Security researcher Tom Eston has written a fabulous article on settings for a more secure iPhone or iPad. The article is called "Top 5 Security Settings for Apple iPhones and iPads" and appears on the site of his employer, SecureState.I found it useful enough to repost here. It's time for me to take a step back and let Tom do the talking...--Bill BrennerTop 5 Security Settings for Apple iPhones and iPadsNovember 9, 2011 11:22 by Tom EstonApple mobile devices are among the most popular gadgets today. In fact, Apple reports that 250 million iOS devices have been sold and 18 million apps downloaded. I often find that, while the popularity of these devices increases, many don\u2019t understand the basic security features that Apple makes available to them. Some of you may not even realize that these features exist and how easy they are to use. Let\u2019s walk through the top five security settings for these devices:#1 - The PasscodeThis is the most important security feature of your device. It\u2019s also one of the least configured settings. While it may be a pain to \u201cunlock\u201d your device when you want to use it, it\u2019s also your first line of defense if your device is ever lost or stolen. The key to the passcode is to ensure its complex and greater than 4 characters or digits. Never use simple passcodes like \u201c1234\u201d or your ATM PIN number. The two other settings that you need to set are to \u201cRequire Passcode Immediately\u201d and set \u201cSimple Passcode\u201d to OFF. You can find these settings under the "Settings" icon then "Passcode Lock".#2 \u2013 Erase DataThe erase data functionality adds another layer of security to your device. This function will erase all data after 10 failed passcode attempts. What this means is that if someone steals your device and tries to brute force your passcode, if they enter it incorrectly, the device is erased and returned to the factory default settings. Turn \u201cErase Data\u201d to ON in the Passcode Lock screen.#3 \u2013 Find My iPhone\/iPadIf you ever lose or misplace your iPhone or iPad, \u201cFind My iPhone\/iPad\u201d is a very important feature to enable. Simply download the application on your device or access it through iCloud (icloud.com). If your device is iOS 4 or below you will need to use the \u201cMobileMe\u201d (me.com) feature instead of iCloud. Either way, you will need to login with your Apple ID to set it up. You can then send the device a message or alert, locate the device on Google Maps, remotely set a passcode, and remotely erase the device. This feature is invaluable if your device is lost or stolen.#4 \u2013 Backup EncryptionOne of the more obscure settings that many users don\u2019t set is the \u201cEncrypt Backup\u201d setting, which is found in iTunes. This setting even applies to the new iCloud service in iOS 5. This setting ensures that the backup of your device is encrypted. It goes without saying, if you can access this backup, the data on your device can be accessed and harvested. For example, earlier this year there was a \u201cfeature\u201d in which Geolocation data could be easily harvested from the backup file. This has since been remediated, but just think how much information could be harvested about you through an unencrypted backup file.#5 \u2013 Keep iOS UpdatedMaking sure that you always have the latest version of Apple iOS on your device is important because Apple is always releasing security updates and implementing new security controls. Simply plug your device into iTunes and you will get prompted to update your phone to the latest version. As a side note, don\u2019t Jailbreak your device! Jailbreaking makes many of the built in security features useless and allows your device to be an easy target for data theft.Ensuring that you have enabled and configured these security settings on your Apple iOS device is more important than ever. Devices like these are lost or stolen all the time and without taking the proper precautions, your data could be vulnerable. Having conducted Apple iOS device penetration testing assessments at SecureState for our clients, I can tell you how easy it is to break into these devices. It\u2019s easy because the proper basic precautions were not taken. Take five minutes now and enable these settings; you\u2019ll be glad you did.