IOS Security Mechanism Overview

The iPad provides many security mechanisms for enterprise users and their applications and a secure mobile computing platform for users. Next, let's take a look at the security mechanisms in iOS.
1. Device Control and Protection

1.1 Password Policy
The iPad allows you to choose from a series of password design policies based on security requirements, including timeout settings, password length, and password update cycle. The iPad supports Microsoft Exchange ActiveSync password policies, such as the Minimum Password Length, maximum number of password attempts, number and letter combinations required for password setting, and maximum password inactivity time. In addition, the iPad supports password policies in Microsoft Exchange Server 2007, such: allow/prohibit password close, password timeout, password history, policy update interval, minimum number of complex letters in the password, etc.
1.2 set security policies
There are two ways to set security policies on the iPad. If the device is configured as an accessible Microsoft Exchange Account, the corresponding policies of Exchange ActiveSync will be pushed directly to the device without user settings. In addition, you can deploy and install the configuration in the configuration file. It is worth noting that the administrator password is required to delete the configuration.
1.3 Security Device Configuration
The iPad uses XML (eXtensible Markup Language) format configuration files to set security policies and restrictions for devices, Virtual Private Network (VPN) configuration information, Wi-Fi settings, and emails. The iPad provides signature and encryption protection for configuration files.
1.4 Device restrictions
Device restrictions specify which feature users can access and use the iPad. In other words, device Restrictions mainly aim to help enterprises regulate and limit which specific services employees can use the iPad in the enterprise environment. These restrictions usually include some network applications, such as Safari, YouTube, and iTunes Store. Of course, the restrictions can also include whether to allow application installation.
2. Data protection

2.1 Encryption
The iPad provides a 256-bit AES (Advanced Encryption Standard) Hardware Encryption Algorithm to protect all data on the device. Encryption is mandatory and cannot be canceled by users.
2.2 clear Remote Information
The iPad supports remote information clearing. When the iPad is lost or stolen, the administrator or device owner can trigger a remote information clearing command to remove data from the device and reactivate the device to ensure data security.
2.3 local information elimination
The iPad also supports clearing local information. After multiple failed password attempts, the iPad automatically starts local information elimination. By default, this mechanism is enabled on the iPad after 10 failed password attempts.
3. Secure Network Communication

3.1 VPN
The iPad supports mainstream VPN technologies, including Cisco IPSec, L2TP, and PPTP, to ensure the security of mobile communication content. The iPad also supports network proxy configuration. In addition, to support secure access to the existing VPN environment, the iPad supports standard x.509 digital certificate-based authentication and RSA SecureID and CRYPTOCard-based authentication.
3.2 SSL/TLS
The iPad supports SSL (Secure Socket Layer) v3 and TLS (Transport Layer Security) v1. Safari, Calendar, Mail, and other Internet applications automatically use these security mechanisms to ensure communication security between iPad and other applications.
3.3 WPA/WPA2
The iPad supports WPA (Wi-Fi Protected Access)/WPA2 authentication to Access the enterprise network through Wi-Fi. WPA2 adopts the 128-bit AES encryption method. At the same time, the iPad supports the 80.2.1x protocol family, so it can also be used in RADIUS-based authentication environments.
4. Secure iOS platform

4.1 runtime Protection
Applications running on iPad OS follow the "sandbox" security principle, that is, they cannot access data of other applications. In addition, system files, resources, and kernels are isolated from user applications. If the application needs to access data of other programs, it must be accessed through the APIS provided by the iPad OS.
4.2 forced Signature
All iPad applications must be signed. All programs on the device are signed by Apple. Third-party applications must be signed by developers using digital certificates issued by Apple.
4.3 Security Authentication Framework
The iPad provides a secure and encrypted Authentication Framework to store digital identifiers, usernames, and passwords, to ensure the security authentication of iPad for a variety of applications and services.
 

Author: "excellence begins with a weakness"