BYOD Devices

I would like to know & understand how to identify BYOD devices in the network. We are planning to have the NAC solution by which users can bring their own devices in the network.
Would like to understand how to identify if a device is a known device or unknown device.
For ex - I bring my I Phone which my company allows me to connect to the network & also i bring my I Pad which my company does not allow to connect to the network. How will i be able to distinguish between these 2 devices.
How will i be able to differentiate which device is BYOD device & which device is not [unknown device]
LVL 1
SrikantRajeevAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jhyieslaCommented:
We pretty much don't allow that because it can be a PITA...but it's all doable. Some of your options will depend on the NAC software or device you are using.  A company we deal with used to embed a registry key really deep in the registry for any device that was allowed to connect to their network; no key, no joy.

As far as pads and phones go, if your NAC software doesn't provide an answer you may want to look at MAAS360 from Fiberlink. We keep such devices off our network by having a MAC address requirement on the wireless routers so no registered MAC address, no joy - and this has nothing to do with MAAS360. As far as them using their mobile device to gain access to their email from outside the company, the MAAS360 shows us everyone who has attempted to use a mobile device to gain email access and since we set up the company devices 360 allows us to push out a policy to the mobile devices that allows the connection to happen. If someone attempts to gain access with a non-comapny device we can remove that access and block them from further access.
0
magarityCommented:
I work with health care data so the mere mention of BYO devices would give the network security administrator a panic attack.  Just thought I'd mention it because you don't say what industry you're in - before you start, have you considered that maybe you don't want the risk in the first place?
0
jhyieslaCommented:
And i'm in healthcare as well which is one thing that's fueling our decision as well.
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

SrikantRajeevAuthor Commented:
I am targeting it for a financial company.
I want to understand how to detect the device bought by the user as BYOD & the intruder device.
Is there any best practices to be followed for what kind of policies to be checked & applied for the BYOD devices.
0
jhyieslaCommented:
As a financial company you are probably at least under SOX. There may be specific requirements within the SOX regulation that may give you guidance for this. We are not under SOX so I can't really comment more on that.

In your opening question you say that your company will allow you iPhone to connect to your network, but not your iPad.  First, I guess I don't understand the difference.  The iPad is really just a big iPhone without phone capabilities so I'm not sure what they gain by that.  Second, how are they limiting who gets on and who doesn't today?  That would b a good starting point for this discussion.

If I was starting a BYOD device plan, here's how I would approach it.

1. What regulations do we have to answer to and how can we best handle a BYOD environment given the regulations: it could be that something like SOX would flat out prohibit something like this.

2. Assuming you can go forward, I'd limit all wireless connections to only devices which have been vetted by IT and approved by the appropriate people.

3. Either limit who can access email remotely or invest in something like MAAS360 that I mention above which would allow you to control who has access to email from what devices.
0
SrikantRajeevAuthor Commented:
I am looking for different kind of policies for allowoing BYOD devices like ipad, iphone, tap , personal laptops etc.
I am trying to understand how to identify these devices when they are trying to connect & what kind of policies needs to be applied for these devices.
Also how to differentiate between these devices with the corporate devices.
0
magarityCommented:
We solve technical problems and give general advice here. Do you really want to base company policy on advice from an internet forum? When the regulators come along and there's a problem, do you want your response to be "twixly99 said to do it this way"?
i suggest you put a fair amount of the burden for such a policy on your compliance officer or the nearest equivalent. Start with someone on the accounting team, like a financial reporting specialist [not a bookkeeper]. They can get you started in the right direction.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SrikantRajeevAuthor Commented:
I am looking for different kind of policies for allowoing BYOD devices like ipad, iphone, tap , personal laptops etc.
I am trying to understand how to identify these devices when they are trying to connect & what kind of policies needs to be applied for these devices.
Also how to differentiate between these devices with the corporate devices.
0
SrikantRajeevAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.