Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

BYOD and wireless security

Posted on 2013-10-30
7
Medium Priority
?
354 Views
Last Modified: 2013-10-31
What things are most important to consider for implementing WiFi for BYOD?  For BYOD WiFi should you require two factor auth to get onto the corporate LAN?  The idea is to make it easy for employees to use their own devices while not infecting the network or getting hacked.
0
Comment
Question by:amigan_99
7 Comments
 
LVL 17

Assisted Solution

by:pergr
pergr earned 664 total points
ID: 39614795
It is not only about authentication. You should also consider some sort of end-point-management, meaning checking that for example anti virus is up to date before allowing access to all resources.
0
 
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 668 total points
ID: 39614909
Using certificate, radius, or smart key and login authentication in addition to, as pergr said, end point antivirus and spyware management, should cover your BYOD device usage.
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 668 total points
ID: 39614929
A good NAC/NAP solution is something to look at, as well as a secure authentication platform.

Here's Cisco's take on BYOD.  It's a little dated (around a year old) but it's still very relevant...

https://supportforums.cisco.com/community/netpro/security/aaa/blog/2012/11/16/byod-presentations-at-cisco-live-cancun-2012
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39614981
Excellent - thanks much.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39615282
I'm late to the party
I’ll make this brief: BYOD is ok for non-critical or insensitive data. But you cannot expect MDM, NAC or DLP to let you have it both ways. We will not be able to stop dev’s or IT admins from getting BYOD if everyone else is too. Complexity is the enemy of security, BYOD adds untold complexity.
http://www.darkreading.com/sophoslabs-insights/forget-standardization-embrace-byod/240158442
The article above actually has this all wrong, and I can summarize it by using a single line from said article:
Employees can use any device to access corporate data or systems as long as the device is compliant with the security policy.
Sounds good on paper, fails in practice. Let’s say we do magically allow only authorized, encrypted, patched and anti-virus compliant devices to access the network. Cool, so no thief can see the data on the device should be it stolen, no one infects the device should the user launch a virus program, nice… What about if that user uses iCloud, and backs up Company data to apple, and apple get’s compromised, or an attacker does get past iCloud security: http://blog.crackpassword.com/2013/05/apple-two-factor-authentication-and-the-icloud/
MDM has no solution for another acronym, DLP. BYOD increases the surface area of Data Loss Prevention to the Nth degree.  Do not underestimate my kids, or any ones kids ability to do the wrong thing with the wrong data at anytime. I don’t let my kids have my work phone, but we do let them have our normal cell phones, when those lines are blurred by BYOD, who knows what can happen. Also note that there are precisely 1001 file sharing app’s out there, depending on the platform, some can be homegrown, written by the user. Some can be malicious and sold as legitimate:
http://www.symantec.com/connect/blogs/android-threat-tackles-piracy-using-austere-justice-measures
When you’re dealing with security, KISS, keep it simple stupid, and BYOD is not simple, and not simple is the enemy of security.
I cannot say this any better than it’s been said here: http://www.schneier.com/essay-323.html 
Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they're going to have loosened control over the tools they allow in order to get it.
I cannot agree that we sacrifice security for convenience. I can’t see a point in BYOD, if we are somehow not providing enough desktops or laptops for everyone. BYOD is an excuse to be lazy, please give me one good example of BYOD is better than a PC or Laptop. You can’t control what the user is willingly doing or what they are wittingly doing. It’s easy for users to make mistakes with data.
I am with Marcus (link below), but Bruce starts out on Marcus’s side too, then switches at the end to embrace it, when everything he himself says that it’s a bad idea… go figure. Both think it’s a bad idea, one just accepts the fate that it’s going to happen anyway. We don’t have to accept that fate.

http://searchsecurity.techtarget.com/magazineContent/Should-enterprises-give-in-to-IT-consumerization-at-the-expense-of-security
Bottom line, don't let BYOD's touch you're sensitive data, and doing that is next to impossible if someone is motivated.
-rich
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39615290
Truth be told... I don't agree with BYOD either.  It's just a way to help cut costs for hardware (as a false economy in my eyes).

People who make the decisions hear the buzz-words and attend the seminars but don't really understand the challenges or consequences.

But hey... {nod and smile}
0
 
LVL 65

Expert Comment

by:btan
ID: 39615660
Look out for the AUS DSD and US DoD (NIST sp800-124 and SP800-153 can be useful) -use of Mobile smartphone device and wireless. MDM, MAM and MRM coming to into picture...Importantly, the security responsibilities lies not only at Organisation but end user play a bigger role to deter inadvertent "bridge" to perpetrator ... of course they have many other means of coming in.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question