Download - Fetc byod best_prac
![Page 1: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/1.jpg)
Mobile & (BYOD) Best Practices Ernest [email protected] Master Science Information Assurance, (CISSP)®, C|EH v5, MCSE, CNA, CWNA, Security+, I-Net+, Network+, Server+, A+
![Page 2: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/2.jpg)
Life has Changed!!Mobile/BYOD is here and life has changed
![Page 3: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/3.jpg)
Mobility Trends
• Everyone one has multiple devices and change them often
• Full Tech Support for Users BYOD
• Data volumes are exploding
• Mobility adds complexity to management
• Schools are expected to get it perfect
• It may cost more
![Page 4: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/4.jpg)
College Survey BYOD
56 % use (NAC) or MDM
27% don’t do anything
54% Don’t require any AV/firewall
52% say BYOD is used in classrooms
38.9 % users on same network
67% no visibility in who is connecting
![Page 5: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/5.jpg)
Know Jack or Get Hacked What’s on your network
Who’s using it
How are they using it
Host and Flow Data
Where are they accessing it
When did this all take place
How do you automate notifications
WHAT IS YOUR NORMAL TRAFFIC
![Page 6: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/6.jpg)
Coverage AND Capacity
![Page 7: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/7.jpg)
What is the Big Issue?
![Page 8: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/8.jpg)
Control Access First
![Page 9: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/9.jpg)
COIT Tech Support
![Page 10: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/10.jpg)
![Page 11: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/11.jpg)
Better Support
• Proactive IT plan, train and document issues + solutions
• Make a searchable knowledgebase
• Tracking walk-in request
• Enable Self Support
![Page 12: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/12.jpg)
Walk-in Output to Spiceworks• This message from the GCA Walk-in Tech support
• Student Information: Landon Stoner
• Problem: Online [email protected]
Helpdesk Worker Information: Ernest Staats
Comments: Needs help with ASI do to the fact that he can’t remember his password
Ticket Overview
• Priority: MedCreator: Landon StonerAssignee: Ernest Staats Ticket URL: http://GCACHD/tickets/list/single_ticket/213
![Page 13: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/13.jpg)
What needs to be done NOW?
![Page 14: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/14.jpg)
Eyes in Sky Feet on the Street
![Page 15: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/15.jpg)
Bandwidth Hogging DetectionMitigation Software/Hardware:
LANGuardian Wireshark Spiceworks Your Wireless / Switch Vendor
Appliance Base:NET Equalizer http://www.netequalizer.com/Exinda http://www.exinda.com/solutions/wan-optimization-2.0Procera http://www.proceranetworks.com/oem-dpi-engine-
navl.html
![Page 16: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/16.jpg)
Firewall Where? Everywhere
![Page 17: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/17.jpg)
Policies
![Page 18: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/18.jpg)
Smooth Data Flow
• Capture real- time data, log, flow and automate reports
• Analyze, Analyze, Analyze
• Security Onion
• Packet Shapers
• Splunk (paid) or ELSA (Open Source)– ELSA how to http://tiny.cc/904p6w
![Page 19: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/19.jpg)
Mobile Device ManagementManage policies
The ability to roll out apps to users
Manage updates and installs
Inventory mobile devices and their installed softwareQuickly identify devices that have violated AUPs
A good list of MDM solutions and what they offer
http://www.enterpriseios.com/wiki/Comparison_MDM_Providers
A Free option http://www.meraki.com/products/systems-manager/
![Page 20: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/20.jpg)
Magic Quadrant MDM 2013
![Page 21: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/21.jpg)
What MDM Can BecomeControl Freak!
Fuit: Latin he or she was… for IT He or She was in control but now it is Forget yoU Information Technology F.U. I.T.-- The user will do it themselves and get around all your fancy controls… Use open DNS no worries I will just use Google DNS…
![Page 22: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/22.jpg)
Where to start -- Mobile/BYOD
![Page 23: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/23.jpg)
Other Considerations
• Enrollment Experience– User self-enrollment – ease of use is critical
• Password/PIN policy decisions• Push capabilities DO THEY WORK??
– HOW DO THEY WORK?• Location services always on – battery impact• Jailbreak enforcement• Application blacklisting• Encryption requirements
![Page 24: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/24.jpg)
Ten+ Commandments
Plus one or so..
![Page 25: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/25.jpg)
Tablet Best Practices •· Device lock: enable native device authentication (PIN, password, pattern) •· Anti-theft measures: Remote lock or data wipe … use of tablet "find me" (services can also raise privacy concerns) •· Over-the-air encryption: All tablets can secure Web and email with SSL/TLS, Wi-Fi with WPA2, and private data with mobile VPN clients. •· Stored data protection: Hardware and mobile OS support for stored data encryption varies.
![Page 26: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/26.jpg)
Tablet Best Practices II
•· Mobile application controls: Many downloaded apps require access to sensitive data and features, understand what apps have control to what data access to contacts (Block iTunes sharing)
•· Anti-malware: Typically don’t have- anti-virus, anti-spam, intrusion detection, or firewall apps
•· Device management: For visibility, policy configuration, app provisioning, schools can centrally manage tablets, no matter who owns them
![Page 27: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/27.jpg)
WIFI Best Practices
•Use a WIDS solution 2.4 GHz and 5 GHz •Monitor for rogue APs & other WiFi interference (handheld monitor)•Use auditing to discover intruders on the wireless network. For example, accept Dynamic Host Control Protocol (DHCP) requests only from authorized network devices
•Block rogue APs from receiving an IP address and alert the network manager to potential intruders (from the wired lines) •Train staff not to connect to any ad hoc WLANs
•Prevent automatic association with ad hoc networks Windows on Edmodo
![Page 28: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/28.jpg)
WIFI Best practices II•Use 802.1X with EAP to provide mutual authentication of users and authentication servers•Use one of the following EAP types: TLS, TTLS, PEAP. Note that EAP-TLS requires certificates on both the supplicant and the authentication server (Best option ) Not an option with Apple TV
•If 802.1X is not deployed for the wired network, use IPsec or SSL (if supported by school applications) Not an option with Apple TV •WPS and WPA2 PSK is broken But required if using Apple products •Authenticate guests through a captive portal webpage and monitor usage
![Page 29: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/29.jpg)
Network Management
•Modify default SSID to a school/district-specific name•Use a controller-based or Centrally Managed WLAN system instead of autonomous APs •With WLAN hardware use strong passwords - Change passwords periodically (Default hardware PWD)
•Disable wireless-side management access to wireless network •Monitor vendor updates and apply patches•Use (SNMP) v3, Secure Shell (SSH), and SSL•Restrict wired-side AP/controller access to certain IP addresses, subnets or VLANs
![Page 30: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/30.jpg)
Resources and software
![Page 31: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/31.jpg)
Mobile Parental Controls
![Page 32: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/32.jpg)
Alphabet BYO-security
BYODBYOx
DevicesAppsData
MDMMAMMIM
![Page 33: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/33.jpg)
Windows Apps on BYOD• Frame Hawk
• HTML5
– PhoneGap,
– Worklight
• API Based
– Appcelerator
– RhoMobile
• VDI
– Citrix
– VMware
![Page 34: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/34.jpg)
To Drop or Not
• Zoolz
• Watchdox
• Sharefile
• Egnyte
• Cubby
• Box
![Page 35: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/35.jpg)
Private Cloud DropBox
• SharePlan
• Tonido
• SpiderOak
• Cubby
• GoodSync
![Page 36: Fetc byod best_prac](https://reader038.vdocuments.mx/reader038/viewer/2022110121/558950ead8b42a02638b465e/html5/thumbnails/36.jpg)
iCloud = iHog….
• iCloud use ports 80 443, and 5223
• Uses Apple, Microsoft and Amazon cloud services to deliver apps and data.