Government and Military

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
Occasional Contributor II

BYOD

Folks:

 

I work at a USGS facility and have been trying to come up with solutions for BYOD that will be acceptable to our DOI superiors.  I am just wondering how other government agencies are dealing with the increasing number of personally owned devices and GFE (Government Furnished Equipment) that seem to be popping up every day.  We have currently use WPA2 Enterprise to authenticate users using a radius server that queries the AD domain for authentication.  Users that are savvy have figured out that if the enter their credentials and setup their phones or IPADS correctly they can technical and get wireless.  I am planning on using DHCP device signatures to capture these users in a role that has a Firewall Policy that denies everything.  I will also have a separate SSID that we will use MAC address verification to provide authorized wireless access for users that have complied with our policies  

 

I would like to see how others are dealing with this and maybe get some other ideas on how to allow access for GFE and deny access for others.  Clearpass may be the solution at some future date but now in the immediate horizon.

 

Thanks in advance!

2 REPLIES
Aruba Employee

Re: BYOD

The problem of trying to control access to Federal wireless networks has become increasingly challenging with the introduction of handheld devices into the workplace, especially distinguishing between a handheld device that is authorized GFE versus employees personal devices. The most effective method for controlling which devices are authorized to access the network is to utilize machine-based certificates that are only valid for one specific device. Although this sounds somewhat straight forward, it may prove to be a daunting task to administer certificates for thousands, tens-of-thousands, or even hundreds-of-thousands devices.

Aruba ClearPass Policy Manger can simplify the administration, setup, and issuing of machine-based certificates. With an incorporated CA (Certificate of Authority) the process of creating, distributing, and even revoking these certificates is simplified even to the level of minimal to no user intervention required. Along with the Guest and On-Board software modules, CPPM is the answer to many BYOD challenges that federal customers face.

Without the introduction of CPPM into the wireless network authentication stream, the available solutions are limited and the administration often becomes cumbersome, requiring several point products that do not work well together.
Anonymous
N/A

Re: BYOD

dbell6809,

 

I am curious what you ended up doing to address your access needs.  TIA.