WLAN DISCUSSION
 

Keeping your eye on BYODs and more

Keeping your eye on BYODs and more

Postby LPhifer » Thu Feb 09, 2012 7:29 am

Many of us tend to focus on endpoint settings and MDM to mitigate enterprise security risks associated with new mobile devices - especially BYODs. But these tactics address only part of the problem. Used alone, they're like applying brake/throttle without being able to eyeball your speedometer.

It's never been more important to detect and monitor devices operating within your airspace, used by your workforce and others. For a succinct explanation of why wireless visibility is critical and how WIPS can help, read this HelpNetSecurity interview with Jesse Frankel:

http://www.net-security.org/article.php?id=1671&p=1
-- Lisa Phifer
User avatar
LPhifer
Registered User
 
Posts: 160
Joined: Fri Jun 25, 2010 10:42 am
Location: Pennsylvania, US

Re: Keeping your eye on BYODs and more

Postby LPhifer » Fri Mar 30, 2012 1:18 pm

An essential first step in dealing with bring-your-own-devices is spotting and identifying them. I've been thinking about this challenge and the myriad of solutions that are trying to tackle it.

First, we have Network Access Control (NAC) solutions that intercept login requests and scan or probe unrecognized devices to fingerprint them. Fingerprinting wasn't the original purpose of NAC - many NAC solutions were initially geared to spot malware or policy non-compliance or enable safe guest access. But NAC is well-positioned to fingerprint BYODs - so long as those BYODs actually try to connect to your network.

Next, we have Wireless LANs products that keep tabs on client associations and participate in client/user authentication. Increasingly, these products are venturing beyond guest management into BYOD on-boarding - in effect, leveraging guest WLANs to redirect unrecognized devices to an activation portal, where they can be provisioned for secure connectivity to the corporate WLAN. These products are also well-positioned to fingerprint BYODs - so long as those BYODs actually try to associate to your WLAN.

But what about BYODs that never connect, never associate - what's the best way to fingerprint those puppies? You might argue they don't matter, but increasingly they do. These BYODs can be Wi-Fi Direct peers, personal hotspots, or just noisy clients that constantly probe for APs without ever trying to connect to yours. These may have security impact on your business - and they certainly have performance impact on your WLAN. Fingerprinting these BYODs can help you determine risk and impact and whether any action is warranted.

This is where I think that full-time Wireless IPS is in a unique position to help. WIPS doesn't wait until association or network connection time to monitor and track BYODs. With a WIPS, it's pretty easy to look back and see when the first time a given BYOD appeared, where it went in your facility, and whether it ever associated to anyone (or tried to).

A WIPS that really fingerprints devices - doesn't just tell you a device is manufactured by Cisco or Apple or <insert your OUI here> - can be a huge help in evaluating the "what" and "why" and "where" questions that BYODs raise. Given the ever-escalating number of BYODs that probably visit your office each day, a WIPS that can automatically DO something when it spots a specific kind of device engaged in a suspicious kind of activity is even better.

But that's just my opinion and experience. How about you? How many of you are using WIPS as part of a BYOD management or security initiative? What capabilities and tools do you find more effective for this purpose? What tools do you wish you had that you don't today?
-- Lisa Phifer
User avatar
LPhifer
Registered User
 
Posts: 160
Joined: Fri Jun 25, 2010 10:42 am
Location: Pennsylvania, US


Return to WLAN Security



Who is online

Users browsing this forum: No registered users and 3 guests

 

 

 

 
Read
»
Whitepaper: WLAN Design and Site Survey
 
»
Site Survey Check List
 
»
802.11n Reference Guide
 
Watch
»
RF Basics
 
»
Planning for 802.11n
 
»
Voice-over-Wireless Best Practices
 
 
Home  |  Security Center  |  All Things Wi-Fi  |  Blog  |  Library  |  AirMagnet.com  |  FlukeNetworks.com
© 2006-2013 Fluke Corporation. All rights reserved.