Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 68
  • Last Modified:

BYOD Devices

I would like to know & understand how to identify BYOD devices in the network. We are planning to have the NAC solution by which users can bring their own devices in the network.
Would like to understand how to identify if a device is a known device or unknown device.
For ex - I bring my I Phone which my company allows me to connect to the network & also i bring my I Pad which my company does not allow to connect to the network. How will i be able to distinguish between these 2 devices.
How will i be able to differentiate which device is BYOD device & which device is not [unknown device]
0
SrikantRajeev
Asked:
SrikantRajeev
  • 4
  • 3
  • 2
1 Solution
 
jhyieslaCommented:
We pretty much don't allow that because it can be a PITA...but it's all doable. Some of your options will depend on the NAC software or device you are using.  A company we deal with used to embed a registry key really deep in the registry for any device that was allowed to connect to their network; no key, no joy.

As far as pads and phones go, if your NAC software doesn't provide an answer you may want to look at MAAS360 from Fiberlink. We keep such devices off our network by having a MAC address requirement on the wireless routers so no registered MAC address, no joy - and this has nothing to do with MAAS360. As far as them using their mobile device to gain access to their email from outside the company, the MAAS360 shows us everyone who has attempted to use a mobile device to gain email access and since we set up the company devices 360 allows us to push out a policy to the mobile devices that allows the connection to happen. If someone attempts to gain access with a non-comapny device we can remove that access and block them from further access.
0
 
magarityCommented:
I work with health care data so the mere mention of BYO devices would give the network security administrator a panic attack.  Just thought I'd mention it because you don't say what industry you're in - before you start, have you considered that maybe you don't want the risk in the first place?
0
 
jhyieslaCommented:
And i'm in healthcare as well which is one thing that's fueling our decision as well.
0
Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

 
SrikantRajeevAuthor Commented:
I am targeting it for a financial company.
I want to understand how to detect the device bought by the user as BYOD & the intruder device.
Is there any best practices to be followed for what kind of policies to be checked & applied for the BYOD devices.
0
 
jhyieslaCommented:
As a financial company you are probably at least under SOX. There may be specific requirements within the SOX regulation that may give you guidance for this. We are not under SOX so I can't really comment more on that.

In your opening question you say that your company will allow you iPhone to connect to your network, but not your iPad.  First, I guess I don't understand the difference.  The iPad is really just a big iPhone without phone capabilities so I'm not sure what they gain by that.  Second, how are they limiting who gets on and who doesn't today?  That would b a good starting point for this discussion.

If I was starting a BYOD device plan, here's how I would approach it.

1. What regulations do we have to answer to and how can we best handle a BYOD environment given the regulations: it could be that something like SOX would flat out prohibit something like this.

2. Assuming you can go forward, I'd limit all wireless connections to only devices which have been vetted by IT and approved by the appropriate people.

3. Either limit who can access email remotely or invest in something like MAAS360 that I mention above which would allow you to control who has access to email from what devices.
0
 
SrikantRajeevAuthor Commented:
I am looking for different kind of policies for allowoing BYOD devices like ipad, iphone, tap , personal laptops etc.
I am trying to understand how to identify these devices when they are trying to connect & what kind of policies needs to be applied for these devices.
Also how to differentiate between these devices with the corporate devices.
0
 
magarityCommented:
We solve technical problems and give general advice here. Do you really want to base company policy on advice from an internet forum? When the regulators come along and there's a problem, do you want your response to be "twixly99 said to do it this way"?
i suggest you put a fair amount of the burden for such a policy on your compliance officer or the nearest equivalent. Start with someone on the accounting team, like a financial reporting specialist [not a bookkeeper]. They can get you started in the right direction.
0
 
SrikantRajeevAuthor Commented:
I am looking for different kind of policies for allowoing BYOD devices like ipad, iphone, tap , personal laptops etc.
I am trying to understand how to identify these devices when they are trying to connect & what kind of policies needs to be applied for these devices.
Also how to differentiate between these devices with the corporate devices.
0
 
SrikantRajeevAuthor Commented:
Thanks
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now