You’ve been allowing it for months or even years and now you’ve decided to get serious about how to roll out a secure BYOD environment. Supporting BYOD is easy. Making BYOD secure is the tricky part and then there is always network traffic monitoring to make sure your BYOD security strategy is working. Today I’m going to outline several steps that Patrick Sweeney (VP of Product Marketing) at SonicWALL shared with me. These steps should be considered when setting up a ‘reasonably’ safe BYOD environment.
Patrick Sweeney – VP, SonicWALL
1) Establish a Reverse Proxy. A reverse proxy presents your prized servers on the internet and provides a single point of access to all servers and they can force authentication on just about any type of device or operating system. There are other benefits as well such as making it easier to replace backend servers without worrying about host name changes.
2) Provide VPN access. I’m not going to get into a IPSec vs. SSL discussion but, I will say that a single solution for both smartphones and laptops is ideal
3) All remote connections should pass through a firewall before accessing the corporate network. Next Generation firewalls do not allow clear text and constantly scan traffic for malware.
4) Force strong authentication. A one time password can be reused if it is capture by a machine infected with a key logger. They are also simple to implement.
If you are ready to take BYOD security to another level, read on:
5) The machine using a VPN to access the corporate network should be interrogated immediately after logging in to ensure that it is running antivirus software and not using tools such as BitTorrent.
6) Leverage secure virtual desktop environments which are erased and recreated on exit. This is very important if your company has employees accessing the corporate network from random hardware such as an airport kiosk.
7) Enforce a cache cleaner once the user logs off and closes his / her local browser
Want more ideas to keep the business applications optimized in a BYOD and non-BYOD environments:
8) Make sure business applications such as VoIP, Salesforce.com, etc. are prioritized. This is done with deep packet inspection available on most routers, switches and firewalls.
9) Incorporate hardware that can take automatic action on unacceptable behaviors by throttling a users traffic or by stuffing the host into a limited access VLAN
10) Manage and monitor. With technologies such as next generation NetFlow and IPFIX we can now monitor BYOD traffic by incorporating filters for :
- User names and viewing all of the devices a user has authenticated onto the network (e.g. laptop, smart phone and tablet)
- The vendor ID of MAC addresses can be filtered on. This is time consuming but, effective.
- Verify that business applications are getting the bandwidth they need during peak times
- Set thresholds that trigger alarms which watch for traffic to certain domains within URLs
The more steps you take to secure BYOD access your network the better and you don’t have to spend a lot of money. BYOD has been here for a while and it is growing rapidly and should be part of most network management solutions.