Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: iPad and access to university ERP

From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Wed, 21 Jul 2010 16:13:32 -0700
 Apple has an overview of security on the iPad here:
   http://images.apple.com/ipad/business/pdf/iPad_Security_Overview.pdf

 This is an interesting read: I didn't know, for example, that the iPad appears to have quasi FDE functionality: 
"256-bit AES encoding hardware-based encryption to protect all data on the device. Encryption is always enabled and 
cannot be disabled by users."

 The lowest algorithm I can see in the document is 3DES, which is typically implemented at either 112 or 168 bit 
strength. I don't see anything about 40-bit, but to the previous poster, that would be a concern since 40-bit is well 
within the realm of brute force. By the looks of the Apple publication, however, the iPad appears to have some pretty 
good security controls. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security Office
Pima Community College
Office: 520-206-4873
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, 
MICHAEL
Sent: Wednesday, July 21, 2010 3:45 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] iPad and access to university ERP

But...given that the session *is* encrypted - and not persistent - wouldn't *any* kind of encryption be serviceable for 
something like this?  (I'm thinking that is someone *really* wanted the data, they aren't going to try and tunnel 
through a relatively random wireless connection....?)

Just a thought...

M

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Schaffer
Sent: Wednesday, July 21, 2010 10:36 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] iPad and access to university ERP

I believe the encryption is only 40 bit.

Greg

Greg Schaffer, CISSP
Assistant Vice President
Network and Information Technology Security
Middle Tennessee State University
615 898-5753

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Theresa 
Rowe
Sent: Wednesday, July 21, 2010 11:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] iPad and access to university ERP

I just received this email from a department manager:

"First thing I did was installed an app called Remote Desktop Lite (free). I
used that to remote into my Windows machine on my desk and it worked
beautifully. I pulled up Banner and found it to be really easy to work with
on the iPad. What I liked the most was I didn't have to tab into the entry
fields. I could touch them and the cursor would move. If I only had that on
my desktop!"

Wonderful....  So I'm thinking what is open on the desktop and what is the security of the transmission.  We force VPN 
use from off-campus.  I thought we had the remote desktop thing handled in terms of accessing our ERP.

Am I unreasonably concerned?

-- 
Theresa Rowe
Chief Information Officer
Oakland University
**Think Green - Think before you print.**

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean.
Previous By Date Next
Previous By Thread Next

Current thread: