iPhone 2.0 Raises Device's Enterprise Profile

By Andrew Garcia  |  Posted 2008-07-14 Print this article Print

=Security Improvements}

The ActiveSync support also provides the ability to remotely wipe a device if it is lost or stolen. That said, remote wipe should not be considered an Apple feature per se, as you can't do it with any of the recently released iPhone management applications. If you need to remotely wipe an iPhone, you can do it from the Exchange ActiveSync Mobile Administrator Web Tool for Exchange 2003 environments or from the Exchange Management Console, OWA or the WebTool for Exchange 2007.

This reliance on Exchange for remote wipe is more than a little disappointing, as organizations that do not use Exchange are locked out from this very necessary capability with the iPhone.

In addition, the iPhone does not yet offer on-device encryption capabilities. This is somewhat offset by the fact that the iPhone can't copy e-mail attachments to a local store or to an external storage device. However, those files are still findable in the e-mail applications, and many passwords for Web applications may be stored on the device. Therefore, device security relies solely on the device lock pass code.

The addition of the Cisco IPSec VPN client is most welcome, allowing remote users to access their companies' internal Web applications when using either EDGE (Enhanced Data for Global Evolution) or Wi-Fi radio.

From the on-device configuration page, I was able to create profiles that allowed me to connect to two different Cisco VPN concentrators. Cisco VPN configuration is fairly straightforward: I just needed to input the address of the VPN concentrator, my account name and password, and the certificate or group password used for authentication. However, I was disappointed to find that the iPhone would not import the Cisco configuration files that many administrators use to configure VPN client on laptops.

With profiles created, a VPN dialog box appears on the primary Settings screen, which quickly linked me to a screen from where I could select which VPN profile to use and to enable the encrypted connection. The tunnel will stay active even when the iPhone has been locked, although it will close down automatically after a few minutes of inactivity.

When the VPN feature works, it works great. However, when something goes wrong, the iPhone presents a bare minimum of information to help someone troubleshoot the connection. For instance, the VPN page shows that the device is connected via a particular profile, but users cannot tell what their IP address is for the connection, nor can they see if any traffic is successfully passing inbound or outbound.

iPhone 2.0 does bolster Wi-Fi security, adding support for enterprise-grade, certificate-based wireless security standards. In addition to its existing support for WEP (Wired Equivalent Privacy) and the preshared key flavors of WPA and WPA2, Apple has added support  for PEAP v0 and v1, LEAP, TTLS, TLS and EAP-FAST.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel