BYOD

From Unallocated Space
Revision as of 11:35, 6 January 2014 by Ajstadlin (talk | contribs) (Created page with "=BYOD PROJECT= ==General Description== Implement BYOD Policies and Procedures in a Corporate Environment. In this case, it will be a hybrid BYOD environment where the following ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

BYOD PROJECT

General Description

Implement BYOD Policies and Procedures in a Corporate Environment. In this case, it will be a hybrid BYOD environment where the following apply:

  • BYOD usage is permitted (e.g. a guest with their own cell phone and their own 3G service, disconnected from the corporate network (LAN side)).
  • Authorized BYOD is permitted (e.g. the President wants to access corporate resources when he brings his laptop in)
  • Unauthorized BYOD is prohibited (e.g. an employee brings their own wireless router in and connects it to the corporate LAN so they can have a wireless access point to surf the Internet).

1.0 PROPOSED BYOD POLICY AND SCOPE

1.A. List of BYOD Device Characteristics for which this Policy's Scope Applies (To Do)

1.B. Examples of BYOD Devices for which this Policy's Scope Applies (To Do)

1.C. Allow Only AUTHORIZED Devices

  • 1.C.1) Authorization is obtained from the Sys Admin
  • 1.C.2) Requirements for Authorization = Check List (To Do)
  • 1.C.3) Scope of Permitted Activities and Access Privileges for Authorized Devices. (To Do)

1.D. Prohibit UNAUTHORIZED Devices

  • 1.D.1) Scope of Unauthorized BYOD Usage (To Do)
  •    1.D.1.a) All BYOD devices that attempt to access corporate network (LAN side) resources are classified as Unauthorized by default.
  • 1.D.2) Enforcement Policies Regarding BYOD Detection (To Do)
  • 1.D.3) Penalties for Unauthorized BYOD usage (To Do)

1.E. Allow guests

  • 1.E.1) Guests may use their BYOD devices as long as they do not attempt to connect to the corporate network.
  • 1.E.2) Guests that want to use a corporate printer will need to bring a USB or LPT cable and use non-networked printers.
  • 1.E.3) If a separate "Guest Network" is available, Device Authorization with minimal requirements is required to use it. (e.g. the owner must obtain a WPA2 key).

2.0 IMPLEMENTING BYOD INTRUSION DETECTION

2.A. Detection Requirements

  • 2.A.1) Detect and Uniquely Identify BYODs attempting to connect to the LAN
  • 2.A.2) Log BYOD connection attempts and successes

2.B. Action Requirements

  • 2.B.1) Determine if a BYOD connection is Authorized or Unauthorized
  • 2.B.2) Transmit an email/text notification to the Sys Admin alerting to unauthorized connections

2.C. Detection Software Candidates Required Features / Product Matrix (To Do)

2.C.1) PADS

2.C.2) Security Onion

2.C.2) ...(To Do)

3.0 SECURITY IMPLEMENTATION - PRODUCTION NETWORK

  • (To Do)

4.0 SECURITY IMPLEMENATION - GUEST NETWORK

4.A. Physical Separation of Guest and Production Network Zones

4.B. Guest >< Production Zone Routing Policies Similar to Internet Firewall

Retrieved from "https://www.wiki.unallocatedspace.org/wiki/index.php?title=BYOD&oldid=517"