mobile byod best practices n.
Skip this Video
Loading SlideShow in 5 Seconds..
Mobile & (BYOD) Best Practices PowerPoint Presentation
Download Presentation
Mobile & (BYOD) Best Practices

Loading in 2 Seconds...

play fullscreen
1 / 36

Mobile & (BYOD) Best Practices - PowerPoint PPT Presentation

  • Uploaded on

Mobile & (BYOD) Best Practices . Ernest Staats info@ Master Science Information Assurance, (CISSP)®, C | EH v5, MCSE, CNA, CWNA, Security+, I-Net+, Network+, Server+, A+ . Life has Changed!!. Mobile/BYOD is here and life has changed . Mobility Trends.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Mobile & (BYOD) Best Practices' - kimama

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
mobile byod best practices

Mobile & (BYOD) Best Practices

Ernest Staats

Master Science Information Assurance, (CISSP)®, C|EH v5, MCSE, CNA, CWNA,

Security+, I-Net+, Network+, Server+, A+

life has changed
Life has Changed!!

Mobile/BYOD is here and life has changed

mobility trends
Mobility Trends
  • Everyone one has multiple devices and change them often
  • Full Tech Support for Users BYOD
  • Data volumes are exploding
  • Mobility adds complexity to management
  • Schools are expected to get it perfect
  • It may cost more
college survey byod
College Survey BYOD

56 % use (NAC) or MDM

27% don’t do anything

54% Don’t require any AV/firewall

52% say BYOD is used in classrooms

38.9 % users on same network

67% no visibility in who is connecting

know jack or get hacked
Know Jack or Get Hacked

What’s on your network

Who’s using it

How are they using it

Host and Flow Data

Where are they accessing it

When did this all take place

How do you automate notifications


what is the big issue
What is the Big Issue?

3 to 5 Mb per user

9 Mb per user HD

better support
Better Support
  • Proactive IT plan, train and document issues + solutions
  • Make a searchable knowledgebase
  • Tracking walk-in request
  • Enable Self Support
walk in output to spiceworks
Walk-in Output to Spiceworks
  • This message from the GCA Walk-in Tech support
  • Student Information: Landon Stoner
  • Problem: Online

Helpdesk Worker Information: Ernest StaatsComments: Needs help with ASI do to the fact that he can’t remember his password

Ticket Overview

  • Priority: MedCreator: Landon StonerAssignee: Ernest Staats Ticket URL: http://GCACHD/tickets/list/single_ticket/213

Bandwidth Hogging Detection


  • Software/Hardware:
  • LANGuardian
  • Wireshark
      • Spiceworks
      • Your Wireless / Switch Vendor
  • Appliance Base:
  • NET Equalizer
  • Exinda
  • Procera
smooth data flow
Smooth Data Flow
  • Capture real- time data, log, flow and automate reports
  • Analyze,Analyze, Analyze
  • Security Onion
  • Packet Shapers
  • Splunk (paid) or ELSA (Open Source)
    • ELSA how to
mobile device management
Mobile Device Management

Manage policies

The ability to roll out apps to users

Manage updates and installs

Inventory mobile devices and their installed software

Quickly identify devices that have violated AUPs

A good list of MDM solutions and what they offer

A Free option

what mdm can become control freak
What MDM Can BecomeControl Freak!

Fuit: Latin he or she was… for IT He or She was in control but now it is

Forget yoU Information Technology F.U. I.T.-- The user will do it themselves and get around all your fancy controls… Use open DNS no worries I will just use Google DNS…

other considerations
Other Considerations
  • Enrollment Experience
    • User self-enrollment – ease of use is critical
  • Password/PIN policy decisions
  • Push capabilities DO THEY WORK??
  • Location services always on – battery impact
  • Jailbreak enforcement
  • Application blacklisting
  • Encryption requirements
ten commandments
Ten+ Commandments

Plus one or so..

tablet best practices
Tablet Best Practices

· Device lock: enable native device authentication (PIN, password, pattern)

· Anti-theft measures: Remote lock or data wipe … use of tablet "find me" (services can also raise privacy concerns)

· Over-the-air encryption: All tablets can secure Web and email with SSL/TLS, Wi-Fi with WPA2, and private data with mobile VPN clients.

· Stored data protection: Hardware and mobile OS support for stored data encryption varies.

tablet best practices ii
Tablet Best Practices II

· Mobile application controls: Many downloaded apps require access to sensitive data and features, understand what apps have control to what data access to contacts (Block iTunes sharing)

· Anti-malware: Typically don’t have- anti-virus, anti-spam, intrusion detection, or firewall apps

· Device management: For visibility, policy configuration, app provisioning, schools can centrally manage tablets, no matter who owns them

wifi best practices
WIFI Best Practices
  • Use a WIDS solution 2.4 GHz and 5 GHz
  • Monitor for rogue APs & other WiFi interference (handheld monitor)
  • Use auditing to discover intruders on the wireless network. For example, accept Dynamic Host Control Protocol (DHCP) requests only from authorized network devices
  • Block rogue APs from receiving an IP address and alert the network manager to potential intruders(from the wired lines)
  • Train staff not to connect to any ad hoc WLANs
    • Prevent automatic association with ad hoc networks Windows on Edmodo
wifi best practices ii
WIFI Best practices II
  • Use 802.1X with EAP to provide mutual authentication of users and authentication servers
  • Use one of the following EAP types: TLS, TTLS, PEAP. Note that EAP-TLS requires certificates on both the supplicant and the authentication server (Best option ) Not an option with Apple TV
  • If 802.1X is not deployed for the wired network, use IPsec or SSL (if supported by school applications) Not an option with Apple TV
  • WPS and WPA2 PSK is broken But required if using Apple products
  • Authenticate guests through a captive portal webpage and monitor usage
network management
Network Management
  • Modify default SSID to a school/district-specific name
  • Use a controller-based or Centrally Managed WLAN system instead of autonomous APs
  • With WLAN hardware use strong passwords - Change passwords periodically (Default hardware PWD)
  • Disable wireless-side management access to wireless network
  • Monitor vendor updates and apply patches
  • Use (SNMP) v3, Secure Shell (SSH), and SSL
  • Restrict wired-side AP/controller access to certain IP addresses, subnets or VLANs
alphabet byo security
Alphabet BYO-security
  • BYOD
  • BYOx
    • Devices
    • Apps
    • Data
  • MDM
  • MAM
  • MIM
windows apps on byod
Windows Apps on BYOD
  • Frame Hawk
  • HTML5
    • PhoneGap,
    • Worklight
  • API Based
    • Appcelerator
    • RhoMobile
  • VDI
    • Citrix
    • VMware
to drop or not
To Drop or Not
  • Zoolz
  • Watchdox
  • Sharefile
  • Egnyte
  • Cubby
  • Box
private cloud dropbox
Private Cloud DropBox
  • SharePlan
  • Tonido
  • SpiderOak
  • Cubby
  • GoodSync
icloud ihog
iCloud = iHog….
  • iCloud use ports 80 443, and 5223
  • Uses Apple, Microsoft and Amazon cloud services to deliver apps and data.