iPhone 2.0 Software Adds 802.1X for Enterprises
Apple adds secure enterprise logins for iPhone: The iPhone 2.0 software, available through a download link for existing 2G iPhones today, adds promised support for the 802.1X port-based authentication required in any company that’s even remotely serious about its network security. 802.1X isolates connecting to an access point from gaining access to the network to which the access point is connected. A special client, known as a supplicant, must provide the right credentials for a device to be approved for access. Cryptography binds the process. (Instructions for manually installing the software are over at Wired. The update will likely be pushed out via iTunes to current owners tomorrow, and is included on the iPhone 3G, which goes on sale starting today over the international dateline and tomorrow in the U.S., Europe, and elsewhere.)
apple splits its 802.1x fund into two pieces. there’s vital foundation built into the iphone 2.0 software, found in the settings application’s wi-fi section. click other. click the none tag next to security, and the wpa enterprise and wpa2enterprise options take the role. hand-picked either, and the sheer login screen lets you enter the network’s popularity (ssid), a user specify, and a password. this basic method is limited to wpa project and wpa2 guts, the two most common (and most secure) forms of 802.1x.
Most enterprises will want much more control over this process, and Apple provides the iPhone Configuration Utility, currently available in its most complete form only as a Mac OS X application, and in more limited forms as Web 2.0 applications for Windows and Mac OS X.
The utility serves two purposes: creating configuration profiles, including for multiple Wi-Fi networks and VPN connections; and allowing iPhones in an enterprise to run internally developed iPhone software. The Wi-Fi profiles allow you to create WEP or WPA/WPA2 802.1X configurations, and include support for choosing allowed EAP messaging types, configuring authentication elements associated with a given EAP type, and adding server certificates and names for better authentication control.
Once created, these profiles can be distributed throughout a company via email or as a direct download to the iPhone via an intranet Web server. Apple chose not to encrypt them, which means that certain information that’s not secured–such as the shared secret for certain VPN connections–could be disclosed to someone who had access to the profile or could download it off the local network.
Related posts: Ruben studdard getting married, Kirsten davies, Hope allen, Tricia walsh, Mennonite
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment