Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 355
  • Last Modified:

BYOD and wireless security

What things are most important to consider for implementing WiFi for BYOD?  For BYOD WiFi should you require two factor auth to get onto the corporate LAN?  The idea is to make it easy for employees to use their own devices while not infecting the network or getting hacked.
0
amigan_99
Asked:
amigan_99
3 Solutions
 
pergrCommented:
It is not only about authentication. You should also consider some sort of end-point-management, meaning checking that for example anti virus is up to date before allowing access to all resources.
0
 
Rick HobbsRETIREDCommented:
Using certificate, radius, or smart key and login authentication in addition to, as pergr said, end point antivirus and spyware management, should cover your BYOD device usage.
0
 
Craig BeckCommented:
A good NAC/NAP solution is something to look at, as well as a secure authentication platform.

Here's Cisco's take on BYOD.  It's a little dated (around a year old) but it's still very relevant...

https://supportforums.cisco.com/community/netpro/security/aaa/blog/2012/11/16/byod-presentations-at-cisco-live-cancun-2012
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
amigan_99Network EngineerAuthor Commented:
Excellent - thanks much.
0
 
Rich RumbleSecurity SamuraiCommented:
I'm late to the party
I’ll make this brief: BYOD is ok for non-critical or insensitive data. But you cannot expect MDM, NAC or DLP to let you have it both ways. We will not be able to stop dev’s or IT admins from getting BYOD if everyone else is too. Complexity is the enemy of security, BYOD adds untold complexity.
http://www.darkreading.com/sophoslabs-insights/forget-standardization-embrace-byod/240158442
The article above actually has this all wrong, and I can summarize it by using a single line from said article:
Employees can use any device to access corporate data or systems as long as the device is compliant with the security policy.
Sounds good on paper, fails in practice. Let’s say we do magically allow only authorized, encrypted, patched and anti-virus compliant devices to access the network. Cool, so no thief can see the data on the device should be it stolen, no one infects the device should the user launch a virus program, nice… What about if that user uses iCloud, and backs up Company data to apple, and apple get’s compromised, or an attacker does get past iCloud security: http://blog.crackpassword.com/2013/05/apple-two-factor-authentication-and-the-icloud/
MDM has no solution for another acronym, DLP. BYOD increases the surface area of Data Loss Prevention to the Nth degree.  Do not underestimate my kids, or any ones kids ability to do the wrong thing with the wrong data at anytime. I don’t let my kids have my work phone, but we do let them have our normal cell phones, when those lines are blurred by BYOD, who knows what can happen. Also note that there are precisely 1001 file sharing app’s out there, depending on the platform, some can be homegrown, written by the user. Some can be malicious and sold as legitimate:
http://www.symantec.com/connect/blogs/android-threat-tackles-piracy-using-austere-justice-measures
When you’re dealing with security, KISS, keep it simple stupid, and BYOD is not simple, and not simple is the enemy of security.
I cannot say this any better than it’s been said here: http://www.schneier.com/essay-323.html 
Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they're going to have loosened control over the tools they allow in order to get it.
I cannot agree that we sacrifice security for convenience. I can’t see a point in BYOD, if we are somehow not providing enough desktops or laptops for everyone. BYOD is an excuse to be lazy, please give me one good example of BYOD is better than a PC or Laptop. You can’t control what the user is willingly doing or what they are wittingly doing. It’s easy for users to make mistakes with data.
I am with Marcus (link below), but Bruce starts out on Marcus’s side too, then switches at the end to embrace it, when everything he himself says that it’s a bad idea… go figure. Both think it’s a bad idea, one just accepts the fate that it’s going to happen anyway. We don’t have to accept that fate.

http://searchsecurity.techtarget.com/magazineContent/Should-enterprises-give-in-to-IT-consumerization-at-the-expense-of-security
Bottom line, don't let BYOD's touch you're sensitive data, and doing that is next to impossible if someone is motivated.
-rich
0
 
Craig BeckCommented:
Truth be told... I don't agree with BYOD either.  It's just a way to help cut costs for hardware (as a false economy in my eyes).

People who make the decisions hear the buzz-words and attend the seminars but don't really understand the challenges or consequences.

But hey... {nod and smile}
0
 
btanExec ConsultantCommented:
Look out for the AUS DSD and US DoD (NIST sp800-124 and SP800-153 can be useful) -use of Mobile smartphone device and wireless. MDM, MAM and MRM coming to into picture...Importantly, the security responsibilities lies not only at Organisation but end user play a bigger role to deter inadvertent "bridge" to perpetrator ... of course they have many other means of coming in.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now