'It's a BYOD World' With a Catch -- At New York Law School
The "Bring Your Own Device" trend can cause a lot of disruption, but not at New York Law School, the downtown Manhattan college where students, faculty and visitors have always been allowed to use any mobile device they want on the wireless network. But that doesn't mean anything goes.
Fri, September 20, 2013
Network World — New York -- The "Bring Your Own Device" trend can cause a lot of disruption, but not at New York Law School, the downtown Manhattan college where students, faculty and visitors have always been allowed to use any mobile device they want on the wireless network. But that doesn't mean anything goes.
"It a BYOD world," says Peter Trimarchi, the technical director at New York Law School (NYLS), whose job includes making sure all those BYOD smartphones, tablets and laptops are truly authorized to use the campus wireless network and that they don't bring in computer viruses.
Trimarchi says he's learned over the years that it's much simpler to do all this without having to install agent software. And on the main campus, which houses a bright and modern building where students in libraries pore over thick legal volumes, A BYOD security is enforced primarily through a ForeScout Technologies hardware appliance called CounterACT that can tackle network access control in an agentless fashion.
[GARTNER:Containerization is no BYOD panacea]
Housed in the law school's humming data center that you reach four stories deep via elevator, the small rack-mounted CounterACT appliance has been given a big job: Monitor the network and ensure each mobile device has been properly registered for authorization of the network according to user group. Visitors get a daily code that would get them on, but students at registration go through a machine Service Set Identifier (SSID) process and their authentication information is tied to Active Directory and CounterACT.
Today, about 3,700 devices that students bring with them (Apple devices predominate) gain access to the network this way through CounterACT, which also watches to see if they might be bringing in malware. "If there's a threat, we get an alert," says Trimarchi, adding that when there's a virus outbreak, most of the time students simply don't know at all what's happening.
Malware-infected devices are blocked and the user is informed why via e-mail. The school makes Symantec anti-malware technology available at the touch of a button to an infected device. Staff and faculty devices use a VPN for access as well. For some Windows-based machines that are owned by the school, a small 100KB software agent from CounterACT will be used to exert greater controls. A A Students aren't allowed to do some things on the NYLS network, such as use P2P file-sharing applications. This is a common restriction at universities because it might lead to copyright violations related to content, and P2P tends to do a lot of evasive jumping around, hogging bandwidth. CounterACT blocks P2P.