Solved

BYOD and wireless security

Posted on 2013-10-30
7
338 Views
Last Modified: 2013-10-31
What things are most important to consider for implementing WiFi for BYOD?  For BYOD WiFi should you require two factor auth to get onto the corporate LAN?  The idea is to make it easy for employees to use their own devices while not infecting the network or getting hacked.
0
Comment
Question by:amigan_99
7 Comments
 
LVL 17

Assisted Solution

by:pergr
pergr earned 166 total points
ID: 39614795
It is not only about authentication. You should also consider some sort of end-point-management, meaning checking that for example anti virus is up to date before allowing access to all resources.
0
 
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 167 total points
ID: 39614909
Using certificate, radius, or smart key and login authentication in addition to, as pergr said, end point antivirus and spyware management, should cover your BYOD device usage.
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 167 total points
ID: 39614929
A good NAC/NAP solution is something to look at, as well as a secure authentication platform.

Here's Cisco's take on BYOD.  It's a little dated (around a year old) but it's still very relevant...

https://supportforums.cisco.com/community/netpro/security/aaa/blog/2012/11/16/byod-presentations-at-cisco-live-cancun-2012
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39614981
Excellent - thanks much.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39615282
I'm late to the party
I’ll make this brief: BYOD is ok for non-critical or insensitive data. But you cannot expect MDM, NAC or DLP to let you have it both ways. We will not be able to stop dev’s or IT admins from getting BYOD if everyone else is too. Complexity is the enemy of security, BYOD adds untold complexity.
http://www.darkreading.com/sophoslabs-insights/forget-standardization-embrace-byod/240158442
The article above actually has this all wrong, and I can summarize it by using a single line from said article:
Employees can use any device to access corporate data or systems as long as the device is compliant with the security policy.
Sounds good on paper, fails in practice. Let’s say we do magically allow only authorized, encrypted, patched and anti-virus compliant devices to access the network. Cool, so no thief can see the data on the device should be it stolen, no one infects the device should the user launch a virus program, nice… What about if that user uses iCloud, and backs up Company data to apple, and apple get’s compromised, or an attacker does get past iCloud security: http://blog.crackpassword.com/2013/05/apple-two-factor-authentication-and-the-icloud/
MDM has no solution for another acronym, DLP. BYOD increases the surface area of Data Loss Prevention to the Nth degree.  Do not underestimate my kids, or any ones kids ability to do the wrong thing with the wrong data at anytime. I don’t let my kids have my work phone, but we do let them have our normal cell phones, when those lines are blurred by BYOD, who knows what can happen. Also note that there are precisely 1001 file sharing app’s out there, depending on the platform, some can be homegrown, written by the user. Some can be malicious and sold as legitimate:
http://www.symantec.com/connect/blogs/android-threat-tackles-piracy-using-austere-justice-measures
When you’re dealing with security, KISS, keep it simple stupid, and BYOD is not simple, and not simple is the enemy of security.
I cannot say this any better than it’s been said here: http://www.schneier.com/essay-323.html 
Security is always a tradeoff, and security decisions are often made for non-security reasons. In this case, the right decision is to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they're going to have loosened control over the tools they allow in order to get it.
I cannot agree that we sacrifice security for convenience. I can’t see a point in BYOD, if we are somehow not providing enough desktops or laptops for everyone. BYOD is an excuse to be lazy, please give me one good example of BYOD is better than a PC or Laptop. You can’t control what the user is willingly doing or what they are wittingly doing. It’s easy for users to make mistakes with data.
I am with Marcus (link below), but Bruce starts out on Marcus’s side too, then switches at the end to embrace it, when everything he himself says that it’s a bad idea… go figure. Both think it’s a bad idea, one just accepts the fate that it’s going to happen anyway. We don’t have to accept that fate.

http://searchsecurity.techtarget.com/magazineContent/Should-enterprises-give-in-to-IT-consumerization-at-the-expense-of-security
Bottom line, don't let BYOD's touch you're sensitive data, and doing that is next to impossible if someone is motivated.
-rich
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39615290
Truth be told... I don't agree with BYOD either.  It's just a way to help cut costs for hardware (as a false economy in my eyes).

People who make the decisions hear the buzz-words and attend the seminars but don't really understand the challenges or consequences.

But hey... {nod and smile}
0
 
LVL 62

Expert Comment

by:btan
ID: 39615660
Look out for the AUS DSD and US DoD (NIST sp800-124 and SP800-153 can be useful) -use of Mobile smartphone device and wireless. MDM, MAM and MRM coming to into picture...Importantly, the security responsibilities lies not only at Organisation but end user play a bigger role to deter inadvertent "bridge" to perpetrator ... of course they have many other means of coming in.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Network Devices Audit Log 2 27
two domains and two exch2013 6 36
Internet problem with a router wifi in our iPhone 31 91
Classlful vs Classless subneting 18 70
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question