BYOD
BYOD PROJECT
General Description
Implement BYOD (Bring Your Own Devices) Policies and Procedures in a Corporate Environment. In this case, it will be a hybrid BYOD environment where the following apply:
- BYOD usage is permitted (e.g. a guest with their own cell phone and their own 3G service, disconnected from the corporate network (LAN side)).
- Authorized BYOD is permitted (e.g. the President wants to access corporate resources when he brings his laptop in)
- Unauthorized BYOD is prohibited (e.g. an employee brings their own wireless router in and connects it to the corporate LAN so they can have a wireless access point to surf the Internet).
1.0 PROPOSED BYOD POLICY AND SCOPE
1.A. List of BYOD Device Characteristics for which this Policy's Scope Applies (To Do)
1.B. Examples of BYOD Devices for which this Policy's Scope Applies (To Do)
1.C. Allow Only AUTHORIZED Devices
- 1.C.1) Authorization is obtained from the Sys Admin
- 1.C.2) Requirements for Authorization = Check List (To Do)
- 1.C.3) Scope of Permitted Activities and Access Privileges for Authorized Devices. (To Do)
1.D. Prohibit UNAUTHORIZED Devices
- 1.D.1) Scope of Unauthorized BYOD Usage (To Do)
- 1.D.1.a) All BYOD devices that attempt to access corporate network (LAN side) resources are classified as Unauthorized by default.
- 1.D.2) Enforcement Policies Regarding BYOD Detection (To Do)
- 1.D.3) Penalties for Unauthorized BYOD usage (To Do)
1.E. Allow guests
- 1.E.1) Guests may use their BYOD devices as long as they do not attempt to connect to the corporate network.
- 1.E.2) Guests that want to use a corporate printer will need to bring a USB or LPT cable and use non-networked printers.
- 1.E.3) If a separate "Guest Network" is available, Device Authorization with minimal requirements is required to use it. (e.g. the owner must obtain a WPA2 key).
2.0 IMPLEMENTING BYOD INTRUSION DETECTION
2.A. Detection Requirements
- 2.A.1) Detect and Uniquely Identify BYODs attempting to connect to the LAN
- 2.A.2) Log BYOD connection attempts and successes
2.B. Action Requirements
- 2.B.1) Determine if a BYOD connection is Authorized or Unauthorized
- 2.B.2) Transmit an email/text notification to the Sys Admin alerting to unauthorized connections
2.C. Detection Software Candidates Required Features / Product Matrix (To Do)
2.C.1) PADS
2.C.2) Security Onion
2.C.2) ...(To Do)
3.0 SECURITY IMPLEMENTATION - PRODUCTION NETWORK
- (To Do)