Overclockers Australia Forums
OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old 12th April 2012, 12:19 AM   #46
geniesis
Member
 
Join Date: Aug 2007
Posts: 185
Default

Quote:
Originally Posted by MrvNDMrtN View Post
Theres a new challenge now...
Wanting to do presentations via apple tv wireless.
Very true.

I believe wireless vendors are now coming up with some solutions such as bonjour proxying. Aerohive having bonjour gateway and Aruba with AirGroup.

Airgroup looks to have some good promise with the ability for self-reg so users can authorize devices themselves.

So it's possible, but still very new and not all vendors have got it covered yet...AFAIK, Cisco doesn't have something in this area yet. Not to mention having having to upgrade your wireless system if you don't have that respective vendor.

Creating a whole multicast network is something not many network engineers have got great experience with. IGMP,PIM, RP, and other multicast concepts are still very foreign to the average network engineer. It's not something most companies/networks have actually implemented. Let alone attempting to secure the whole thing for BYOD.
geniesis is offline   Reply With Quote

Join OCAU to remove this ad!
Old 17th April 2012, 11:18 AM   #47
RaZ
Member
 
RaZ's Avatar
 
Join Date: Aug 2001
Location: Melbourne
Posts: 257
Default

Quote:
Originally Posted by MrvNDMrtN View Post
Theres a new challenge now...

BYOD Apple devices... MBP.. ipad/iphone.. apple tv.

Wanting to do presentations via apple tv wireless.

Think about routing/switching/multicasting/security.. the whole shebang.
currently being trialed in two class rooms... oh not apple TV as such... but using big LCD's around a class room and the teacher can drag a window from a pad to any of the screens, which are of course network connected, I don't know the full setup but it works great Wish I could create an app for it would make killer amounts of cash lol as far as I know when you drag the app to the top of the pad screen you get little box's, colored so you know which screen is which, you drag the window to the box and it puts up on the TV screen. The amount of uses this has not only in teaching but in the private sector... man - I wish I could code!

BYOD to me, is all about letting users, use what ever they like to connect to set resources, BUT, because its BYOD you have to control how they access those resources and also define what resources BYOD can and can-not use. Personal security on each of those devices is up to each owner. Network security and where those BYOD's can get to, again comes down to the usage of those devices and what resources you allow them to use.

Using Citrix to deliver the app by means of either streaming to an xenapp server and then published or by the users connecting to a locked down VDI environment to access both applications and resources such as internet and printing is really not that big of a problem. More so with controlled vlan, and physical switch security splitting the networks, eg: if I want to be on a set subnet, I need to repatch my patch point.

As for wireless security - I am not entirely sure as I am just doing the Citrix side of the project, HP will be designing the wireless network end to end, so I would hope they take AV running wild and people wanting to try hacks in to account

But this solution is all internal - no remote access outside of the building. Trial to one building first, 100% wireless delivery. So yes in a way you could say its offering services to a wild network, but that is why I say above that BYOD needs to have control as to what they can access and what they use it for. Creating a wireless network and having it apart of your normal trusted internal network with no other access controls for those wireless devices, is, IMO, very silly hence all the security concerns talked about here in this thread. I think BYOD works best when they can use remote access services like Citrix gateway or web interface, internally so its fast for set functions and that those functions are well defined.
__________________
OCAU.MC Member - Hayabusa 1340

Last edited by RaZ; 17th April 2012 at 11:21 AM.
RaZ is online now   Reply With Quote
Old 17th April 2012, 11:58 AM   #48
millsy_c
Member
 
millsy_c's Avatar
 
Join Date: Mar 2007
Location: BNE
Posts: 8,302
Default

Breaking my 5 month hiatus on ocau to chip in here (You last visited: 10th December 2011 at 3:56 PM)

The way I see it, the issue is that the users want everything. They want total control of their machine, they want to use their own machine, and they want everything cheaper.

Major problem being that they're taking and not giving. If they want to bring in their own machine, concessions need to be made somewhere in order to maintain the companies security.

I still believe VM's are approaching a good balance of security and convenience support wise, the real issue of course is securing the data on the VM. Can you encrypt the contents of a VHD?

Assuming you can, at least then you can expose a lot of your machines resources to the VM

Reading stuff like this makes you wonder though if we're screwed anyway :P
Quote:
Briggs at Deloitte said employers have generally become more savvy about cybersecurity in recent years as they move more operations online, store information in off-site data centers and accommodate a wired workforce. Mobile is simply the latest frontier, he said.
__________________
Quote:
Originally Posted by Luke212 View Post
You are talking like an expert beginner. Talk less and listen more.
System: i5 3570k @4ghz, 16gb ddr3, dual 670's, r4 define, triple U2312HM on proluma mount blah blah blah

Last edited by millsy_c; 17th April 2012 at 12:06 PM.
millsy_c is online now   Reply With Quote
Old 17th April 2012, 10:54 PM   #49
Chaffe
Member
 
Chaffe's Avatar
 
Join Date: Aug 2010
Location: Brisbane
Posts: 995
Default

Well I will admit I have no experience in IT and will never really need to know any of the stuff mentioned in this thread but I certainly have found it quite an interesting read.

One crazy idea/thought (so feel free to ignore it). What about a dual boot on BYOD devices. The company boot volume and data being completely encrypted and the user not having any administrator rights whilst using the company boot volume. Probably a pain in the ass to setup I'd imagine.
__________________
Join the OCAU HWbot team
"There is nothing good or bad but thinking makes it so"
Chaffe is offline   Reply With Quote
Old 18th April 2012, 9:28 AM   #50
millsy_c
Member
 
millsy_c's Avatar
 
Join Date: Mar 2007
Location: BNE
Posts: 8,302
Default

Quote:
Originally Posted by Chaffe View Post
Well I will admit I have no experience in IT and will never really need to know any of the stuff mentioned in this thread but I certainly have found it quite an interesting read.

One crazy idea/thought (so feel free to ignore it). What about a dual boot on BYOD devices. The company boot volume and data being completely encrypted and the user not having any administrator rights whilst using the company boot volume. Probably a pain in the ass to setup I'd imagine.
This is the approach I had thought of in the past as getting around it too. You still have the issue of data leakage though, unless you can encrypt hard disks on a partition level.
I.e. customers personal os install gets a virus. User boots into that environment, inputs the key to unlock the hdd and now the virus can go to town.
Also brings up the issue of maintaining SOE's for various machines

Found this interesting:
BYOD: If You Think You're Saving Money, Think Again
__________________
Quote:
Originally Posted by Luke212 View Post
You are talking like an expert beginner. Talk less and listen more.
System: i5 3570k @4ghz, 16gb ddr3, dual 670's, r4 define, triple U2312HM on proluma mount blah blah blah
millsy_c is online now   Reply With Quote
Old 18th April 2012, 1:22 PM   #51
novakain
Member
 
Join Date: Mar 2004
Posts: 31
Default

Quote:
Originally Posted by IACSecurity View Post
All references I have heard, and been involved with regarding BYOD, is to allow users to do just that, access internal corporate resources with 'things'. Most of those same places I talk with have existing guest networks, and 'client interaction' networks (love that term...) and the BYOD concept for them is expanding the usage/scope of their tablets and personal laptops to allow them to perform 'work' 'work' on them, both in the office, and at home.
This is pretty much the request that would come from the end users. And for some reason, many IT departments seem to interpret this request verbatim. This does not mean that the end solution needs to be exactly what the customer asks for.

As people have already pointed out, and as you are fully aware, such a move is fraught with security risks many organisations would find innacepable if they were fully investigated. Those same organisations, however, would still want to implement a BYOD policy. And for these organisations, simply treating these devices as hostile, setting them up on the guest network, and publishing those apps that users require to do 'work' 'work' in the same way that they are published for remote use via a regular internet connection at hom,e can be a viable solution. All of the security risks may have been addressed by mitigation through technology, work process, or simply by being identified as an acceptable risk based on the company's security policy.

For example, as part of a security policy, data should be assigned a classification level. Each classification level should have clearly idenified data handling methods (how it should be stored, how access to it should be logged etc) If staff in the organisation need to access highly classified data, which is to be accessed only on computers that have no access to the internet, well, those BYOD's that need access this data would need to be locked down and administered in the same manner as corporate computers that access the same data (ie be kept on-site and never connected to the internet). If the users want to use their devices at home to connect to the internet as well, then those BYOD's would need to be treated as devices that are connected to an unfettered internet connection, and as such, would never access that sensitive data.

It all depends on the organisation - there is no cookie-cutter solution here. What is acceptable for one organisation os completely unnaceptable for another. The best thing you can do if you're a big business is have a good security policy in place (and signed off by management!), with effective data management processes attached to it. Idenitfy what management wants BYOD's to do, and implement them based on your security policy. If they insist on doing things with BYOD's that are in breach of your security policy, document it as a breach, and get management to sign off on it as such every time security is audited. It's up to them to determine if it's an acceptable risk or not.
novakain is offline   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 1:43 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd. -
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Internode!