The iPhone 2.0 software update released earlier this month offers some dramatic improvements from earlier versions in security management for corporate users. But even these welcome changes aren't enough to make the iPhone seamlessly secure.

A year ago, I criticized a number of design and interface decisions Apple made with the original iPhone that increased the difficulty in creating secure network connections, and keeping your data free from prying eyes when using unsecured networks, like free and commercial Wi-Fi hotspots. The 2.0 software has a number of gaps, but it's increased the ease with which you can take steps to secure your data. However, Apple still needs to open its arms to network security clients, to meet what enterprises (and many individuals) demand from a secure mobile device.

This isn't to say that other devices exceed where Apple is at; rather, Apple is uniquely positioned to provide desktop operating system levels of security in the iPhone.

Reviewing the original vulnerabilities

Much of the iPhone's original set of security problems stem from the device's willingness to let you connect to any open access point that you pass by. That's still a problem. As of this writing, AT&T hasn't yet opened up its Wi-Fi network to iPhone users--although the service provider has let it slip that free access is apparently coming, with the latest false start occurring on Friday. But when AT&T opens its U.S. network to iPhone users, there's still no security beyond means you take into your own hands.

AT&T doesn't include corporate-grade secure connections at its hotspots as an option. In contrast, competitor T-Mobile has offered that option for four years. The iPhone now supports this kind of connection, and it could be a trivial way to render your network activities impenetrable to other hotspot users. (The option is 802.1X, explained below, and found nearly universally in enterprise networks in medium-to-large corporations.)

You must still maintain vigilance in connecting to Wi-Fi networks that you don't know about. That's why I continue to recommend, that iPhone users (and all laptops users) connect with a virtual private network (VPN). A VPN creates an encrypted connection between a device, like an iPhone and a remote VPN server. Any snooper who intercepts this data on a hotspot network sees just scrambled nonsense that, with current technology, can't be turned back into sense by anyone except by the parties on both ends. (802.1X encrypts the connection between a computer or mobile device and the Wi-Fi gateway; a VPN encrypts the connection through the gateway all the way to a network endpoint somewhere far away.)

For more Mac news, visit Macworld. Story copyright Mac Publishing, LLC.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports