You are on page 1of 4

Disable Bluetooth Unless Needed

13lucroorh should on ly be rurned on when absolurel)'


essar)'. \X'hcn nor in use, it shoul I be disabled (()
prevenr orher devi ces from discovering your iOS device and
attempring ro connect ro ir.
Go to Settings> Gelleral > Bluctooth
Set "Bluetooth" to OFF
Disable Location Services Unless Needed
Location Services ca n be used by Appli cations on your iOS
device 1'0 track yo ur locarion. Unkss rhc.: re is some cri ti cal
need rOt" Applic Hi ons to know your location at all times,
Loca rion Servi ces shoul d he turned ofl. or I'Oggkd on and oA-
onl ), as needed.
Go to Sellings ( Setlings > General on iPads )
SCt "Location Services" to OFF
Appli cations rhar usc Location Servi cls will ask to ust'
Locati on Services rhe first rime rhey arc launched. Consider
rhese requesrs ca refull y and only enahl e Location Services
when absolurely necessa ry.
Secure Safari Settings
AuroFill should be di sabled in SaElri. 111i s will prevenr SaEui
From storing potentially sensitive contact inf()[marion On
your devi ce, sLl ch as usernames and passwords.
Go to Settings> Safari
Sct "AutoFill" to OFF
JavaScripr supporr ca n be disahled ro pn:l'enr m:tliciously
crafted JavaScriprs from hatming your iOS dcvice. However,
disabling Jav;lScri pt ca n l11ake l11 an), wchsitcs unusabl e, so it
ma)' be necessary [0 leavc it on. If it is pracri cal:
Go to Settings> Saf.ui
Sct "JavaScript" to OFF
Cookies ca n comprol11is(; personal informati on and hrowsing
habit S. To prevcnr this from happening, disable [hem when
possibl e or Sl' t your iOS d ' vice [0 only accept cooki e'S from
visited sit cs. The rollowing setting is Llnlikely ro brcak the
functiona lit), of most I" 'bsircs:
Go to Settings> Safari> Accept Cookies
Set "Accept Cookies" to From visited
- ---- --..;:;.
, -
-- --
f .. --
\
I
,
Secure Mail Settings
Ensure rhar all Mail connccrions are encrypred. This requires
that your email server support encryption, whi ch most do.
\'(/ irhour encryprion supporr, your messages will be sent
in rhe clear, whi ch could make it possihle ror someone to
i mercepr and read rht'm.
Go to Settings > Mail, Contacts, Calendars
For each accoullt ill the list:
Go to SMTp, sclect a scrvcr lIamc frOIll the list
Set "Use SSL" to ON
For each accoullt in rhe list:
Go to Advanced
Set "Use SSL" to ON
\X' hcn accessing web mail thl"llugh Sabri , make surc the login
page is encrypted hefon: entering your dara. Ir it is encrypted,
the URL will starr wirh "Imps" instead of "hnp, " and a lock
icon will appear ro the ri ght of the URI..
RenlOle image loading should he disabled in J"bil. 1 hi s
can prevenr maliciously craft ed images from harming your
iO, device. It will also prevent attackers from linking your
network address infor mation [0 your email accou nt.
Go to Settings> Mail , Contacts,
Set "Load Remote Images" to OrF
Consider the iPhone Configuration Utility
\Xlith rhe rel ease of iOS 4, some securiry scrrings thar could
onl y he 3l'plic.:d through the: iPhone Configuration Utilit),
ca n now be found in Scttings > General> Restrictions. -nlis
includes disahling the ca mera ri nd built-in iOS applications
like and YouTube.
For other important setrings. such as rhe abili ty to ("oree
encrypted backups, SCt more complex 1'1 Ns, and mabie
remote wipes, rht: iPhonc Confi guration Ut ilir), is a frel' tool
dla r Apple provides directl), through their website:
h np:1 I ww\\'. apple .co m I Sll ppo t-r/i phond en t('rpri sel
Full instructions on how to use thi s tool arc provided ar rhl.:
sa llll" location.
The Information
ASSllmnce Mission
at NSA
Security Tips
for
Personally Managed
Apple iPhones and iPads
Systems and Network Analysis Center
National Security Agency
9800 Savage Road
FI. Meade, MD 20755
htlp:llwww.nS3,gov/snac
What This Guide Provides
This palllphicr provides sccuriry reCOllllll Cn(bti o ns for
personall y managed Apple il'hones and iPads running iOS
4. In [hi., sir u:Hion . rhe IIScr exercises adminisrrarive cnnrrol
over the device. whet her the device was purchased hy that
use r or by rh e clltcrprisc.
1his pamphlet docs not addr('ss the subsranrial security
and confi gurati on iss ues involved wit h deploying or using
iOS devices in an enterpri se ('nvironmcnt. Such iss ucs,
including the Illanagt' lllent of configuration profiles. network
infrasr rtlCllIre settings, to VI' s, and Exchange
I\ctiveSync, nrc covered on Apple's websit e :11
h up:1 Iwww. appl e.com/supporr/iphonc/c nterpri se/ .
Poli cy settings for [)ep:ntment of
(000) and other U.S. Federal GovcrnmclH environmclHs
are covcred el sewhere. DoD users should consult 0 1 ' J\
publica tions. Other U.S. Fcdcrnl GovCrnl11elll users should
consult N IST puhlica t ions slI ch as SP tlOO-124 r,I/ide/illl's fill
Ct,1I P/mll l' 11IIt! I'DA SI'Cllrity and SP XOO-53 Nl'(OIl IlIl /' I/{/L't!
Srm rity GIll/trois ;;11' Fedeml llifor/llfitioll S),stCilIS (htrp:llcsrc.
n isr .gov/publ icar ions/PuhsSPs.hrlll l).
Maintain Physical Security
Always mainta in phys ica l control of your iOS device. All
L'iectronic dcvi ces are subject to physical att acks, but the
ponable nawre of cellular phones and iPads purs rhcm at
pani cular ri sk. Publicly availahle rools allow an attacker with
phys ica l access ro your devi ce to bypass somc of irs secur ity
mechanis ms.
' I he best protection aga inst physical attacks is m ensure
that ynur iOS device' never fa ll s into the wrong hands.
Consider the ri sks of.storing sensiti ve data on yo ur devi ce.
111is includes corporate infor mati on. credir ca rd numbers.
S:l wel passwords, and personal d:ll :l . If" mobil e device hils
Ollt of your control, conside r all rhe dal a colllained on it
compromised.
Apply the Latest Software Updates
Always apply the Iatesr software updat es ror iOS. as these
include illlporranr security patches. These updates ca n only
be applied through :l Inrernct-conll ccred pcrsonal compUter
running iTunes. II is the rcs ponsibiliry of rhe individLl aIuscr
to ensure that the devi ce has t he int esr wrsion or iOS and
iTuncs sofrware. Rcgubrl y check (or sofrwarc updares lor iOS
and ror ililllLs. l30th updares will occur each time your iOS
dev icc is synced wi rh iTlInes.
Only sync your iOS device or insrall iOS updates (rom :1
t rustnI computer.
Do Not Jailbreak Your iPhone or iPad
".I:1ilbreaking" is the term [har refers to the proccss of
the iOS device's np systcm in violation
of the cnd-uscr li c('nse agrecmc nt. Jailbreaking signifi cantl y
damages rhe device's abi li ty to n:sist arra<; ks bcca tu' it
di sa bles rh e cnforccmclll of code signarurc$, whi ch is an
important sccuriry feature. Jailhreaki ng an iPhonc or iPad
makes the attacker's joh suhsralHia ll y easier. Most puhlicly
released attacks targeted at iOS dcvices re(luire that they first
be jailbroken.
Another concern relared ro jailbreaking is rhe quality of
the tools :lnd appli ca tions provided hy the jailhreaking
cOll1nltlniry. 111('se free appli cations are developed wirh littlc
oversight and li mircd tes ring. -I hey may include viruses or
ot her malwarc, and they may inAi ct lasting harm on your
devi ce hy Im:aking it permanentl y or corrupting your elata.
Enable Auto-Lock and Passcode Lock
' I he AutO- Lock feature makes the screen lock automati ca ll y
after a spc<; ifi ed inacrivit), peri od. Ensure thar Auto-Lock is
ac ti vated. 1\ value of 3 minutes or less is recommended.
Go to Settings> General> Auto-Lock
Set "Auto-Lock" to 3 Minutes
By irself, Auto-Lock does not constitute a security feature,
but whl'll combined wit h Passcode Luck, it will deler a casual
arrcmpt to access your data . Usc rhe Passcode I.ock feamre to
assign a four-di git PI N ro your iOS devi ce. With rhe prompr
rime scr to " I III III cd i:lIci y" the device will always require entry
of the correct PI N in order to unlock rhc sc recn.
Go to Settings > General> Passcode LocI<
Sct "Passcoclc LocI<" to ON
Sct "Require Passcode" to Immediately
Note: On the samC' screen, turn off Simple' Passcode 10 cnablc-
(u ll alpha- numeric passwords.
For addirional secu riry, usc rhe Erase Data fearure {O
alluscr-crca red data arter te n I: likd passcode allemprs. ' Ihis
feature also greatly increases the time bcrwcen fail ed access
arrempl s to slow down more persislenr attackers.
Go to SCI( i IIgs > GCllcral > Passcodc LocI<
Sct "Erase Data" to ON
Do Not Join Untrusted Wireless Networks
\Xlhe n possibl e, avoid or limit the USc of wireless networks.
\Xl he n nor activel y using wirci ess, turn it uff to prevc llt any
accidcnral expos ure.
Go to Settings> Wi - Fi
Sct "Wi-Fi" to OFF
Res iSl the tcmptation ttl usc free \Xli - Fi access points. lhese
typically ofte r no prorection for wirelessly rransmined data,
meaning that anyone in the vi cinil y could intercept all traffi c.
tra nsmirrcd or received. Insread, ifir is absolutely necessary
to usc a wireless nctwork, choo." a known one and ensure
that its rraffi c is encrypted, prdc rably wirh \XlPA. Prorected
networks arc designated in the list of ava ilable networks by a
pi crure of a lock nexr to their names.
To avoid accidelltall y joining an ulltrusred network, rllrn
oO- "Ask to Join etworks." ' Ihis will not prcvcIH your iOS
device From reconn 'cting to networks ir has joi ned in rhe
past , hut it will rcquire future wirel ess conncctions to be
l1lade manually by selecting a nerwork fro m '1 list.
Go to Settings> Wi -Fi
Set "Ask toJoin Networks" to OFF
t ott' : EVt' n i( thi s sell ing is disahled, your phone will still
automar icall y rejoin previously visited networks rh ar have nor
heen expli citl y forgotten.
Another precaUtion is to c hoose 'Torgcr thi s ncrwork" at
the end of every wireless session . This will rcduce rhe chance
that )'our iOS devi ce may accidclllally join another wireless
network wirh the sa me na me. It is important to sek cr this
opti on belo re leaving rhe ph)'sica l ra nge of rhe ne rwo rk in
qucstion. Otherwise, the network will no longer appear in
rhe lisr of available nnworks. and it will not be possible to
rClll ()VC it.
Go to Settings> Wi -Fi
Select a network from the list
Set" Forget this nctwork"

You might also like