Prevent BYOD on Company WiFi

wwatson · Jan 7, 2014

Hello,

I looking for information on the best way to prevent users from being able to access the corporate WiFi with their personal devices, while still being able to access it on company issued devices. This would pertain to laptops, tablets, and smartphones.

We currently authenticate the users domain credentials, but that allows them to sign in with any device.

Thanks in advance and let me know if you need additional information.

13thmonkey · Jan 7, 2014

mac address filtering?

Onus · Jan 7, 2014

You might use a MAC address table. Something like Cisco's NAC Agent could be used. Or, make the company policy absolutely clear, then do a manual check from time to time. Fire anyone on the spot who is using a personal device without written authorization for that device.

bill001g · Jan 7, 2014

If you are already using 802.1x ie enterprise mode with active directory all you need to do in go the next step and make it require certificates. You would have to generate and install certificates on every valid devices.

wwatson · Jan 7, 2014

bill001g :

If we did certificates would the user be able to export the certificate and import it into their personal device?

bill001g · Jan 7, 2014

You can likely make it hard on them to export the certificates by setting the no export options and setting certain group policies but if someone has admin access to a device and has the knowledge it gets really hard. This is not a trivial thing to do so it stops most users. When you get way far into how microsoft stuff works you get outside my expertise.

Search

Prevent BYOD on Company WiFi

wwatson

Distinguished

bill001g

13thmonkey

Titan

Onus

Titan

bill001g

Titan

wwatson

Distinguished

bill001g

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page