Who’s on your network?

Home networkWorried that people you don’t know might be connecting to your network? Concerned that the kids are browsing the Web when they should be in bed? Don’t just sit there worrying – do something about it! A home wireless network is incredibly convenient. That convenience, however comes at a price, not least being unable to tell who might be connecting to your home network and what they are up to. When everything was done with cables it was all so easy as, without a wire, nobody could connect to your router making it hard to sneak in and use it un-noticed. Likewise, if you wanted to stop the kids surfing after hours you simply “pulled the plug” at the router end and that was it for the night. Wi-Fi, however, adds a cloak of invisibility, which means having to get a little bit creative and delve into some of the more advanced router options to keep a lid on network use. But then, some of the simplest precautions can be the most effective, such as managing the security password needed to connect to your router in the first place

Pulling the Wi-Fi plug

It’s easy. When the kids need access, and you’re there to keep an eye on them, you can change your password to something they know, otherwise it can be set back to something secret. Of course that can be a bit tedious so check if your router will let you configure more than one wireless network (referred to as an SSID), each with its own security settings including a password. Furthermore look for time and date controls to limit when each network can be used and setup one tightly-controlled SSID for the kids and another, more relaxed network for the grown-ups. Most routers also let you manage access using the MAC address hardwired into every network device, typically, by blocking connections unknown addresses. This can take a while to setup, but it isn’t difficult and is a very easy way of preventing neighbours or passers-by using your router to connect to the Internet without your knowledge, even if they manage to crack your password.

Making sure

Another common option is the ability to see a list of devices actively connected to and using your router. Some can even log this information so that you don’t have to sit watching for intruders all the time. Logging and other basic tools are to be found on most  free routers bundled with broadband these days, although you may have to poke around in the Web management interface to find them. In some cases, however, you will have to upgrade to something better to get them but that’s not as hard as it sounds and you can also take the opportunity to add other extras. Extras like the ability to monitor and manage your network remotely, available on the latest D-Link Cloud routers which, with the free mydlink smartphone app, make it easy to check who’s on your network and make sure the kids are in bed no matter where you are.

The real BYOD issues

Bus man with tabletWe’re constantly warned of the dangers of allowing user-owned computing devices onto the company network. But what are the real issues with BYOD (Bring Your Own Device) – is it really any different from managing Windows notebooks?

The ready availability of powerful mobile computing devices is having a profound impact on the IT landscape, prompting employees to reach for their familiar smartphones and tablets at work rather than a company-supplied Windows laptop or desktop PC. Some see this as a problem to be grappled with, others as an opportunity which, if managed properly, will encourage staff to make better use of expensive IT resources at work.

The following are the most common concerns raised regarding BYOD and ways of addressing them without the need for costly new management and security tools.

“Mobile devices are hard to spot, how do we stop them being used to access sensitive information?”

Like Windows notebooks, smartphones and tablets have a unique MAC address and an individual IP address, enabling them to be managed using existing device and user controls. So, for example, if company policy requires users to be domain members in order to access specific applications and data, those rules can be applied whether using a PC or mobile device.

TIP – Wireless access points can be configured to simply block connections from devices with unknown MAC addresses. Alternatively, VLAN technology in switches and routers can  restrict unknown devices, whether smartphones, tablets or Windows computers, to Internet access only.

“By allowing users to connect their own devices to the network aren’t we at greater risk of viruses and malware?”

If anything, user-owned Android and iOS powered devices are less susceptible than Windows computers to viruses. There is still a risk from social engineering and infected downloads, but many of the existing security measures used to combat the spread of infection on company-owned computers can be applied equally to smartphones and tablets belonging to users.

TIP – Build a portal to authenticate mobile users and restrict visitors to a “guest” network with limited access to company servers and applications using VLAN and other segmentation technology found in managed and, more affordable, smart switches.

“How do we stop sensitive data falling into the wrong hands if user-owned devices are lost or stolen?”

Existing controls on what can be downloaded can, again, be applied here and the issue further minimised by controlling the way in which users interact with business-critical applications. Rather than a browser for example, it is better to restrict access to custom apps which not only fit the device format better but can also apply policy restrictions when downloading data.

TIP – Use controls in Exchange and other shared applications to remotely wipe data from mobile devices identified as lost or stolen. Most vendors of Windows desktop management products also include mobile security tools in their products and there are lots of downloadable apps that can help deal with lost or stolen devices.

“Our current infrastructure simply isn’t geared up to mobile access of any kind, shouldn’t we just ban it and carry on as we are?”

According to Gartner, by 2016 over 40% of the workforce will be mobile and 60% will own a smartphone or tablet, so a ban will merely put off having to deal with the inevitable. If your systems can’t be upgraded to cope with BYOD look at making use of public or private cloud services to support mobile devices and their users.

TIP – Start small, for example, by allowing users to access email and shared calendars on their handheld devices rather than going all-out for more extensive integration with business-critical applications from the get-go.

The bottom line on BYOD

Coping with BYOD can be as difficult or as easy as you make it – a challenge to be dealt with, or an opportunity waiting to be exploited. Either way it needs to be addressed and, at the very least, a proper policy on user-owned devices drawn published so that everyone knows what their rights and, more importantly, their responsibilities are.