don’t worry about the iphone yet

There is talk about the iPhone’s implications to security. I think it is important that anyone discussing this make it clear where their perspective lies: from the eyes of an autonomous home consumer or the eyes of corporate IT. From the eyes of a home user, my condolences, but I really expect this device to be no different than any other, and likely exploitable. For the business perspective, this is no different from any other phone or USB key fob on the market.

  • 1. Limit/disable USB/Bluetooth ports on your laptops and desktops.
  • 2. Only officially support the use of approved devices, of which there should be few, and they should be manageable from something like a BES server.
  • 3. Make sure you know what MACs are on your network, and if an iPhone is able to get onto your Ethernet network, be sure you have alarms and possibly port security on your network.
  • 4. (Optionally) Disallow, by policy, the use of home phone devices to transmit corporate email to and from. You might not be able to effectively audit this, but you better let people know they shouldn’t be doing it in the event you find out they are.

If you don’t already do the above corporate security measures, you have no business worrying about the iPhone. If you already do the above corporate business measures, you have no business worrying about the iPhone beyond deciding how long to wait before allowing it as an approved device for syncing and official use (or when to put the final “PERMA-DENIED” stamp down.