iPad Hardening Procedure

The objective of this hardening procedure is to restrict the iPad to a single use device.  Please note that completing the steps outlined in this document will minimize the functionality of your iPad.

Enable passcode lock

Setting a passcode/password on your device enables data encryption.  Encrypting your device will prevent someone from accessing the data on your device in the event it is lost or stolen.  UNC-Chapel Hill policy requires (see Password Policy for General Users) that you use a strong passcode (minimum of 8 characters, with a mixture of numbers, symbols, upper and lower case letters) to secure your device that works with sensitive, University-owned information. To create a strong password you will first need to turn off Simple Passcode.

To turn off Simple Passcode:

  1. Tap Setting.
  2. Tap General.
  3. Tap Passcode Lock.
    Note: If simple passcode is already enabled, enter the current four digit number passcode when prompted – tap Turn Passcode Off – enter the current passcode again.
  4. Move slider for Simple Passcode to the left / OFF position (gray indicates off).1-iPadHardProc-Settings

Continue to enable Passcode Lock:

  1. Tap Turn Passcode On.
  2. Enter a new passcode.
  3. Tap Next.
  4. Re-enter passcode.
  5. Tap Done.

Note: You will be prompted to enter this passcode each time you turn on your device, unlock your screen and change your Passcode Lock settings.

 

Set a Maximum Number of Passcode Attempts

Setting a maximum number of passcode attempts will erase all the data on your device after 10 failed passcode attempts. Enabling this feature will reduce the chance of unauthorized access to your data in the event your device is lost or stolen.  Please be aware that while this feature can be used to protect your data it can also cause you to lose all the data on your device if you forget your passcode.

To turn Erase Data on:

1. Tap Setting.
2. Tap General.
3. Tap Passcode Lock.
4. Enter passcode.
5. Tap Done.
6. Move slider for Erase Data to the right / ON position (green indicates on).

 

2-iPadHardProc

 

Turn off Ask to Join Networks

By default, iOS devices will prompt you to join an unknown network, if any are detected, when no networks that have previously been connected to are available. Turn this feature off to reduce the risk of unintentionally joining an untrusted network.

To turn Ask to Join Networks off:

  1. Tap Settings.
  2. Tap Wi-Fi.
  3. Move slider for Ask to Join Networks to the left / OFF position (gray indicates off).

3-iPadHardProc

 

Turn off Bluetooth when not in use

Bluetooth should be enabled only when it is actively being used.  Disabling Bluetooth reduces the chances of a hacker attacking your device remotely.

To turn Bluetooth off:

  1. Tap Settings.
  2. Tap Bluetooth.
  3. Move slider for Bluetooth to the left / OFF position (gray indicates off).

4-iPadHardProc-bluetooth

 

 

Turn off Cellular Data

Turn off Cellular Data to restrict all data to WiFi, including email, web browsing, and push notifications.

To turn Cellular Data off:

  1. Tap Settings.
  2. Tap Cellular Data.
  3. Move slider for Cellular Data to the left / OFF position (gray indicates off).

 5-iPadHardProc-CellData

 

Disable Control Center from the Lock Screen

The Control Center gives you access to commonly used settings and applications.  This feature may be accessible through the lock screen.  Disable this feature through the lock screen to prevent an unauthorized user from potentially adjusting your device’s settings.

To turn Control Center off from the Lock Screen:

  1. Tap Settings.
  2. Tap Control Center.
  3. Move slider for Access on Lock Screen to the left / OFF position (gray indicates off).

6-iPadHardProc

 

 

Disable Siri from the Lock Screen

By default, Siri is enabled in iOS 7.  Siri may be accessible through the lock screen.  One could easily activate Siri by asking questions or issuing commands which can allow an unauthorized user to gain access to your device.  If you are running an older version of iOS then Siri must be turned on before you can disable it through the lock screen.

Note: Siri is not enabled by default in iOS 6.x and older versions.  Siri is only available on iPad 3 and later models.

To turn Siri on:

  1. Tap Settings.
  2. Tap General.
  3. Tap Siri.
  4. Move slider for Siri to the right / ON position (green indicates on).

7-iPadHardProc

To turn Siri off from the lock screen:

  1. Tap Settings.
  2. Tap General.
  3. Tap Passcode Lock.
  4. Enter Passcode.
  5. Move slider for Siri to the left / OFF position (gray indicates off)

8-iPadHardProc

 

 

Turn on Auto-Lock

This feature enables you to set the amount of time that elapses before your device automatically locks.

To turn Auto-Lock on:

  1. Tap Settings.
  2. Tap General.
  3. Tap Auto-Lock.
  4. Tap 2 Minutes (or 5 Minutes).

9-iPadHardProc

 

Disable grace period for screen lock

The grace period allows the device to be unlocked after auto-locking without entering a passcode.  Setting a value of “Immediately” will require the passcode to be entered regardless of when the device was last locked.

To disable the grace period for screen lock:

  1. Tap Settings.
  2. Tap General.
  3. Tap Passcode Lock.
  4. Enter Passcode.
  5. Tap Done.
  6. Tap Require Passcode.
  7. Tap Immediately.

 

10-iPadHardProc

 

Turn iPad Cover Lock/Unlock On

This feature allows you to automatically lock and unlock your iPad when you close and open the iPad cover.  You must turn on your Passcode Lock to enable this feature.  By default, the iPad Cover Lock/Unlock is set to ON.

To turn iPad Cover Lock on:

  1. Tap Settings.
  2. Tap General.
  3. Move slider for Lock / Unlock to the right / ON position (green indicates on)

11-iPadHardProc

 

Disable AutoFill for sensitive information

AutoFill will automatically fill out web forms using your contact information, previous names and passwords, or credit card information. Disable this feature to prevent the storing of sensitive information locally on the device.

To disable AutoFill:

  1. Tap Settings.
  2. Tap Safari.
  3. Tap Passwords & AutoFill.
  4. Move slider for Use Contact Info to the left / OFF position (gray indicates off).
  5. Move slider for Names and Passwords to the left / OFF position (gray indicates off).
  6. Move slider for Credit Cards to the left / OFF position (gray indicates off).

12-iPadHardProc

 

Turn on Find My iPad

The Find My iPad feature allows you to locate, lock, or erase the data on your device remotely.  It also prevents your device from being reactivated without your passcode and prevents the data on your device from being erased.  Location Services must be turned on to use this feature.

To turn Location Services on (if applicable):

  1. Tap Settings.
  2. Tap Privacy.
  3. Tap Location Services.
  4. Move Location Services slider to the right / ON position (green indicates on).

To enable Find My iPad:

  1. Tap Settings.
  2. Tap iCloud.
  3. Enter your Apple ID and Password (Don’t have an Apple ID?  Tap Get a Free Apple ID to create one).

13-iPadHardProc

4. Tap OK for the following prompt – Allow iCloud to Use the Location of Your iPad?

5. Find My iPad is turned ON (green indicates on).

14-iPadHardProc

 

Turn off AirDrop

This feature will allow you to send photos, files, and documents to other AirDrop users wirelessly using WiFi and Bluetooth.

Note: AirDrop is available in iOS7 and later versions.

  1. Tap Settings.
  2. Tap General.
  3. Tap Restrictions.
  4. Move AirDrop slider to the left / OFF position (gray indicates off).

15-iPadHardProc

 

Enable Private Browsing in Safari

Private Browsing is a browsing mode that can be enabled in Safari that will prevent the browser from tracking your browsing history, performed searches, or use any AutoFill information. This is useful for protecting privacy and preventing some websites from tracking your behavior.

Note: This mode only persists for the selected session.

To enable Private Browsing for a Safari session:

1. Tap Safari application to open

2. Tap Private (bottom-left corner).

16-iPadHardProc

 

 

When Private Browsing is enabled, Safari appears dark gray in the address bar area and the word Private in the bottom-left corner of your screen will be highlighted (in gray).

 

Block cookies from third parties

Cookies are messages that are passed to your web browser from Internet websites. Cookies are often used to record your browsing activity to gather information for the purpose of tracking your online behavior.

To block third party cookies:

  1. Tap Settings.
  2. Tap Safari.
  3. Tap Block Cookies.
  4. Tap From third parties and advertisers.

17-iPadHardProc

 

Disable JavaScript in Safari

JavaScript should only be available when browsing trusted websites. JavaScript can potentially introduce multiple vulnerabilities and disabling it is used as a method to protect the browser from malicious web sites.

To disable JavaScript:

  1. Tap Settings.
  2. Tap Safari.
  3. Tap Advanced.
  4. Move JavaScript slider to the left / OFF position (gray indicates off).

18-iPadHardProc

Block Pop-ups in Safari

This feature will allow you to prevent webpages from displaying pop-up windows or loading unnecessary content in your web browser.

To disable Pop-ups:

  1. Tap Settings.
  2. Tap Safari.
  3. Move Block Pop-ups slider to the right / ON position (green indicates on).

19-iPadHardProc

 

Never Connect Device to Unknown/Untrusted Devices

The device should never be physically connected to any unknown/untrusted devices including, but not limited to, computers, adapters and chargers.  A hacker can use an unknown/untrusted device to insert malware onto the device once connected.

Protect your privacy

Prevent spam, and lessen the amount of data you are consuming by turning off remote images.

To Turn Off Remote Images:

  1. Tap Settings
  2. Tap Mail, Contacts Calendars
  3. Turn off Load Remote Images

iPadHardening-Privacy-RemoteImages

 

Need additional assistance?

Click here for iPad User Manuals.

Click here for iOS Security Guide.