BYOD/MDM Workshop Luncheon Sponsored by Ciscoand Zenprise Rev2
BYOD/MDM Workshop Luncheon @ RockBottom Denver
Hosted by Greg HanchinGlobal Technology Resources, Inc. / Trusted Security Advisor
©2012 Global Technology Resources, Inc., All Rights Reserved.Contents herin contain confidential information not to be copiedSeptember 19, 2012
© 2012 GTRI2
Agenda
Welcome Mobility Cisco ISE / BYOD ZenPrise / MDM Questions Breakout
© 2012 GTRI3
Who is GTRI?
•$200M Systems Integrator•14 years old•214 People•Profitable•Scratch built•Denver - HQ•$15 Million a Year in Professional Services•$70M in Commercial / $130M in Federal
Profitable Relationships
Customers
Employees
Projects
© 2012 GTRI4
GTRI InfoSec Quilt
© 2012 GTRI5
Recent GTRI Security Projects
© 2012 GTRI6
© 2012 GTRI7
iPad Sales – Just iPads
© 2012 GTRI8
Mobility
Monty Petrich SA - Wireless
GTRI
© 2012 GTRI9
Simple Secure Scalable
ANY USER
ANYWHERE
ANY DEVICE
ANYTIME
Mobility Changes Everything
© 2012 GTRI10
Where is Wireless Going
Future Technologies 802.11ac 802.11ad
Wi-Fi Offload and DAS What the carriers are doing 802.11u
AnyConnect How to prepare customers
BYOD and Dynamic VLANs
© 2012 GTRI11
© 2012 GTRI12
© 2012 GTRI13
© 2012 GTRI14
Bring Your Own Device
Micah MontgomerySE-Information Security
GTRI
© 2012 GTRI15
MDM vs BYOD/NACMDM BYOD /NAC
Managing Device on 3g/ 4g
Manage Files
Manage APPS / Email
JailBreak Control
Remote Wipe
Device Encryption
GEO Fencing
Device Recovery- LoJack
Managing device WLAN/ Wired Access
Role Based Access Control (RBAC) Concept of Device Stacking on
Corp Identity Posture / Profile / Quarantine Hoteling DLP – Lite on critical Files Authentication/Authorization/
Accounting -AAA
© 2012 GTRI16
Bridging the GAP
© 2012 GTRI17
Sample ISE Deployment
© 2012 GTRI18
The User to Device Ratio Has Changed
© 2012 GTRI19
Identity Services Engine
ACS
NAC Profiler
NAC Guest
NAC Manager
NAC Server
Identity Services Engine
• Centralized Policy
• RADIUS Server
• Posture Assessment
• Guest Access Services
• Device Profiling
• Monitoring
• Troubleshooting
• Reporting
© 2012 GTRI20
BYOD Deployment Scenario's
Figure 5 BYOD Adoption Scenarios
© 2012 GTRI21
ISE Node Types
© 2012 GTRI22
ISE Platforms
© 2012 GTRI23
Gradual Deployment
Monitor Mode
• Authentication Without Access Control
Low Impact Mode
• Minimal Impact to Network and Users
High Security Mode
• Logical Isolation of User Groups / Device Types
© 2012 GTRI24
What Device?
© 2012 GTRI25
ISE Profiler: 3 Steps
© 2012 GTRI26
Guest Self Service
© 2012 GTRI27
Guest User Experience
© 2012 GTRI28
Certificate Location by DeviceDevice Certificate Storage Location Access Method iPhone/iPad Standard certificate store Settings > General > Profile
Android Encrypted certificate store Invisible to end users. Note Certificates can be removed using Settings > Location & Security > Clear Storage.
Windows Standard certificate store Launch mmc.exe from /cmd prompt, or view in certificate snap-in.
Mac Standard certificate store Application > Utilities > Keychain Access
© 2012 GTRI29
What about Accounting?
Provides additional information about the session
Marks end of a session (Removes endpoint from licensing count)
Provides IP address Profile IOS probe
© 2012 GTRI30
MDM vs BYOD/NACMDM BYOD /NAC
Managing Device on 3g/ 4g
Manage Files
Manage APPS / Email
JailBreak Control
Remote Wipe
Device Encryption
GEO Fencing
Device Recovery- LoJack
Managing device WLAN/ Wired Access
Role Based Access Control (RBAC) Concept of Device Stacking on
Corp Identity Posture / Profile / Quarantine Hoteling DLP – Lite on critical Files Authentication/Authorization/
Accounting -AAA
© 2012 GTRI31
Mobile Device Management
David DeCesareSE – Denver Region
© 2012 GTRI32
ZenPrise MDM Slides See - http://slidesha.re/N2lTWL
© 2012 GTRI33
Questions?
BYOD/MDM Workshop Luncheon
©2012 Global Technology Resources, Inc., All Rights Reserved.Contents herin contain confidential information not to be copiedJuly 26, 2012
Thank You!