OKs iOS for classified comms

Spooks get guide on 'hardening' iPhones, iPads

Using blade systems to cut costs and sharpen efficiencies

Australia's Defence Signals Directorate, an agency charged with collecting signals intelligence and educating the rest of the government about security, has green-lit Apple's iOS for use in “classified Australian government communications”.

The decision doesn't mean spooks can nip out to a phone shop and start chattering away on the iDevice of their dreams. Instead they'll need to adhere to a 'Hardening Guide' [PDF] that insists on iOS 5.1 or later and also offers lots of rules to make sure Apple's devices are used safely.

Those rules include a provision that passwords must include alphanumeric characters and that users should be forced to change passwords every 90 days. Devices should be auto-wiped after five failed log-on attempts. A SIM PIN is recommended and and encrypted backups are a must.

Disabling installation of apps is recommended for workers who access “Protected” information. Three grades of security higher than Protected – Confidential, Secret and Top Secret – aren't considered suitable for access with an iDevice.

WiFi access is allowed, but only with “WPA2 Authentication with EAP-TLS and a pre-shared key as minimum,” but with a preference for RADIUS or 802.1x. “Ask to join networks” should be turned off, to prevent iDevices connecting to unknown WiFi.

The guide mentions jailbroken devices and unsurprisingly says “Administrators should not allow employee owned jailbroken iOS devices to be provisioned on the corporate network.”

Interestingly, the guide also includes sample scripts for the iPhone Configuration Utility, an Apple product the Directorate recommends as suitable for managing fleets of iDevices in Australian government agencies. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.