Securing android BYOD (bring your own device) with network access control (NAC) and MDM (mobile device management) Anguard

Date of Publication


Document Type

Bachelor's Thesis

Degree Name

Bachelor of Science in Computer Science


College of Computer Studies


Computer Science

Thesis Adviser

Arlyn Verina L. Ong

Defense Panel Member

Gregory G. Cu
Geanne Ross L. Franco
Katrina Ysabel C. Solomon


Bring your own device (BYOD) us a business policy wherein employees are able to bring their own personal mobile devices. However, there exists serious security issues in regards to the exposure of vulnerabilities by unauthorized accessing of network resources and threat attached to devices connecting to the network. Network Access Controls (NAC) are currently being used to provide policies and authentication of endpoint devices in the BYOD network while Mobile Device Management establishes a network monitoring and controlling user access settings of mobile devices in the network, hence securing the activity and data usage in the BYOD. In the system a client agent is installed in the BYOD where a prompt is initiated by the system to allow the user to enable the agent. Through this agent, the system will be able to communicate and implement device policies in the BYOD. Password, camera, lock, wipe policies are some of the MDM policies that are implemented on the BYOD. The client agent communicates with policy database that is edited by the administrator using an admin interface to know, which policies will be activated on the device. Once the client agent is activated it enforces the policies based on the values in the policy database. To solve network access security issues, NAC gathers the user’s credentials, such as username and password, and authenticates the user account ensuring the user belongs to the network or company. The NAC is controlled by an Ubuntu firewall and a squid proxy server. The Ubuntu firewall uses access control lists to block network services and by default there is an implicit deny until the user logs in the client agent while squid proxy server blocks individual websites. The NAC also defines network privileges for user role’s faculty and student once they have logged in the client agent. Based on their corresponding roles the appropriate network services and websites will be allowed. The in-band implementation uses an Ubuntu server configured as a router and a firewall located in the flow of live network traffic that filters based on a set of rules defined.

Abstract Format






Accession Number


Shelf Location

Archives, The Learning Commons, 12F, Henry Sy Sr. Hall

Physical Description

81, 29 leaves: Illustrations (some colored) ; 28 cm.

This document is currently not available here.