SlideShare una empresa de Scribd logo

Controlling Laptop and Smartphone Access to Corporate Networks

Icomm Technologies
Icomm Technologies

With company-issued, IT-controlled laptops, IT has traditionally had the option to lock down the operating system to prevent the installation of potentially insecure or non-approved applications.

Empresariales
1 de 28
Descargar para leer sin conexión
Controlling Laptop and Smartphone Access to Corporate Networks Understanding the similarities and differences of securing mobile laptops and smartphones
Table of Contents The Consumerization of IT Issues Pertaining Specifically to Laptops Issues Pertaining Specifically to Smartphones Administrative Distinctions between Laptops and Smartphones A Comprehensive Approach to Best Practices Best Practices for Both Laptops and Smartphones Connecting from Outside the Perimeter Best Practice #1: Establish Reverse Web Proxy Best Practice #2: Establish SSL VPN Tunnels Best Practice #3: Scan VPN Traffic Through a Next-Gen Firewall Best Practice #4: Add Strong Authentication Best Practices Specifically for Laptops Connecting from Outside the Perimeter Best Practice #5: Deploy Endpoint Control for Laptops Best Practice #6: Create a Secure Virtual Desktop for Laptops Best Practice #7: Enforce Cache Cleaner Technology for Laptops Best Practices for Both Laptops and Smartphones Connecting from Inside the Perimeter Best Practice #8: Scan WiFi Traffic through a Next-Gen Firewall Best Practice #9: Control Application Traffic Best Practice #10: Prevent Data Leakage Best Practice #11: Block Inappropriate Web Access Best Practice #12: Block Outbound Botnet Attacks Mobile Device Management SonicWALL Mobility Solutions Conclusion 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 25
The Consumerization of IT With company-issued, IT-controlled laptops, IT has traditionally had the option to lock down the operating system to prevent the installation of potentially insecure or non-approved applications. Today, employees demand the same freedom-of-technology at work as they have in their personal lives.1 This consumerization of IT2 (as well as the budgetary incentive of offsetting inventory costs) has led companies to establish “bring your own device” (BYOD) policies that enable employees to select their own personal mobile devices for use at work. 1
Issues Pertaining Specifically to Laptops For laptops using applications running on standard Windows®, Macintosh® and Linux® operating systems, consumerization and BYOD has resulted in an open, uncontrolled “wild west” application environment. In effect, end users can install any applications they like, even those that are potentially insecure or dangerous and not sanctioned for corporate use, without any additional layer of security screening or review. Because of their open application environment, laptops require device interrogation. Device interrogation for Windows, Mac and Linux enables IT to see if the proper security applications are running on the device, and enforce security policy to allow, quarantine or deny access to the device based on the defined security policy of the company. For these unmanaged laptops, security demands using reverseproxy portal access or a virtual private network (VPN) tunnel with endpoint control. 2
Issues Pertaining Specifically to Smartphones In contrast, apps designed to run on smartphone (as well as tablet) operating systems typically undergo stringent review and are white-listed before becoming available for download. (This does not apply, of course, to smartphones that have been jailbroken). Because of this distinction, device interrogation is more critical for a laptop than for a smartphone. For example, iOS users have rarely downloaded a rogue app from the App StoreSM. Google Android®, while somewhat less stringent (and overcoming some rogue application issues early on), has been largely successful in maintaining a closed, white-listed app environment. 3
Administrative Distinctions between Laptops and Smartphones Administrators deploying laptops can select from a wide variety of IPSec and SSL VPN clients. IT administrators will often select a secure gateway and utilize that vendor’s secure client for connectivity. However, most secure clients are not supported by smartphone operating systems like iOS. Only a select group of security vendors have been provided low-level access to iOS. Laptops and smartphones differ in ease-of-use, deployment and administration, as well as unified clients and security policy. Security vendors who are not trusted by the smartphone are often forced to “tap” into various third-party clients to try to achieve a makeshift solution. As problems arise, administrators are forced to decipher the vendor “blame game” to determine where problems really exist. Administrators can more easily deploy and maintain gateway solutions from vendors that also have approved VPN access with the smartphone operating systems. 4
A Comprehensive Approach to Best Practices Both laptops and smartphones may connect to the network remotely over WiFi, and so are subject to man-in-the-middle attacks. As a result, both laptops and smartphones require encrypted access through a VPN to ensure the confidentiality of communications outside the network. Companies that rely strictly on Remote Desktop Protocol (RDP) solutions would be more susceptible to this type of snooping attack because the communication is unencrypted or may only support very weak encryption standards. Network Security Appliance Internet WiFi Hotspot Securing mobile access for laptops and smartphones is in many ways similar. IT must also have the ability to scan all traffic to ensure network integrity and security. Organizations are grappling with the reality that mobile devices are not only conduits of information flow but, unfortunately, also a delivery vehicle for malware into networks, either inadvertently or intentionally. Different security practices apply depending upon whether the mobile devices are connecting from outside or inside the network perimeter. 5
Best Practices for Both Laptops and Smartphones Connecting from Outside the Perimeter The following best practices address security issues of both laptops and smartphones that connect to the network from outside the perimeter: Establish Reverse Web Proxy n Establish SSL VPN Tunnels n Scan VPN Traffic Through a Next-Gen Firewall n Add Strong Authentication n These practices are detailed further in the following pages. 6
Best Practice #1: For Both Laptops and Smartphones Connecting from Outside the Perimeter Establish Reverse Web Proxy By providing standard browser access to web resources, reverse proxies can authenticate and encrypt web-based access to network resources from outside the perimeter. Reverse proxy delivers access agnostically to both laptop and smartphone platforms, thus minimizing deployment overhead. B B B PRACT IC PRACT IC 7 E T ES IC E B PRACT 6 T ES IC E T ES PRACT E 1 T ES
Best Practice #2: For Both Laptops and Smartphones Connecting from Outside the Perimeter Establish SSL VPN Tunnels B B B B B T ES PRACT IC E E B IC 6 7 E PRACT IC E T ES PRACT IC E T ES PRACT E 1 2 T ES Agent-based encrypted SSL VPN tunnels add easy “in-office” PRA T IC network-level Caccess to critical client-server resources for both ST E laptops and smartphones connecting from outside the perimeter. Administrators should select SSL VPN gateway solutions that have certified smartphone clients from the same vendors. This provides a single point of management and similar user experience for both laptops and smartphones, PRACT IC ST E rather than trying to cobble together and support one solution for laptops and a different solution for smartphones. 8
1 2 3 P T ES P 9 ES B T ES B B B IC E B PRACT IC E T ES PRACT E Both laptops and smartphones can act as conduits to enable malware to cross the network perimeter, over WiFi or 3G/4G PRACT IC ST connections. Integrated deployment Ewith a Next-Generation Firewall (NGFW) establishes a Clean VPN™ that decrypts then scans all the content. NGFW gateway security measures (e.g., Anti-Virus, Anti-Spyware, Intrusion Prevention Service) can decontaminate threats before they enter the network. T ES 6 7 8 P B B E Scan VPN Traffic Through a Next-Gen Firewall T ES B RACT T P IC Best Practice #3: For Both Laptops and Smartphones Connecting from Outside the Perimeter ES T P
2 3 4 T ES PRACT IC 7 8 9 T ES PRACT IC B B Add Strong Authentication E E Best Practice #4: For Both Laptops and Smartphones Connecting from Outside the Perimeter B B B B B IC E B PRACT IC E T ES IC PRACT E PRACT T ES IC E T ES PRACT E T ES E A secure solution for laptops, smartphones and tablets should integrate seamlessly Rwith standard authentication methods such PRACT P ACT IC IC ST ST E E as two-factor authentication and integrated one-time passwords. 10
Best Practices Specifically for Laptops Connecting from Outside the Perimeter The following best practices address security issues with laptops (because they do not have a white-listed app environment like smartphones) that connect to the network from outside the perimeter: Deploy Endpoint Control n Create a Secure Virtual Desktop n Enforce Cache Cleaner n These practices are detailed further in the following pages. 11
T ES T ES PRACT PRACT IC IC E B B 3 4 5 E To help determine and enforce acceptable security policy compliance for managed and unmanaged Windows, Macintosh and Linux laptops outside the perimeter, endpoint control can determine the presence of security applications and allow, quarantine or deny access based on security policy and user identity. As addressed above, this is very important for laptops, but less important for smartphones due to their white-listed app distribution environment. B Deploy Endpoint Control for Laptops E Best Practice #5: Specifically for Laptops Connecting from Outside the Perimeter 12
Best Practice #6: Specifically for Laptops Connecting from Outside the Perimeter Create a Secure Virtual Desktop for Laptops Secure virtual desktop environments can prevent users from leaving sensitive data behind on unmanaged Windows laptops. They accomplish this by removing all files and links generated during the VPN session upon disconnection. B PRACT IC IC E T ES PRACT E B 6 7 T ES 13
Best Practice #7: Specifically for Laptops Connecting from Outside the Perimeter IC B PRACT 6 7 8 T ES PRACT IC E 1 2 3 T ES E B Enforce Cache Cleaner Technology for Laptops B B B PRACT PRAC IC IC E PRAC T ES IC PRACT E PRACT T ES IC E T ES PRACT E T ES B A cache cleaner can remove all browser-based tracking information from a Windows and Mac laptop once the user logs off or closes the browser. 14
Best Practices for Both Laptops and Smartphones Connecting from Inside the Perimeter The following best practices address security issues of both laptops and smartphones that connect to the network from inside the perimeter: Scan WiFi Traffic through a Next-Gen Firewall n Control Application Traffic n Prevent Data Leakage n Block Inappropriate Web Access n Block Outbound Botnet Attacks n These practices are detailed further in the following pages. 15
1 2 3 4 Best Practice #8: For Both Laptops and Smartphones Connecting from Inside the Perimeter B PRACT T ES B T ES 6 7 8 9 T ES B Scan WiFi Traffic through a Next-Gen Firewall T ES IC PRACT I IC E B B B PRACT IC E IC PRACT E PRACT IC E T ES PRACT E T ES E C Integrating NGFW with 802.11a/b/g/n wireless connectivity creates a Clean Wireless™ network when the laptop or smartphone user is inside the perimeter. 16
2 3 4 7 8 9 B B B B B B B PRACT IC IC E T ES IC PRACT E PRACT T ES IC E T ES PRACT E T ES E In general, mobile device apps are either critical business solutions or personal time-wasters. An Application Intelligence PRACT PRACT IC IC ST S T Control solution can Eenable IT to define and enforce and E how application and bandwidth assets are used. E B E Control Application Traffic E PRACT PRACT IC ST S T and Smartphones Connecting from Inside Ithe Perimeter C Best Practice #9: For Both Laptops E E 17
IC 8 9 T ES PRACT IC B E Best Practice #10: For Both Laptops and Smartphones Connecting from Inside the Perimeter E 3 4 5 RACT Prevent Data Leakage PRACT IC E E T ES B 10 B IC E RACT E Data leakage protection technology applied to laptops and R A C T smartphones inside R A C T perimeter can scan inbound and P the IC IC ST E outbound traffic and take policy-driven action to block or allow file transmission based upon watermarked content. It can also forward non-compliant watermarked files to IT, HR or management for further remediation. 18
Best Practice #11: For Both Laptops and Smartphones Connecting from Inside the Perimeter Block Inappropriate Web Access Content filtering for both laptops and smartphones (and even corporate desktops) used inside the perimeter can enforce company browsing policies for mobile users and help them comply with regulatory mandates by ensuring a non-hostile network environment. T ES PRACT IC T ES B E 11 PRACT IC B E 12 19
Best Practice #12: For Both Laptops and Smartphones Connecting from Inside the Perimeter Block Outbound Botnet Attacks T ES PRACT IC B E 11 Anti-malware scanning can identify and block outbound botnet attacks launched from laptops and smartphones connected from inside the perimeter. T ES PRACT IC B E 12 20
Mobile Device Management To deal with issues of mobile security even further, some organizations consider implementing Mobile Device Management (MDM) gateways. Among other things, MDM may restrict access based on phone number, identify jailbroken devices, and isolate business data into encrypted MDM-managed virtual desktop containers that IT can remotely wipe based upon policy criteria. However, taking on an MDM solution typically involves significant investment and additional infrastructure complexity, which can sometimes counter its benefits. Before taking on the added expense, an organization should consider why it needs MDM. If MDM does not offer distinct benefits for specific use cases, the organization should reallocate budget to uses that are more productive. 21
SonicWALL Mobility Solutions To implement these best practices, IT requires solutions with the capability to enforce them. SonicWALL® Aventail® E-Class Secure Remote Access (SRA) Series, SRA Series for Small- to Medium-Sized Businesses (SMB), and SonicWALL Next-Generation Firewalls deliver easy, policy-driven SSL VPN access to critical network resources from an extensive range of mobile device platforms, including Windows, Macintosh and Linux-based laptops, Windows Mobile, iOS, Google Android and Nokia Symbian smartphones. SonicWALL Aventail Advanced End Point Control™ (EPC™) (available for Windows, Macintosh and Linux-based devices) integrates unmanaged endpoint protection, encrypted virtual Secure Desktop and comprehensive cache control. EPC offers advanced endpoint detection and data protection for enterprises by interrogating endpoint devices to confirm the presence of all supported anti-virus, personal firewall and anti-spyware solutions from leading vendors such as McAfee®, Symantec®, Computer Associates®, Sophos®, Kaspersky Lab® and many more. 22
SonicWALL Mobility Solutions (continued) The SonicWALL Mobile Connect™ unified client app for iOS provides Apple iPad, iPhone, and iPod touch users full access to network-level resources over encrypted SSL VPN connections to ensure confidentiality and data integrity for users outside Mobile the network perimeter. Deployed on or with a SonicWALL Next-Generation Firewall, Connect it enables Clean VPN to remove malware from communications relayed through iOS devices. SonicWALL Application Intelligence and Control enables IT to define and enforce how application and bandwidth assets are used whether the user is inside or outside the network. Users can download and install the app easily via the App Store, providing secure SSL VPN connections to SonicWALL Aventail E-Class SRA, SRA for SMB or SonicWALL Next-Generation Firewall appliances. Additionally, SonicWALL Aventail Connect Mobile™, in combination with SonicWALL Aventail E-Class SRA appliances, provides a remote access solution for Windows Mobile smartphones and Google Android smartphones and tablets. Both Mobile Connect and Connect Mobile clients provide “in-office” access optimized for the device, combining a seamless network experience for users, along with a single, centrally managed gateway for mobile access control. SonicWALL Aventail SSL VPN solutions provide Secure ActiveSync® Support for access to Microsoft Exchange email, contact and calendar services from iOS, Android, Symbian, Windows Mobile and Windows Phone 7 smartphone and tablet devices. SonicWALL Device Identification lets administrators chain a specific smartphone or tablet to a specific user so, in the event that phone is lost or stolen, they can quickly revoke corporate access. 23
SonicWALL Mobility Solutions (continued) SonicWALL Clean VPN™ delivers the critical dual protection of SSL VPN and highperformance Next-Generation Firewall necessary to secure both VPN access and traffic. The multi-layered protection of Clean VPN enables organizations to decrypt and scan for malware on all authorized SSL VPN traffic before it enters the network environment. Clean VPN protects the integrity of VPN access by establishing trust for remote users and their endpoint devices, using enforced authentication, data encryption, and granular access policy. Simultaneously, Clean VPN secures the integrity of VPN traffic by authorizing this traffic, cleaning inbound traffic for malware, and verifying all outbound VPN traffic in real time. SonicWALL Clean Wireless delivers secure, simple and cost-effective distributed wireless networking by integrating universal 802.11a/b/g/n wireless features with an enterprise-class firewall/VPN gateway. SonicWALL Application Intelligence and Control can maintain granular control over applications, prioritize or throttle bandwidth, and manage website access. Its comprehensive policy capabilities include restricting transfer of specific files and documents, blocking email attachments using user-configurable criteria, customizing application control, and denying internal and external web access based on various user-configurable options. 24
Conclusions The differences between laptops and smartphones affect how IT should approach security, particularly in the areas of device interrogation and VPN client provisioning. Still, corporations, academic institutions and government entities must require both laptops and smartphones to support strong VPN or remote proxy connectivity when used outside of the corporate network to ensure data confidentiality and security while taking advantage of external wireless connectivity, hot spots, etc. When used inside the corporate network, laptops and smartphones should be able to take advantage of all the protection and security offered from leading-edge Next-Generation Firewall technology IT must be able to guarantee vital bandwidth to critical applications, while limiting the negative impact of undesired traffic. SonicWALL solutions, including Mobile Connect, SSL VPN, Clean VPN, and Next-Generation Firewalls with application intelligence, control and visualization, can help organizations easily implement best practices to secure laptop and smartphone use in corporate network environments. 25
How Can I Learn More? n Download the Whitepaper “Controlling Smartphone and Laptop Access to Corporate Networks” n Opt-in to receive SonicWALL Newsletters For feedback on this e-book or other SonicWALL e-books or whitepapers, please send an email to feedback@sonicwall.com. About SonicWALL Guided by its vision of Dynamic Security for the Global Network, SonicWALL® develops advanced intelligent network security and data protection solutions that adapt as organizations evolve and as threats evolve. Trusted by small and large enterprises worldwide, SonicWALL solutions are designed to detect and control applications and protect networks from intrusions and malware attacks through award-winning hardware, software and virtual appliance-based solutions. For more information, visit the company web site at www.sonicwall.com. 1 2 “The State of Workforce Technology Adoption: US Benchmark 2009,” Forrester Research, Inc., November 11, 2009 “Gartner Says Consumerization Will Be Most Significant Trend Affecting IT During Next 10 Years,” Gartner Inc., October 20, 2005 SonicWALL’s line-up of dynamic security solutions NETWORK SECURITY SECURE REMOTE ACCESS WEB AND E-MAIL SECURITY BACKUP AND RECOVERY POLICY AND MANAGEMENT SonicWALL, Inc. 2001 Logic Drive, San Jose, CA 95124 T +1 408.745.9600 F +1 408.745.9300 www.sonicwall.com © 2011 SonicWALL, Inc. All rights reserved. SonicWALL® is a registered trademark of SonicWALL, Inc. and all other SonicWALL product and service names and slogans are trademarks or registered trademarks of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective owners. 12/11 SW 1511B

Recomendados

How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
Forescout Technologies Inc
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
Forescout Technologies Inc
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Forescout Technologies Inc
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
Icomm Technologies
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's Here
Forescout Technologies Inc
 
160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architecture160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architecture
Lan & Wan Solutions
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overview
PrivateWave Italia SpA
 

Recomendados

How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
Forescout Technologies Inc
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
Forescout Technologies Inc
 
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoTTransforming Smart Building Cybersecurity Strategy for the Age of IoT
Transforming Smart Building Cybersecurity Strategy for the Age of IoT
Forescout Technologies Inc
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
Icomm Technologies
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's Here
Forescout Technologies Inc
 
160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architecture160415 lan and-wan-secure-access-architecture
160415 lan and-wan-secure-access-architecture
Lan & Wan Solutions
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overview
PrivateWave Italia SpA
 
Smart phone and mobile device security
Smart phone and mobile device securitySmart phone and mobile device security
Smart phone and mobile device security
CAS
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
Sophos
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
Moon Technolabs Pvt. Ltd.
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the Enterprise
AirTight Networks
 
Device Hacking
Device HackingDevice Hacking
Device Hacking
Damian T. Gordon
 
Sophos Utm Presentation 2016
Sophos Utm Presentation 2016Sophos Utm Presentation 2016
Sophos Utm Presentation 2016
InformatikaFortuno
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
Lookout
 
Naba barkakati controls for mobile devices
Naba barkakati controls for mobile devicesNaba barkakati controls for mobile devices
Naba barkakati controls for mobile devices
Naba Barkakati
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
Block Armour
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
Mobile security
Mobile securityMobile security
Mobile security
home
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings
Sophos
 
Evento 15 aprile
Evento 15 aprileEvento 15 aprile
Evento 15 aprile
Lan & Wan Solutions
 
Shining a Light on Shadow Devices
Shining a Light on Shadow DevicesShining a Light on Shadow Devices
Shining a Light on Shadow Devices
Forescout Technologies Inc
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
Vasco Veloso
 
Consider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleConsider Sophos - Security Made Simple
Consider Sophos - Security Made Simple
David Fuchs
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1
Lisa Brown
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
Divyank Jindal
 

Más contenido relacionado

La actualidad más candente

Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
Mobile security
Mobile securityMobile security
Mobile security
home
 
Consider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleConsider Sophos - Security Made Simple
Consider Sophos - Security Made Simple
David Fuchs
 

La actualidad más candente (20)

Smart phone and mobile device security
Smart phone and mobile device securitySmart phone and mobile device security
Smart phone and mobile device security
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
 
Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the Enterprise
 
Device Hacking
Device HackingDevice Hacking
Device Hacking
 
Sophos Utm Presentation 2016
Sophos Utm Presentation 2016Sophos Utm Presentation 2016
Sophos Utm Presentation 2016
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
Naba barkakati controls for mobile devices
Naba barkakati controls for mobile devicesNaba barkakati controls for mobile devices
Naba barkakati controls for mobile devices
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
Mobile security
Mobile securityMobile security
Mobile security
 
4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings4 Steps to Optimal Endpoint Settings
4 Steps to Optimal Endpoint Settings
 
Evento 15 aprile
Evento 15 aprileEvento 15 aprile
Evento 15 aprile
 
Shining a Light on Shadow Devices
Shining a Light on Shadow DevicesShining a Light on Shadow Devices
Shining a Light on Shadow Devices
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Consider Sophos - Security Made Simple
Consider Sophos - Security Made SimpleConsider Sophos - Security Made Simple
Consider Sophos - Security Made Simple
 
IOT Security
IOT SecurityIOT Security
IOT Security
 

Similar a Controlling Laptop and Smartphone Access to Corporate Networks

Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1
Lisa Brown
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
Divyank Jindal
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of Things
Symantec
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
Editor IJMTER
 
Safely Scaling Virtual Private Network for a Major Telecom Company during A P...
Safely Scaling Virtual Private Network for a Major Telecom Company during A P...Safely Scaling Virtual Private Network for a Major Telecom Company during A P...
Safely Scaling Virtual Private Network for a Major Telecom Company during A P...
AIRCC Publishing Corporation
 
SAFELY SCALING VIRTUAL PRIVATE NETWORK FOR A MAJOR TELECOM COMPANY DURING A P...
SAFELY SCALING VIRTUAL PRIVATE NETWORK FOR A MAJOR TELECOM COMPANY DURING A P...SAFELY SCALING VIRTUAL PRIVATE NETWORK FOR A MAJOR TELECOM COMPANY DURING A P...
SAFELY SCALING VIRTUAL PRIVATE NETWORK FOR A MAJOR TELECOM COMPANY DURING A P...
ijcsit
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
Pragati Rai
 

Similar a Controlling Laptop and Smartphone Access to Corporate Networks (20)

Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1Nt1310 Unit 1 Assignment 1
Nt1310 Unit 1 Assignment 1
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
Vpn alternative whitepaper
Vpn alternative whitepaperVpn alternative whitepaper
Vpn alternative whitepaper
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
IoT Design Principles
IoT Design PrinciplesIoT Design Principles
IoT Design Principles
 
WHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of ThingsWHITE PAPER▶ Insecurity in the Internet of Things
WHITE PAPER▶ Insecurity in the Internet of Things
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
 
VPN In Details
VPN In DetailsVPN In Details
VPN In Details
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
 
IBM Xforce Q4 2014
IBM Xforce Q4 2014IBM Xforce Q4 2014
IBM Xforce Q4 2014
 
Safely Scaling Virtual Private Network for a Major Telecom Company during A P...
Safely Scaling Virtual Private Network for a Major Telecom Company during A P...Safely Scaling Virtual Private Network for a Major Telecom Company during A P...
Safely Scaling Virtual Private Network for a Major Telecom Company during A P...
 
SAFELY SCALING VIRTUAL PRIVATE NETWORK FOR A MAJOR TELECOM COMPANY DURING A P...
SAFELY SCALING VIRTUAL PRIVATE NETWORK FOR A MAJOR TELECOM COMPANY DURING A P...SAFELY SCALING VIRTUAL PRIVATE NETWORK FOR A MAJOR TELECOM COMPANY DURING A P...
SAFELY SCALING VIRTUAL PRIVATE NETWORK FOR A MAJOR TELECOM COMPANY DURING A P...
 
Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?Is Your Network Ready for the Age of IoT?
Is Your Network Ready for the Age of IoT?
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Sprite guard on line brochure
Sprite guard on line brochureSprite guard on line brochure
Sprite guard on line brochure
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdf
 

Más de Icomm Technologies

Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attack
Icomm Technologies
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architecture
Icomm Technologies
 

Más de Icomm Technologies (20)

The truth behind cyber attacks
The truth behind cyber attacks The truth behind cyber attacks
The truth behind cyber attacks
 
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
10 Key Action to Reduce IT Infrastructure and Operation Cost Stucture
 
Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attack
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
 
The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.
 
Swivel Secure and Office 365
Swivel Secure and Office 365Swivel Secure and Office 365
Swivel Secure and Office 365
 
Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365Swivel Secure, ADFS and Office 365
Swivel Secure, ADFS and Office 365
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Top 10 Trends in Telecommuting
Top 10 Trends in TelecommutingTop 10 Trends in Telecommuting
Top 10 Trends in Telecommuting
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012
 
Tackling consumerization of it
Tackling consumerization of it Tackling consumerization of it
Tackling consumerization of it
 
Office 365-technical-overview-deck
Office 365-technical-overview-deckOffice 365-technical-overview-deck
Office 365-technical-overview-deck
 
Icomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paperIcomm virtualisation-support-white-paper
Icomm virtualisation-support-white-paper
 
Icomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm cloud-backup-overview
Icomm cloud-backup-overview
 
Icomm agentless-architecture
Icomm agentless-architectureIcomm agentless-architecture
Icomm agentless-architecture
 
Efficiently protect-virtual-machines
Efficiently protect-virtual-machinesEfficiently protect-virtual-machines
Efficiently protect-virtual-machines
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devices
 
Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.Beakbane safeguards future with ERP - ready infrastructure upgrade.
Beakbane safeguards future with ERP - ready infrastructure upgrade.
 

Último

FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 

Último (20)

FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 

Controlling Laptop and Smartphone Access to Corporate Networks

  • 1. Controlling Laptop and Smartphone Access to Corporate Networks Understanding the similarities and differences of securing mobile laptops and smartphones
  • 2. Table of Contents The Consumerization of IT Issues Pertaining Specifically to Laptops Issues Pertaining Specifically to Smartphones Administrative Distinctions between Laptops and Smartphones A Comprehensive Approach to Best Practices Best Practices for Both Laptops and Smartphones Connecting from Outside the Perimeter Best Practice #1: Establish Reverse Web Proxy Best Practice #2: Establish SSL VPN Tunnels Best Practice #3: Scan VPN Traffic Through a Next-Gen Firewall Best Practice #4: Add Strong Authentication Best Practices Specifically for Laptops Connecting from Outside the Perimeter Best Practice #5: Deploy Endpoint Control for Laptops Best Practice #6: Create a Secure Virtual Desktop for Laptops Best Practice #7: Enforce Cache Cleaner Technology for Laptops Best Practices for Both Laptops and Smartphones Connecting from Inside the Perimeter Best Practice #8: Scan WiFi Traffic through a Next-Gen Firewall Best Practice #9: Control Application Traffic Best Practice #10: Prevent Data Leakage Best Practice #11: Block Inappropriate Web Access Best Practice #12: Block Outbound Botnet Attacks Mobile Device Management SonicWALL Mobility Solutions Conclusion 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 25
  • 3. The Consumerization of IT With company-issued, IT-controlled laptops, IT has traditionally had the option to lock down the operating system to prevent the installation of potentially insecure or non-approved applications. Today, employees demand the same freedom-of-technology at work as they have in their personal lives.1 This consumerization of IT2 (as well as the budgetary incentive of offsetting inventory costs) has led companies to establish “bring your own device” (BYOD) policies that enable employees to select their own personal mobile devices for use at work. 1
  • 4. Issues Pertaining Specifically to Laptops For laptops using applications running on standard Windows®, Macintosh® and Linux® operating systems, consumerization and BYOD has resulted in an open, uncontrolled “wild west” application environment. In effect, end users can install any applications they like, even those that are potentially insecure or dangerous and not sanctioned for corporate use, without any additional layer of security screening or review. Because of their open application environment, laptops require device interrogation. Device interrogation for Windows, Mac and Linux enables IT to see if the proper security applications are running on the device, and enforce security policy to allow, quarantine or deny access to the device based on the defined security policy of the company. For these unmanaged laptops, security demands using reverseproxy portal access or a virtual private network (VPN) tunnel with endpoint control. 2
  • 5. Issues Pertaining Specifically to Smartphones In contrast, apps designed to run on smartphone (as well as tablet) operating systems typically undergo stringent review and are white-listed before becoming available for download. (This does not apply, of course, to smartphones that have been jailbroken). Because of this distinction, device interrogation is more critical for a laptop than for a smartphone. For example, iOS users have rarely downloaded a rogue app from the App StoreSM. Google Android®, while somewhat less stringent (and overcoming some rogue application issues early on), has been largely successful in maintaining a closed, white-listed app environment. 3
  • 6. Administrative Distinctions between Laptops and Smartphones Administrators deploying laptops can select from a wide variety of IPSec and SSL VPN clients. IT administrators will often select a secure gateway and utilize that vendor’s secure client for connectivity. However, most secure clients are not supported by smartphone operating systems like iOS. Only a select group of security vendors have been provided low-level access to iOS. Laptops and smartphones differ in ease-of-use, deployment and administration, as well as unified clients and security policy. Security vendors who are not trusted by the smartphone are often forced to “tap” into various third-party clients to try to achieve a makeshift solution. As problems arise, administrators are forced to decipher the vendor “blame game” to determine where problems really exist. Administrators can more easily deploy and maintain gateway solutions from vendors that also have approved VPN access with the smartphone operating systems. 4
  • 7. A Comprehensive Approach to Best Practices Both laptops and smartphones may connect to the network remotely over WiFi, and so are subject to man-in-the-middle attacks. As a result, both laptops and smartphones require encrypted access through a VPN to ensure the confidentiality of communications outside the network. Companies that rely strictly on Remote Desktop Protocol (RDP) solutions would be more susceptible to this type of snooping attack because the communication is unencrypted or may only support very weak encryption standards. Network Security Appliance Internet WiFi Hotspot Securing mobile access for laptops and smartphones is in many ways similar. IT must also have the ability to scan all traffic to ensure network integrity and security. Organizations are grappling with the reality that mobile devices are not only conduits of information flow but, unfortunately, also a delivery vehicle for malware into networks, either inadvertently or intentionally. Different security practices apply depending upon whether the mobile devices are connecting from outside or inside the network perimeter. 5
  • 8. Best Practices for Both Laptops and Smartphones Connecting from Outside the Perimeter The following best practices address security issues of both laptops and smartphones that connect to the network from outside the perimeter: Establish Reverse Web Proxy n Establish SSL VPN Tunnels n Scan VPN Traffic Through a Next-Gen Firewall n Add Strong Authentication n These practices are detailed further in the following pages. 6
  • 9. Best Practice #1: For Both Laptops and Smartphones Connecting from Outside the Perimeter Establish Reverse Web Proxy By providing standard browser access to web resources, reverse proxies can authenticate and encrypt web-based access to network resources from outside the perimeter. Reverse proxy delivers access agnostically to both laptop and smartphone platforms, thus minimizing deployment overhead. B B B PRACT IC PRACT IC 7 E T ES IC E B PRACT 6 T ES IC E T ES PRACT E 1 T ES
  • 10. Best Practice #2: For Both Laptops and Smartphones Connecting from Outside the Perimeter Establish SSL VPN Tunnels B B B B B T ES PRACT IC E E B IC 6 7 E PRACT IC E T ES PRACT IC E T ES PRACT E 1 2 T ES Agent-based encrypted SSL VPN tunnels add easy “in-office” PRA T IC network-level Caccess to critical client-server resources for both ST E laptops and smartphones connecting from outside the perimeter. Administrators should select SSL VPN gateway solutions that have certified smartphone clients from the same vendors. This provides a single point of management and similar user experience for both laptops and smartphones, PRACT IC ST E rather than trying to cobble together and support one solution for laptops and a different solution for smartphones. 8
  • 11. 1 2 3 P T ES P 9 ES B T ES B B B IC E B PRACT IC E T ES PRACT E Both laptops and smartphones can act as conduits to enable malware to cross the network perimeter, over WiFi or 3G/4G PRACT IC ST connections. Integrated deployment Ewith a Next-Generation Firewall (NGFW) establishes a Clean VPN™ that decrypts then scans all the content. NGFW gateway security measures (e.g., Anti-Virus, Anti-Spyware, Intrusion Prevention Service) can decontaminate threats before they enter the network. T ES 6 7 8 P B B E Scan VPN Traffic Through a Next-Gen Firewall T ES B RACT T P IC Best Practice #3: For Both Laptops and Smartphones Connecting from Outside the Perimeter ES T P
  • 12. 2 3 4 T ES PRACT IC 7 8 9 T ES PRACT IC B B Add Strong Authentication E E Best Practice #4: For Both Laptops and Smartphones Connecting from Outside the Perimeter B B B B B IC E B PRACT IC E T ES IC PRACT E PRACT T ES IC E T ES PRACT E T ES E A secure solution for laptops, smartphones and tablets should integrate seamlessly Rwith standard authentication methods such PRACT P ACT IC IC ST ST E E as two-factor authentication and integrated one-time passwords. 10
  • 13. Best Practices Specifically for Laptops Connecting from Outside the Perimeter The following best practices address security issues with laptops (because they do not have a white-listed app environment like smartphones) that connect to the network from outside the perimeter: Deploy Endpoint Control n Create a Secure Virtual Desktop n Enforce Cache Cleaner n These practices are detailed further in the following pages. 11
  • 14. T ES T ES PRACT PRACT IC IC E B B 3 4 5 E To help determine and enforce acceptable security policy compliance for managed and unmanaged Windows, Macintosh and Linux laptops outside the perimeter, endpoint control can determine the presence of security applications and allow, quarantine or deny access based on security policy and user identity. As addressed above, this is very important for laptops, but less important for smartphones due to their white-listed app distribution environment. B Deploy Endpoint Control for Laptops E Best Practice #5: Specifically for Laptops Connecting from Outside the Perimeter 12
  • 15. Best Practice #6: Specifically for Laptops Connecting from Outside the Perimeter Create a Secure Virtual Desktop for Laptops Secure virtual desktop environments can prevent users from leaving sensitive data behind on unmanaged Windows laptops. They accomplish this by removing all files and links generated during the VPN session upon disconnection. B PRACT IC IC E T ES PRACT E B 6 7 T ES 13
  • 16. Best Practice #7: Specifically for Laptops Connecting from Outside the Perimeter IC B PRACT 6 7 8 T ES PRACT IC E 1 2 3 T ES E B Enforce Cache Cleaner Technology for Laptops B B B PRACT PRAC IC IC E PRAC T ES IC PRACT E PRACT T ES IC E T ES PRACT E T ES B A cache cleaner can remove all browser-based tracking information from a Windows and Mac laptop once the user logs off or closes the browser. 14
  • 17. Best Practices for Both Laptops and Smartphones Connecting from Inside the Perimeter The following best practices address security issues of both laptops and smartphones that connect to the network from inside the perimeter: Scan WiFi Traffic through a Next-Gen Firewall n Control Application Traffic n Prevent Data Leakage n Block Inappropriate Web Access n Block Outbound Botnet Attacks n These practices are detailed further in the following pages. 15
  • 18. 1 2 3 4 Best Practice #8: For Both Laptops and Smartphones Connecting from Inside the Perimeter B PRACT T ES B T ES 6 7 8 9 T ES B Scan WiFi Traffic through a Next-Gen Firewall T ES IC PRACT I IC E B B B PRACT IC E IC PRACT E PRACT IC E T ES PRACT E T ES E C Integrating NGFW with 802.11a/b/g/n wireless connectivity creates a Clean Wireless™ network when the laptop or smartphone user is inside the perimeter. 16
  • 19. 2 3 4 7 8 9 B B B B B B B PRACT IC IC E T ES IC PRACT E PRACT T ES IC E T ES PRACT E T ES E In general, mobile device apps are either critical business solutions or personal time-wasters. An Application Intelligence PRACT PRACT IC IC ST S T Control solution can Eenable IT to define and enforce and E how application and bandwidth assets are used. E B E Control Application Traffic E PRACT PRACT IC ST S T and Smartphones Connecting from Inside Ithe Perimeter C Best Practice #9: For Both Laptops E E 17
  • 20. IC 8 9 T ES PRACT IC B E Best Practice #10: For Both Laptops and Smartphones Connecting from Inside the Perimeter E 3 4 5 RACT Prevent Data Leakage PRACT IC E E T ES B 10 B IC E RACT E Data leakage protection technology applied to laptops and R A C T smartphones inside R A C T perimeter can scan inbound and P the IC IC ST E outbound traffic and take policy-driven action to block or allow file transmission based upon watermarked content. It can also forward non-compliant watermarked files to IT, HR or management for further remediation. 18
  • 21. Best Practice #11: For Both Laptops and Smartphones Connecting from Inside the Perimeter Block Inappropriate Web Access Content filtering for both laptops and smartphones (and even corporate desktops) used inside the perimeter can enforce company browsing policies for mobile users and help them comply with regulatory mandates by ensuring a non-hostile network environment. T ES PRACT IC T ES B E 11 PRACT IC B E 12 19
  • 22. Best Practice #12: For Both Laptops and Smartphones Connecting from Inside the Perimeter Block Outbound Botnet Attacks T ES PRACT IC B E 11 Anti-malware scanning can identify and block outbound botnet attacks launched from laptops and smartphones connected from inside the perimeter. T ES PRACT IC B E 12 20
  • 23. Mobile Device Management To deal with issues of mobile security even further, some organizations consider implementing Mobile Device Management (MDM) gateways. Among other things, MDM may restrict access based on phone number, identify jailbroken devices, and isolate business data into encrypted MDM-managed virtual desktop containers that IT can remotely wipe based upon policy criteria. However, taking on an MDM solution typically involves significant investment and additional infrastructure complexity, which can sometimes counter its benefits. Before taking on the added expense, an organization should consider why it needs MDM. If MDM does not offer distinct benefits for specific use cases, the organization should reallocate budget to uses that are more productive. 21
  • 24. SonicWALL Mobility Solutions To implement these best practices, IT requires solutions with the capability to enforce them. SonicWALL® Aventail® E-Class Secure Remote Access (SRA) Series, SRA Series for Small- to Medium-Sized Businesses (SMB), and SonicWALL Next-Generation Firewalls deliver easy, policy-driven SSL VPN access to critical network resources from an extensive range of mobile device platforms, including Windows, Macintosh and Linux-based laptops, Windows Mobile, iOS, Google Android and Nokia Symbian smartphones. SonicWALL Aventail Advanced End Point Control™ (EPC™) (available for Windows, Macintosh and Linux-based devices) integrates unmanaged endpoint protection, encrypted virtual Secure Desktop and comprehensive cache control. EPC offers advanced endpoint detection and data protection for enterprises by interrogating endpoint devices to confirm the presence of all supported anti-virus, personal firewall and anti-spyware solutions from leading vendors such as McAfee®, Symantec®, Computer Associates®, Sophos®, Kaspersky Lab® and many more. 22
  • 25. SonicWALL Mobility Solutions (continued) The SonicWALL Mobile Connect™ unified client app for iOS provides Apple iPad, iPhone, and iPod touch users full access to network-level resources over encrypted SSL VPN connections to ensure confidentiality and data integrity for users outside Mobile the network perimeter. Deployed on or with a SonicWALL Next-Generation Firewall, Connect it enables Clean VPN to remove malware from communications relayed through iOS devices. SonicWALL Application Intelligence and Control enables IT to define and enforce how application and bandwidth assets are used whether the user is inside or outside the network. Users can download and install the app easily via the App Store, providing secure SSL VPN connections to SonicWALL Aventail E-Class SRA, SRA for SMB or SonicWALL Next-Generation Firewall appliances. Additionally, SonicWALL Aventail Connect Mobile™, in combination with SonicWALL Aventail E-Class SRA appliances, provides a remote access solution for Windows Mobile smartphones and Google Android smartphones and tablets. Both Mobile Connect and Connect Mobile clients provide “in-office” access optimized for the device, combining a seamless network experience for users, along with a single, centrally managed gateway for mobile access control. SonicWALL Aventail SSL VPN solutions provide Secure ActiveSync® Support for access to Microsoft Exchange email, contact and calendar services from iOS, Android, Symbian, Windows Mobile and Windows Phone 7 smartphone and tablet devices. SonicWALL Device Identification lets administrators chain a specific smartphone or tablet to a specific user so, in the event that phone is lost or stolen, they can quickly revoke corporate access. 23
  • 26. SonicWALL Mobility Solutions (continued) SonicWALL Clean VPN™ delivers the critical dual protection of SSL VPN and highperformance Next-Generation Firewall necessary to secure both VPN access and traffic. The multi-layered protection of Clean VPN enables organizations to decrypt and scan for malware on all authorized SSL VPN traffic before it enters the network environment. Clean VPN protects the integrity of VPN access by establishing trust for remote users and their endpoint devices, using enforced authentication, data encryption, and granular access policy. Simultaneously, Clean VPN secures the integrity of VPN traffic by authorizing this traffic, cleaning inbound traffic for malware, and verifying all outbound VPN traffic in real time. SonicWALL Clean Wireless delivers secure, simple and cost-effective distributed wireless networking by integrating universal 802.11a/b/g/n wireless features with an enterprise-class firewall/VPN gateway. SonicWALL Application Intelligence and Control can maintain granular control over applications, prioritize or throttle bandwidth, and manage website access. Its comprehensive policy capabilities include restricting transfer of specific files and documents, blocking email attachments using user-configurable criteria, customizing application control, and denying internal and external web access based on various user-configurable options. 24
  • 27. Conclusions The differences between laptops and smartphones affect how IT should approach security, particularly in the areas of device interrogation and VPN client provisioning. Still, corporations, academic institutions and government entities must require both laptops and smartphones to support strong VPN or remote proxy connectivity when used outside of the corporate network to ensure data confidentiality and security while taking advantage of external wireless connectivity, hot spots, etc. When used inside the corporate network, laptops and smartphones should be able to take advantage of all the protection and security offered from leading-edge Next-Generation Firewall technology IT must be able to guarantee vital bandwidth to critical applications, while limiting the negative impact of undesired traffic. SonicWALL solutions, including Mobile Connect, SSL VPN, Clean VPN, and Next-Generation Firewalls with application intelligence, control and visualization, can help organizations easily implement best practices to secure laptop and smartphone use in corporate network environments. 25
  • 28. How Can I Learn More? n Download the Whitepaper “Controlling Smartphone and Laptop Access to Corporate Networks” n Opt-in to receive SonicWALL Newsletters For feedback on this e-book or other SonicWALL e-books or whitepapers, please send an email to feedback@sonicwall.com. About SonicWALL Guided by its vision of Dynamic Security for the Global Network, SonicWALL® develops advanced intelligent network security and data protection solutions that adapt as organizations evolve and as threats evolve. Trusted by small and large enterprises worldwide, SonicWALL solutions are designed to detect and control applications and protect networks from intrusions and malware attacks through award-winning hardware, software and virtual appliance-based solutions. For more information, visit the company web site at www.sonicwall.com. 1 2 “The State of Workforce Technology Adoption: US Benchmark 2009,” Forrester Research, Inc., November 11, 2009 “Gartner Says Consumerization Will Be Most Significant Trend Affecting IT During Next 10 Years,” Gartner Inc., October 20, 2005 SonicWALL’s line-up of dynamic security solutions NETWORK SECURITY SECURE REMOTE ACCESS WEB AND E-MAIL SECURITY BACKUP AND RECOVERY POLICY AND MANAGEMENT SonicWALL, Inc. 2001 Logic Drive, San Jose, CA 95124 T +1 408.745.9600 F +1 408.745.9300 www.sonicwall.com © 2011 SonicWALL, Inc. All rights reserved. SonicWALL® is a registered trademark of SonicWALL, Inc. and all other SonicWALL product and service names and slogans are trademarks or registered trademarks of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective owners. 12/11 SW 1511B