Bring Your Own Device (BYOD) – to work – is a reality of the modern information worker’s workplace. In fact, for 50 Million Americans, “The Internet” is already synonymous with the usage of their mobile device.
Irrespective of whether their employer has an effective BYOD policy at their workplace, people will bring their cell phones, their ipods, their ipads and tablets with them to work, even if only to be used during the commute and left in the perimeter locker at high security facilities. These devices are almost universally network accessible. Many of them, including smartphones and 3G tablets have multiple network interfaces which can be simultaneously used.
These devices are, in essence, highly portable network routing and tunneling devices, allowing the network and perimeter security of almost every IT infrastructure to be effortlessly breached. All it takes is for the user to enable wifi / bluetooth / USB / NFC tethering on their device and access it from their corporate device. A few rules in the local routing table and the user is ready to go, a BYOD network breach. A network breach is always bad, but one which essentially allows the entire internet access to a corporate machine with only minimally configured security policies on the router has to be every network administrator’s worst nightmare.
How can organizations effectively counteract this risk?
- Electromagnetic shielding of sensitive buildings.
- Disabling users ability to create additional network interfaces or routes on their local machines
- User training, and effective policies and controls
- Monitoring of unauthorized WiFi access points
- Monitoring of the activation of unauthorized network interfaces on corporate machines
Have you seen this kind of compromise in your organization?