Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Tackling Security Acronyms That Start With BYO

With the myriad of smartphone, tablets, applications and network security devices — along with the growing use of virtualization and cloud services — all presenting an increasing volume of management and security concerns, network and security complexity remains a major challenge.

With the myriad of smartphone, tablets, applications and network security devices — along with the growing use of virtualization and cloud services — all presenting an increasing volume of management and security concerns, network and security complexity remains a major challenge.

Bring Your Own Device (BYOD) continues to be a hot topic/buzzword/challenge for organizations and there has been a lot of discussion on this issue… a LOT of discussion. While BYOD is something organizations must be able to address, this concept is being extended/evolved to a similar sounding acronym…. BYONBring Your Own Network.

BYOD Security ChallengesWhile BYOD is concerned with the risk from personal devices (i.e. a malware-ridden tablet, sensitive data unencrypted on a smartphone, etc.), BYON is a different type of risk. Let’s take a look at a commonality among most of the “devices” that are included in the BYOD conversation.

Smartphones and other devices (such as netstick dongles) enable a user to connect to the Internet via Wi-Fi hotspots. Many and Android and iPhone users (depending on carrier, plan or jailbreak status) have the ability to turn their phone into a WiFi hotspot. For iPhone users, (Settings>General>Cellular, make sure “Cellular Data” is on and you will find a “Set Up Personal Hotspot” option to activate).

While this is great in terms of getting access from basically anywhere, the concern is that depending on the setup and installed software, it could bypass an organization’s network perimeter security measures: firewall, URL proxy, e-mail gateway, etc. Data leakage and malware are real and significant risks facing the user and, most importantly, the entire organization.

BYON further disintegrates the traditional network perimeter, and although the more common security incidents will occur from ignorance, there is a great malicious risk where an insider or contractor can set up one of these hotspots and trick employees to use this connection instead of the appropriate corporate network connection — and in turn steal sensitive information.

These hotspot-enabled devices can be had for under $100 and can conveniently fit in your pocket. If the company’s security policy states that users are not allowed to access something, BYON gives users an easily accessible workaround. So the challenges are many, and here are a few recommendations to consider:

• Improving security awareness across the organization is an important first step in terms of BYON. The corporate policy should address this challenge and users should understand the risk of using an untrusted connection.

• Sweeping the airwaves to detect unauthorized hotspots is certainly possible but not easy because you need to be physically close to the hotspot. This will be an opportunity for security to respond and take appropriate actions.

• Encrypting traffic is key. VPNs can facilitate encrypted tunnels between a remote device and the corporate network and ensure that traffic is directed through a company’s traffic filtering layers such as NGFWs, IPS, etc.

In the end, if you have a solid plan to address BYOD, then you should be able to extend that to cover BYON. Is it me or is it time for BYOB yet?

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...