Securing android BYOD (bring your own device) with network access control (NAC) and MDM (mobile device management) Anguard
Date of Publication
Bachelor of Science in Computer Science
College of Computer Studies
Arlyn Verina L. Ong
Defense Panel Member
Gregory G. Cu
Geanne Ross L. Franco
Katrina Ysabel C. Solomon
Bring your own device (BYOD) us a business policy wherein employees are able to bring their own personal mobile devices. However, there exists serious security issues in regards to the exposure of vulnerabilities by unauthorized accessing of network resources and threat attached to devices connecting to the network. Network Access Controls (NAC) are currently being used to provide policies and authentication of endpoint devices in the BYOD network while Mobile Device Management establishes a network monitoring and controlling user access settings of mobile devices in the network, hence securing the activity and data usage in the BYOD. In the system a client agent is installed in the BYOD where a prompt is initiated by the system to allow the user to enable the agent. Through this agent, the system will be able to communicate and implement device policies in the BYOD. Password, camera, lock, wipe policies are some of the MDM policies that are implemented on the BYOD. The client agent communicates with policy database that is edited by the administrator using an admin interface to know, which policies will be activated on the device. Once the client agent is activated it enforces the policies based on the values in the policy database. To solve network access security issues, NAC gathers the user’s credentials, such as username and password, and authenticates the user account ensuring the user belongs to the network or company. The NAC is controlled by an Ubuntu firewall and a squid proxy server. The Ubuntu firewall uses access control lists to block network services and by default there is an implicit deny until the user logs in the client agent while squid proxy server blocks individual websites. The NAC also defines network privileges for user role’s faculty and student once they have logged in the client agent. Based on their corresponding roles the appropriate network services and websites will be allowed. The in-band implementation uses an Ubuntu server configured as a router and a firewall located in the flow of live network traffic that filters based on a set of rules defined.
Archives, The Learning Commons, 12F, Henry Sy Sr. Hall
81, 29 leaves: Illustrations (some colored) ; 28 cm.
Concepcion, J. M., Chua, J. M., & Siy, G. J. (2015). Securing android BYOD (bring your own device) with network access control (NAC) and MDM (mobile device management) Anguard. Retrieved from https://animorepository.dlsu.edu.ph/etd_bachelors/11859