Tag Archives: BYOD

Security Challenges and Strategies with the Use of Mobile Devices

Recently, I have been reading about the security challenges many organizations are facing with regards to the use of mobile devices in their networks, and the various security strategies they can implement.  

Use of mobile devices for business is growing at an exponential rate. This also increases the need for wirelessly-accessible peripherals, and exposure to new mobile applications. This is forcing IT departments to reassess their entire mobile security strategy and architecture. 

As more mobile devices access the corporate network, the risk of data loss, leakage of valuable intellectual property, and exposure to vulnerabilities (viruses/malware) increases significantly.

So how do you plan a successful mobile security strategy?  Below are some points to consider:

  1. Determine your mobility requirements. Who are the mobile employees and what IT resources do they need access to when they are mobile (i.e. corporate emails, calendars/contacts, corporate applications etc..)
  2. Establish corporate rules to give appropriate employees access to the necessary data and resources on their devices (crucial for productivity), and at the same  time to ensure that this data is restricted on the device and can be wiped when required (crucial for security).
  3. With the constant influx of new mobile devices and platforms in the market, it is very important to decide on what devices and operating systems should be supported based on the security capabilities of these platforms.
  4. Decide whether these devices will be owned by the company or if employees will pay for their own devices (BYOD), while taking privacy and legal implications into account.
  5. Define acceptable use policies and identify security control requirements (i.e. password complexities, encryption, application control).
  6. Identify additional technology requirements to enforce these security policies. (i.e. MDM, DLP, Encryption, Authentication)
  7. Create a training & awareness program for the employees, and ensure your support staff is prepared.

If you have any questions or require assistance in planning and designing your mobile security strategy, please contact your NCI rep today.

Ravish Shah

DHCP Fingerprinting with ArubaOS

If you’ve read any of my previous blog posts, you have probably noticed that I make an effort to confine my posts to vendor-neutral topics. However, every now and then I come across vendor-specific technology implementations that are so cool that I just have to say something about them. In this case, it is DHCP fingerprinting by Aruba Networks.

Without getting into too much technical detail, this technology watches the DHCP requests of wireless clients and identifies the operating system based on the way each device asks for an address. This feature is really cool because it means you can allow a user to connect to the same ESSID (read: wireless network), using the same username/password, with a variety of different devices, and get different levels of access depending on the specific device type. For example, if the user connects to the WLAN with a company issued laptop then they get access to the internal network. However, if they connect using an iPad they get Internet access only. Didn’t I say this was cool?

Enough typing, I recorded a little demonstration of DHCP fingerprinting for your viewing enjoyment:

As BYOD becomes more prevalent, I think we are going to start seeing technologies like this popping up all over the place. This is a good thing since it gives administrators the ability to allow BYODs onto the network without having to give up on security and control.

Dan C.

How do you deal with BYODs in your environment? If you have thoughts or comments regarding the proper way of dealing with BYODs please share them in the comments section. Also, as usual, please share this post with others if you found it useful or interesting.

Aruba Networks CEO Talks Mobility with NCI

A few days ago I was given the opportunity to sit down with the CEO of Aruba Networks, Dominic Orr, and a few members of his Canadian team. While the swordfish was great, I thought the conversation was even better. Listening to and discussing thoughts on the future of mobility with a team of like-minded individuals is an amazing way to spend an evening.

Here are some quick points and discussion summaries from the evening:

  1. Wireless networking and mobility is growing at an incredible rate (no surprise there). With the ever growing number of devices that are ‘wireless only’ it is more important than ever to start planning your mobility strategy. That means immediately. Not tomorrow, not next week, immediately. You don’t want to be caught in a reactive stance when your environment gets hit by the tidal wave of BYODs.
  2. It’s great to see that one of the top players in the wireless/mobility space is making a conscious effort not to leave smaller clients behind during this period of enormous market growth. Solutions like Aruba Instant allow SMBs to take advantage of enterprise-level features without going over budget. Mobility is primed to be a game-changer for everyone; not just the richest companies.
  3. Starting now, or in the very near future, context will be king. It is no longer good enough to only plan for coverage, capacity, or even secure access. To take full advantage of mobility, you will need to start providing coverage, capacity, and security based on the context of the individual users and devices connecting to your network. Using identity, device type, time, location, and application usage as the context in which you create your policies will allow for optimal, secure, and efficient use of wireless networks and mobility in the workplace.

Overall, I left that dinner feeling energized and excited about the future of mobility. Am I ready to cut all of my cables right now? No. However, as more and more device manufacturers take the option of a wired connection away, it is comforting to know that networks are set to adapt and offer a far more customized level of service than ever before.

Dan C.

What are your thoughts on the future of mobility? Do you need help developing your strategy? Leave a comment or contact us directly and let’s start the discussion.

 

Full Disclosure: NCI is a partner/reseller of Aruba Networks.

Streaming Video vs The Corporate WLAN

Sometimes words are just not enough, but seeing is believing.

The picture, above, shows the results of a little lab test I did to see just how much of the available wireless spectrum streaming video would consume. For this test, I recorded three seperate video sources:

  1. YouTube 1080p.
  2. Netflix using the Good Quality setting – upto 0.3 GB/hour.
  3. Netflix using the Best Quality setting – upto 1 GB/hour.

A proper explanation of everything shown in the picture is a bit beyond the purpose of this blog post, but I will try to highlight the important bits:

  • There is a noticable increase in wireless activity during each video. In fact, the duty cycle during the YouTube video was up to 73 percent! Put another way, anyone else trying to access the network via that access point would have been very annoyed.
  • Even at the Best Quality setting, Netflix was not as ‘spectrum-unfriendly’ as YouTube.

As we allow more and more bring your own device (BYOD) access in the enterprise, we need to make sure we have a plan or policy for dealing with this type of traffic. The spectrum available to WLANs is not limitless. Left unchecked, a few streaming videos at the office could have a major impact on the proper functioning of wireless applications and VOIP capabilities. What’s your strategy for dealing with the type of traffic? Do you block it entirely? Do you block it on the WLAN and allow it on the LAN? Rate limit? Whatever you decide, you want to make sure it is you making the decision and not the BYOD devices.

Dan C.

If you have any questions, comments, or feedback, we’d love to hear from you in our comments sections.

Bonus Question: Based on the picture, can you determine which 802.11 standard was being used and what my theoretical maximum bandwidth was at the time?