Australia OKs iOS for classified comms
Spooks get guide on 'hardening' iPhones, iPads
By Simon Sharwood • In Security • At 10:00 GMT 13th April 2012
Australia's Defence Signals Directorate, an agency charged with collecting signals intelligence and educating the rest of the government about security, has green-lit Apple's iOS for use in “classified Australian government communications”.
The decision doesn't mean spooks can nip out to a phone shop and start chattering away on the iDevice of their dreams. Instead they'll need to adhere to a 'Hardening Guide' [PDF] that insists on iOS 5.1 or later and also offers lots of rules to make sure Apple's devices are used safely.
Those rules include a provision that passwords must include alphanumeric characters and that users should be forced to change passwords every 90 days. Devices should be auto-wiped after five failed log-on attempts. A SIM PIN is recommended and and encrypted backups are a must.
Disabling installation of apps is recommended for workers who access “Protected” information. Three grades of security higher than Protected – Confidential, Secret and Top Secret – aren't considered suitable for access with an iDevice.
WiFi access is allowed, but only with “WPA2 Authentication with EAP-TLS and a pre-shared key as minimum,” but with a preference for RADIUS or 802.1x. “Ask to join networks” should be turned off, to prevent iDevices connecting to unknown WiFi.
The guide mentions jailbroken devices and unsurprisingly says “Administrators should not allow employee owned jailbroken iOS devices to be provisioned on the corporate network.”
Interestingly, the guide also includes sample scripts for the iPhone Configuration Utility, an Apple product the Directorate recommends as suitable for managing fleets of iDevices in Australian government agencies. ®