In this video, look at the access and security considerations of BYOD mobile devices.
- We live in a world where our mobile devices are invading all of our networks. How many times have you walked into a coffee shop or into an office or to a conference and the first thing you're trying to do is find an open network? Or is there an SSID and a password for this particular show or coffee shop or whatever it might be? We like using 802.11 as a way for our mobile devices to get into the network. Unfortunately, I'm gonna spin this around. I'm the person who has a network and I'm getting invaded by all these mobile devices, so how do we deal with mobile access controls into our networks? There's a lot of security implications here and there's a lot that we have to consider when we're talking about this 'cause that's what this is all about.
We're all about the security considerations. What if somebody comes into my network and they're a bad guy and they wanna start hacking? What if somebody comes into my network with a mobile phone just chocked full of malware and they're doing all kinds of naughty things? What if somebody accidentally has their wireless share on so that they're actually acting as a internet service provider, they plug into my network and provide everybody free access, unfiltered internet to anything they want to see? So, we've got a big issue here when it comes to allowing these mobile devices to access our networks.
We call the term BYOD. People are bringing their own devices into our networks, and to be honest with you, we don't trust them, so we have to go through a process known generically as network access control, or NAC. Network access control is the process by which our networks allow all of these mobile devices to get onto our network. So, there's a lot of ways to look at this. There's the big, fancy enterprise way, but you can also do this on smaller networks. In the enterprise environments, we have a term called on-boarding.
On-boarding is the process by which we determine a new device coming into our network and we decide whether we're gonna let it onto our network or not. On-boarding has all kinds of amazing tools. One you've probably seen more than one time is what we call a captive portal. With a captive portal, I have a way to get onto the network, an SSID and probably a password, but all that does is gets me to a little webpage. It looks something like this, we've all seen these.
With these captive portal pages, this gives us an opportunity to perform real authentication. Here we can have people type in usernames and passwords. Here we can have people use RSA tokens and type in information that nobody else but them would have. All of these types of tools rely very, very heavily on the 802.1X standard, which we cover in other episodes in this series, and it does a really good job, but this is a big job. When you look at these enterprise devices, they're gonna go through processes where, for example, you may be an authorized user on this network, but they're gonna go through and run anti-malware on your computer.
Just to get on certain people's network, you have to download something and you have to run it or they won't even let you on the network 'cause they'll see that it's not there. So, in an enterprise world, you have some real power. Enterprises can do things like geofencing. With geofencing, I can take a look at a system that's trying to log into my network and if it's not inside the gate or pretty close to it, I can actually stop a device from doing that. So, geofencing is a powerful tool to use in on-boarding for access control.
Now, all of these tools I've just described to you are really for enterprise network access control, and they're great and they're out there and they're powerful and they're common. However, even in smaller networks, we have some tools that provide access control. So, what I've got here is just a little home router, pretty good little home router, I might add, and I've got him hooked up right now and I'd like to go ahead and jump in here a little bit and show you much more rudimentary but still very useful access controls.
Now, as I scroll in here, had to dig around a little bit to find it, but you'll see, I have this Access Control setting. And the big thing it's gonna be doing more than anything else is working with MAC addresses. We call this MAC filtering, we call it MAC reservation, whatever you wanna call it. What's happening here is, based on MAC addresses, we're gonna decide whether stuff can be in or out of the network. So, generally what we do is we do what's known as whitelisting. With whitelisting, we have a list of known trusted devices and we type in their MAC address, and they're allowed into our network.
All other devices are not allowed in. The alternative to whitelisting is gonna be blacklisting. In that case, I can actually type in a number of devices that cannot get on my network no matter what. The problem is, in a BYOD environment, there's all kinds of people coming in and generally the rule is take advantage of a whitelist because we know the computers that we want. Now, I need to warn you, even before we dive into this too much, when you start doing a lot of MAC reservation and MAC filtering like this, what if your Aunt Janine comes in with her iPad? You're gonna have to go back into the screen and make an addition.
Well, let's go ahead and march through one quick add. So, you'll see right now, I currently have it set up as a whitelist. It sees one device online right now, which is the actual laptop I've got plugged in that you're seeing, but I'm gonna add a device. Call it MikePhone. Then I'll just type in a legitimate looking MAC address, and it accepted it.
So, even with small networks, the concept of network access control still comes into play. It may be a rudimentary tool, but it's gonna help at least to some extent to keep the bad guys out of your network.
This Total Seminars course covers the exam certification topics. For information on additional study resources—including practice tests, lab simulations, books, and discounted exam vouchers—visit totalsem.com/linkedin. LinkedIn Learning members receive special pricing.
This course was created by Total Seminars. We are pleased to offer this training in our library.
We are a CompTIA Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Implementing wireless security
- Threats to your wireless network
- Wi-Fi Protected Setup
- Installing a wireless network
- Cloud ownership and implementation
- Creating a virtual machine
- PaaS, SaaS, and IaaS
- Mobile networking
- Deploying mobile devices