information security: mobile configuration

III-5b Case Mobile Device Configuration Standards

Overview

Version 1.0
Last Revision Date: May 20, 2011
Approval Date: August 26, 2010
Approval Authority: Case Chief Information Security Officer

Purpose

The purpose of this procedure is to establish standard procedures to secure mobile devices to prevent data loss should they be lost or stolen.

Scope

This procedure applies to all schools, departments, employees (student employees included), and faculty members of Case Western Reserve University, where mobile computing devices are used to store, processe, or access university information. If the university provides these devices to the employee or department, the configuration standards are mandatory.

Equipment such as laptops, tablet PCs, mini-notebooks, etc., are considered a separate class of computing equipment and are not in the scope of this procedure (however, the Tier I Controls are applicable for such equipment).

Cancellation

Not applicable.

Procedure Statement

General

Mobile devices are approved for processing of Public Information and Internal Use Information.

Users are prohibited from storage and processing of Restricted Information in mobile devices unless approved Tier III controls are available for that device.  The goal of this procedure is to provide methods to protect the data in a mobile device to the standard of Public Information Tier I Controls.

Procedure

1.  Apply Automatic Screen Lock

A screen lock should be applied to all devices with a password of minimum length 4. The lock screen timeout should be set to 5 minutes or lower in order to insure the device would be locked should an unauthorized user try to access it.

Screen Lock - WinCE Devices
  1. Press the Start button
  2. Goto Settings
  3. Goto Lock
  4. Check the box that says "Prompt if phone unused for"
  5. In the drop-down menu select the lock screen timeout length (must be 5 minutes or less)
  6. Select the password type you would like to use
  7. Type your password of at least 4 characters
  8. Select Ok to finish
Screen Lock - iPhone/iPod (Touch)

These settings will be implemented using the iPhone configuration file. WiFi, VPN, and the lock timeouts will all be set in the process. It is important remove any previous CWRU VPN connection, WiFi, and lock codes prior to installing the configuration on the device.

  1. Remove any lock codes, CWRU VPN connection, and WiFi connection
  2. Download the latest configuration file for the iPhone, iPad, and iPod below(Case UserID and password required)
  3. Select Install now
  4. Enter VPN username: "abc123" (Note: the installation hangs if you don't provide this input)
  5. Do not enter VPN password, leave this blank.
  6. Enter a passphrase for your device, at least 5 characters or numbers long.
  7. Installation Complete.
Screen Lock - Android Devices
  1. Goto Settings
  2. Select Location & security settings
  3. Select Set unlock pattern
    1. There will be an information screen that explains the unlock patterns, press Next
    2. This screen shows an example pattern, press Next
    3. Draw your unlock pattern, press Next
    4. Draw the same pattern again, press Confirm
  4. Press the Back button
  5. Select Sound & display
  6. Select Screen timeout
  7. Choose a time that is 5 minutes or less
Screen Lock - BlackBerry Devices

To set the lock screen password:
  1. On the Home screen, click the Options icon
  2. Click Security Options
  3. Click General Settings
  4. Change the Password field to Enabled
  5. Display the menu and click Save
  6. Type your new password, click Enter
  7. Verify your new password by typing it again, click Enter
To set the lock screen timeout:
  1. On the Home screen, click the Options icon
  2. Click Security Options
  3. Click General Settings
  4. Set the Security Timeout field to 5 minutes or less
  5. Display the menu and click Save
2.  Apply Logon Banner

Apply a logon banner to the device according to the Case Logon Banner Standard. If the device allows for a text logon banner then you may use the text. An image my also be used to display the logon banner information; if there is an image for the device it will be linked to below.

Logon Banner - WinCE Devices


Logon Banner - iPhone/iPod and iPad

One of the following logon banners should be used as the background on the iPhone/iPod/iPad. The user may need to save the image to your device and then apply the background as your normally would another image.

iPhone Thumbnail 1 iPhone Thumbnail 2 iPhone Thumbnail 3
iPhone Thumbnail 4 iPhone Thumbnail 5 iPhone Thumbnail 6

Logon Banner - Android Devices

Apply one of the following images as the background on your device. The table below is for Android devices with the standard Android interface. The user may need to save the image to your device and then apply the background as your normally would another image. Note these banner images also work well for the iPad.

Samsung Moment Thumbnail 1 Samsung Moment Thumbnail 2 Samsung Moment Thumbnail 3
Samsung Moment Thumbnail 4 Samsung Moment Thumbnail 5 Samsung Moment Thumbnail 6

The following images below are for use with Android devices that use HTC's Sense interface.

HTC Hero Thumbnail 1 HTC Hero Thumbnail 2 HTC Hero Thumbnail 3
HTC Hero Thumbnail 4 HTC Hero Thumbnail 5 HTC Hero Thumbnail 6

Logon Banner - BlackBerry Devices
  1. On the Home screen, click the Options icon
  2. Click Owner
  3. Type the Logon Banner text, found in the Case Logon Banner Standard, in this field.
  4. Press the Menu key
  5. Click Save
3.  Physical Labeling

If applying a text or image logon banner is not possible then a physical label may be placed on the device. The physical label should read "Property of Case Western Reserve University, if found call (216) 368-3333."  Additional information, such as an "in case of emergency" number should also be affixed to an external label on the device.


Definitions

Logon Banner text: The logon banner text can be found here as stated under III-7 University Logon Banner.

Mobile computing devices: Refers to small, mobile computing platforms, including smart phones, the Apple iPhone, iPod Touch, iPad, Blackberry, Android.  Laptop computers are not considered mobile computing devices for the purpose of this group of standards.

University information:  Most commonly files, data, documents, messages, and information pertinent to university operations governed under the Acceptable Use Policy.  Email system access from a mobile device is an example of university information access through a mobile computing device.

Responsibility

The Office of University Counsel is responsible for the communication of a 'preservation notice' to principal personnel.

Departmental IT administrators and staff are responsible for the implementation and adherence to data preservation procedures. 

Standards Review Cycle

This standard will be reviewed annually on the anniversary of the policy effective date, at a minimum. The standard may be reviewed on a more frequent basis depending on changes of risk exposure.

Frequently Asked Questions

I have a personal device, but the logon banner says "Property of Case Western Reserve University."  Does using the banner imply the university owns my device?
The login banner for personal devices is a notice of ownership of university data which may be in the device, not the device.  The banner will identify the university as a point of contact for return of lost devices, which represent the risk to the data for disclosure.

What is the risk?
The primary risk addressed by these standards is the loss or theft of a device which leads to casual disclosure of university information.  Because these smart devices have network services, and cached passwords, email and files may be easily disclosed when a device is lost or stolen.

© 2013 Case Western Reserve University
Cleveland, OH 44106
216.368.2000
 
Information Technology Services
(legal notice)
 
Contact website owner
 
Contact our service desk
CWRU ITS Social Networks
Translate this page

Share |