Transcript BYOD Technical workshop

BYOD Technical workshop
Simon Bright - E2BN
Philip Pearce – E2BN
Topics
•
•
•
•
•
•
Bring Your Own vs School Managed Devices
Policy considerations
Network access and security
Web filtering
Mobile Device Management
Why apps might not work - filtering and
firewalls
• Q&A
Copyright 2013 E2BN
What is BYOD ?
• The use of personal mobile devices in the:
– Workplace
– School , college or University
– Public Library
• Wi-fi connection provided by the organisation
Copyright 2013 E2BN
What is BYOD ?
• True BYOD
– Owned by the user
– Managed by the user
– Not know to the school network
– Untrusted
Copyright 2013 E2BN
SMMD – School Managed
•
•
•
•
School Managed Mobile Devices - SMMD
Sourced by the school
Owned or loaned by the school
Managed by the school
Copyright 2013 E2BN
Considerations
•
•
•
•
Preparation for BYOD & SMMD
What is the purpose ?
Understand and manage expectations
Are compliance and Acceptable Use rules
required ?
• What range of devices can be supported ?
Copyright 2013 E2BN
BYOD & SMMD Network Access
•
•
•
•
•
First point of control is the Wi-fi network
How do devices join ?
Anonymous vs personal authentication
DHCP controls
Wireless controller systems e.g.
– Ruckus
– Aerohive
Copyright 2013 E2BN
Network Segregation
• Controlling access to the managed/trusted
network
• Flat networks – broadcast domains
• Subnets , Vlans and routing/firewall – points
of control
Copyright 2013 E2BN
Device Management - wish list
•
•
•
•
•
•
Providing settings e.g. Wireless and Proxy
Compliance
Restrictions
Application installation
Monitoring
Remote wipe
Copyright 2013 E2BN
Device Management – BYOD
• True BYOD
– Hands off approach ?
– Minimum is filtering settings ?
– Many devices support Web Proxy Auto Detection (
WPAD )
– Transparent filtering options
Copyright 2013 E2BN
Proxy Auto Configuration
• Device support for WPAD – Web Proxy Auto
Detection.
• Hosting a wpad.dat file - web server
• Setting up DHCP and DNS
Copyright 2013 E2BN
DHCP method
Copyright 2013 E2BN
DNS Method
Copyright 2013 E2BN
Wpad.dat - PAC File Example
function FindProxyForURL(url, host)
{
if (isInNet(host,"192.168.4.0","255.255.255.0"))
return "DIRECT";
return "PROXY 192.168.4.253:8084";
}
Copyright 2013 E2BN
Device Management - platforms
• Apple iOS
– Apple Configurator
• Android
– Samsung Smart Schools
• Chromebook
– Google Apps dashboard
• Multi OS , “over the air” MDM systems
Copyright 2013 E2BN
Apple Configurator
•
•
•
•
•
•
Free of charge but you do need..
Apple MAC , including MAC-mini
Devices connect via USB ( hub , cart)
Bulk deployment of common profile(s)
Deploy apps , restrictions, web clips , settings
Deploy IOS updates
Copyright 2013 E2BN
Apple Configurator
Copyright 2013 E2BN
Over-the-Air MDM
• Typically :
– Web based administration
– Device enrollment via web / app
– Configure and deploy apps, settings, restrictions, web clips
etc
– Inventory tracking, GPS tracking
• Meraki – free
• Airwatch
• Lightspeed systems MDM
Copyright 2013 E2BN
Over The Air MDM
Copyright 2013 E2BN
Why Apps might not work
1. Filtering
App is possibly sending request via web filters
but site is being blocked in the background.
Try the least restrictive profile e.g. E2BN Staff
Copyright 2013 E2BN
Why Apps might not work
2. Firewalling
App is sending request(s) direct to the internet
but is being blocked by school / LA firewall.
Copyright 2013 E2BN
Firewalls
• Home vs School comparison
• Some history and traditional LA approach
– Walled garden , local content, proxy services
– Device and network security
Copyright 2013 E2BN
Firewalls – accommodating apps
• Tcp port 80 and 443 – raw web access
• Other ports
– Single port
– Multiple ports
• Cloud , distributed services , multiple remote
IP addresses
Copyright 2013 E2BN
Firewalls – accommodating apps
•
•
•
•
Next Generation firewalls
Application aware
Device aware
User aware
Copyright 2013 E2BN
Thank You
• Useful Document
– http://www.nen.gov.uk/files/NEN_Guidance_Note_5_BYOD.pdf
• Workshop Evaluation - conference brochure
•
Assistance with tech for E2BN Schools & LAs –
[email protected]
Copyright 2013 E2BN