What is BYOD?
BYOD (Bring Your Own Device) has become the widely accepted practice referring to the ability for employees, consumers, guests, etc. to bring their own devices to be used on a corporate network. With the increased use of smartphones, laptops, tablets, etc., BYOD is becoming a large component and strategy for most businesses.
BYOD and Security
With ever evolving technology and large consumer demand, employee use of personal devices at work is at an increasing rate. This results in added pressure for IT departments to allow BYOD on the corporate network. Without proper management, the potential risk from these devices can cause malicious activity to be spread to the network, cause data breaches, and threaten the overall function of the corporation.
The best solution for securing a BYOD environment is to implement an in-line Adaptive Network Access Control (NAC) System. An Adaptive NAC will help answer the Who, What, When, Where, and How – the crucial elements of any BYOD environment.
The Adaptive NAC pinpoints individual profiles and devices, specifies access rights, and blocks unauthorized or infected devices at the endpoint (or individual level). This type of agentless control saves you manpower as well as time all while better protecting your network from potentially harmful BYOD environments.
Milton’s BYOD Solution Lies within the EdgeWall® Series Adaptive NAC Appliances
The EdgeWall® System’s first line of defense is its access control. To protect resources we limit the user’s ability to communicate to those resources down to the specific ports. So, for example, if we have an engineering group and an accounting group we can first limit the access each group has down to only their resources and then further narrow it down to the port they’ll use to access the resource. On top of access control, we’ll also scan the user’s machine and traffic to try to detect anything malicious. We can check to make sure the machine is up to date and has an antivirus running with the latest definitions. For the traffic we can check for things like botnets/worms trying to spread.
For protecting users from attacking other users, especially in a BYOD environment, we’ll use the EdgeWall® System’s NAT’ing options. This will allow us to put users on a /30 network which will only have the user and our enforcement EdgeWall® System on it so that they cannot affect or infect other users connected to the network. Since the only other machine on their NAT’ed network is the EdgeWall® System, that’s the only thing the users will be able to send traffic to.