Carl Smith, System Design-Support Engineer, ScanSource Security
Dear IP Man:
BYOD seems to have graduated from
a novelty to the norm. With all of these devices being brought on to the network, how can I securely connect them without exposing my organization to new security threats? And how can I do this without asking people to re-enter login credentials multiple times per day, or overwhelming my help desk with support tickets.
- Lots of Devices
Dear Lots:
You’re right to be concerned. The internet of things has exploded in the last several years. There was an average of 7-12 billion internet-connected devices in 2016, and that number is estimated to increase to more than 22 billion by 2020. With all of that being said, having a good onboarding solution is key to managing these new devices. Here are some important aspects of an onboarding solution:
Monitoring - Have a solution that can monitor new devices as they come
on to your network, with the ability to fingerprint these devices using packet and protocol level characteristics to identify mobile devices.
Policy Enforcement – Once devices on the network have been identified, you can apply policies for how that device is able to traverse the network. Another feature that is sometimes implemented is posture checking. It is important to have devices onboarding correctly to the network for
security, but what happens if something on their system changes after it has been accepted onto the network. That device could now become a vulnerability. Posture checking makes it easy for an admin
to detect those changes and move the device to another role with limited access.
MDM (Mobile Device Management) – Many organizations deploy MDM systems to manage smart mobile devices accessing corporate assets. New devices attempting to connect to the network would be forced to install an MDM agent on their device that will allow for tighter controls of those devices on the network. For example you could have a policy in place that does not allow a jailbroken iPhone to access your network. MDM has to work in conjunction with some of the monitoring and policy enforcement mentioned above so that a device can properly be identified and managed.
Security – The Wi-Fi network also needs to be protected from other vulnerabilities like rogue APs, tethering, personal hotspots, Wi-Phishing, client connections to neighborhood APs, ad hoc connections, etc.
These are some of the features of a secure onboarding solution. Make sure to check out some of the vendor offerings that ScanSource has around these solutions.
Sincerely,
Carl “IP Man” Smith
7 | ScanSource Networking and Security Focus SPRING 2018