null

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 34 Next »

The hardening checklists are based on the comprehensive checklists produced by CIS. The Information Security Office has distilled the CIS benchmark down to the most critical steps for your devices, with a particular focus on configuration issues that are unique to the computing environment at The University of Texas at Austin.

How to read the checklist

Step - The step number in the procedure. If there is a UT Note for this step, the note number corresponds to the step number.
Check (√) - This is for administrators to check off when she/he completes this portion.
To Do - Basic instructions on what to do to harden the respective device.
CIS - Reference number in The Center for Internet Security (CIS) benchmark, if applicable.
UT Note - The notes after each checklist provide additional details about the step for the university computing environment.
Cat I - For systems that include category I data, required steps are denoted with the ! symbol. All steps are recommended.
Cat II/III - For systems that include category II or III data, all steps are recommended, and some are required (denoted by the !).

Supported devices

Supported devices include ... Some security settings and options may not be available on older devices.

 

Checklist

All items marked with a ! are mandatory to be considered compliant with the Minimum Standards governing the use of Category I data.  With Android based devices, some third party applications will be necessary to implement all of the required functionality, as many security features are either not present or natively exposed in the operating system.

Step

To Do

 

UT Note

Cat I

Cat II/III

 

 

Security Settings

 

 

 

 

1

 

Update firmware to the latest version

 

§

!

 

2

 

Require a passcode

 

§

!

 

3

 

Set auto-lock timeout

 

§

!

 

4

 

Erase data upon excessive passcode failures

 

§

!

 

 

 

Additional Security Protection

 

 

 

 

5

 

Turn off Ask to Join Networks

 

§

 

 

6

 

Turn off Bluetooth when not needed

 

§

 

 

7

 

Forget Wi-Fi networks to prevent automatic rejoin

 

§

 

 

8

 

Erase all data before return, repair, or recycle

 

§

!

 

9

 

Use a third party application to password protect applications with sensitive data

 

§

 

 

10

 

Use a third party application to enable data encryption

 

§

!

 

11

 

Use a third party application to enable remote wipe functionality

 

§

!

 

UT Note: Addendum

This list provides specific tasks related to the computing environment at The University of Texas at Austin.

Please be aware that the exact process for activating security features will vary from device to device and between versions of the operating system.  The instructions here are provided for reference only and will not be applicable to all handsets.  It is recommended that users follow the instructions contained in the operating manual for their device where possible.

1

Not all devices will support or be upgradable to the most recent version.  Check with your carrier and handset manufacturer for available upgrades.

2

1. Press Menu.
2. Tap Settings.
3. Tap Location & security.
4. Choose PIN or Password as the mechanism to unlock the device.  Enter a PIN or password at least 4 characters in length when prompted. 

3

This section intentionally left blank.

4

Some of the third party applications mentioned for item 11 in the checklist can also provide this functionality.  The device should not exceed 20 invalid unlock attempts before erasing.

5

1. Press Menu.
2. Tap Settings.
3. Tap Wireless & networks.
4. Tap Wi-Fi settings.
5. Uncheck Network notification.

6

1. Press Menu.
2. Tap Settings.
3. Tap Wireless & networks.
4. Uncheck Bluetooth.

7

Trusted but unauthenticated Wi-Fi networks may be spoofed and then automatically joined. If a previously joined network has a common SSID, such as “default” or “linksys”, it is very probable that a device will encounter another Wi-Fi network with the same name and automatically join it.

8

The factory reset option provided in Android, does erase all data, but not securely - the data can be recovered by anyone with physical access to the device.  There is no native way to securely delete all user data.  Some third party applications available in the Android Marketplace can provide this functionality.

9

Some options for this include App Lock, App Protector Pro, and Protector.  These applications allow for a separate password to be required to launch specific applications.  This may be useful to secure applications that store sensitive data so they cannot be accessed even if the device is found unlocked.

10

Some options are Touchdown, Good for Enterprise, and Trust Digital.  There is a noticeable lack of non-enterprise level solutions for this.  Touchdown does not require an additional server component (unlike Good and Trust Digital), but will only encrypt data it synchronizes with the Exchange server. 

11

It is important that, if a device is lost, the data can be erased remotely.  Unfortunately, Android does not provide this functionality at this time, so a third party application is necessary.  Some options include Norton Mobile Security, Wave Secure, Lookout, Security Shield, and Theft Aware.  The exact feature set of each application varies; some do much more than provide remote wipe functionality.  At a minimum, users should look for the ability to lock the device remotely, wipe the device remotely, and wipe the device after too many failed unlock attempts when evaluating products for this requirement.

Copyright © 2001-2011 Information Technology Services. All rights reserved.

  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility