Educause Security Discussion mailing list archives
Re: iPad and access to university ERP
From: Richard Hopkins <richard.hopkins () BRISTOL AC UK>
Date: Thu, 22 Jul 2010 14:23:29 +0100
We recommend Wyse PocketCloud for the iPad (and iPhone) for RDP access. It's not free (currently approx 7GBP (10USD), but does give you "Enterprise grade security: 128-bit encryption and FIPS support"
<http://www.wyse.com/products/software/pocketcloud/ipad/index.asp> Richard--On Wednesday, July 21, 2010 7:22 PM -0400 "Ullman, Catherine" <cende () BUFFALO EDU> wrote:
The 40-bit reference appears to be to the software itself, which is an add-on app that can be downloaded and installed from a third party. Note the line that says "40-bit encryption" is a limitation: http://www.mochasoft.dk/iphone_rdp_help/help.htm So yes, I'd say there is a distinct concern. -Cathy Catherine J. Ullman Information Security Analyst Information Security Office University at Buffalo cende () buffalo edu ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, Brian [bbasgen () PIMA EDU] Sent: Wednesday, July 21, 2010 7:13 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] iPad and access to university ERP Apple has an overview of security on the iPad here: http://images.apple.com/ipad/business/pdf/iPad_Security_Overview.pdf This is an interesting read: I didn't know, for example, that the iPad appears to have quasi FDE functionality: "256-bit AES encoding hardware-based encryption to protect all data on the device. Encryption is always enabled and cannot be disabled by users." The lowest algorithm I can see in the document is 3DES, which is typically implemented at either 112 or 168 bit strength. I don't see anything about 40-bit, but to the previous poster, that would be a concern since 40-bit is well within the realm of brute force. By the looks of the Apple publication, however, the iPad appears to have some pretty good security controls. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Office Pima Community College Office: 520-206-4873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL Sent: Wednesday, July 21, 2010 3:45 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] iPad and access to university ERP But...given that the session *is* encrypted - and not persistent - wouldn't *any* kind of encryption be serviceable for something like this? (I'm thinking that is someone *really* wanted the data, they aren't going to try and tunnel through a relatively random wireless connection....?) Just a thought... M From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Schaffer Sent: Wednesday, July 21, 2010 10:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] iPad and access to university ERP I believe the encryption is only 40 bit. Greg Greg Schaffer, CISSP Assistant Vice President Network and Information Technology Security Middle Tennessee State University 615 898-5753 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Theresa Rowe Sent: Wednesday, July 21, 2010 11:19 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] iPad and access to university ERP I just received this email from a department manager: "First thing I did was installed an app called Remote Desktop Lite (free). I used that to remote into my Windows machine on my desk and it worked beautifully. I pulled up Banner and found it to be really easy to work with on the iPad. What I liked the most was I didn't have to tab into the entry fields. I could touch them and the cursor would move. If I only had that on my desktop!" Wonderful.... So I'm thinking what is open on the desktop and what is the security of the transmission. We force VPN use from off-campus. I thought we had the remote desktop thing handled in terms of accessing our ERP. Am I unreasonably concerned? -- Theresa Rowe Chief Information Officer Oakland University **Think Green - Think before you print.** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- Re: iPad and access to university ERP, (continued)
- Re: iPad and access to university ERP Ullman, Catherine (Jul 21)
- Re: iPad and access to university ERP Dave Koontz (Jul 21)
- Re: iPad and access to university ERP Matthew Gracie (Jul 21)
- Re: iPad and access to university ERP Basgen, Brian (Jul 21)
- Re: iPad and access to university ERP Russell Fulton (Jul 23)
- Re: iPad and access to university ERP James Peluso (Jul 24)
- Re: iPad and access to university ERP Brad Judy (Jul 22)
- Re: iPad and access to university ERP Brad Judy (Jul 22)
- Re: iPad and access to university ERP John Hoffoss (Jul 22)
- Re: iPad and access to university ERP Bret Ingerman (Jul 23)
- Re: iPad and access to university ERP Richard Hopkins (Jul 22)
- Re: iPad and access to university ERP Roger Safian (Jul 22)
- Re: iPad and access to university ERP Richard Hopkins (Jul 22)
- Re: iPad and access to university ERP Valdis Kletnieks (Jul 21)
- Re: iPad and access to university ERP SCHALIP, MICHAEL (Jul 22)
- Re: iPad and access to university ERP Joel Rosenblatt (Jul 22)
- Re: iPad and access to university ERP Valdis Kletnieks (Jul 24)