WingNews logo WingNews
top | item 18115993

(no title)

zalmoxes | 7 years ago

Hi, I'm the author(along with several other developers). MicroMDM is used in some enterprise environments and was recently mentioned in a number of security presentations regarding Apple's MDM and Device Enrollment Program services.

https://duo.com/labs/research/mdm-me-maybe https://i.blackhat.com/us-18/Thu-August-9/us-18-Endahl-A-Dee...

discuss

order

walterbell|7 years ago

Do you know if a small business can use DEP features?

Could per-app VPNs be used without DEP? If so, could they be used with MicroMDM, native iOS IPSEC client and an open-source VPN server, or is a 3rd-party VPN client like Cisco required for per-app VPN?

zalmoxes|7 years ago

Anyone can use DEP, just need a DUNS number to enroll into the program, and then to purchase devices from apple direct, or from an approved reseller. Unfortunately you cannot retroactively add devices that were already purchased.

DEP is not required for the VPN profile configs, that can be applied with just MDM (or even manually). The VPN payloads are documented here https://developer.apple.com/enterprise/documentation/Configu...

jesseendahl|7 years ago

I’m one of the security researchers that zalmoxes linked above (the Black Hat talk) =)

Duo very nicely gave multiple shout outs in their post. Including to zalmoxes (above), as well as my co-presenter and I. Sadly the traditional vendors in the space don’t have a track record of caring about security engineering. I’m glad that Duo’s latest research emphasizes the importance of authenticating the device enrollment process in particular. We touched on this in our whitepaper^, but it wasn’t a primary focus of our research and we didn’t tie it back to the shortcomings of DEP’s lack of verification around device identity. Extremely happy to see more focus on this stuff.

^See the vendor security checklist section of our whitepaper. Specifically, the bit about using an HMAC within the SCEP payload.

Full transparency: I’m cofounder/CSO of a security focused product in the MDM space (fleetsmith.com).