Author: David Forrestall

The Hitlist: International Travel

Post author By David Forrestall
Post date October 17, 2017

International travel is common in today’s business world. Many times businesses assume that their standard policies can apply to any international destination. We recently had a client contact us about traveling to their international office in a country that is typically known for lacking respect for other’s privacy. They asked us, considering this client would be discussing corporate trade secrets and other senstive info, what precautions they should take.

We gave them a list of recommendations and explained that many of these would not make travel simple from a technological standpoint, but would provide them the most security benefit. These recommendations are not for travel to any country, but to countries where government’s can have a pervasive nature with regard to network communications.

Some recommendations for consideration:

Assume that all communication will be monitored
Understand that some of these countries put higher priority on Intellectual Property and Trade Secrets than they do personal or financial information
Take a clean machine with no data – some countries may even confiscate or copy data at the border
- Lock the machine down to the minimum amount of use possible
- Make sure personal firewalls are set to be very restrictive
- Whitelist applications if possible
- Take data only on encrypted removable media – many countries such as China, Israel, and Russia have limitations on encryption tools
- Encrypt hard drives
Communications
- Do not use Bluetooth or WiFi
- Avoid connecting to the internet at all
- Any time you connect to the internet, make a secure connection to the US as quickly as possible using technologies that provide virtual desktops or VPN connectivity and preferably with multi-factor authentication if allowed. If VPN connections are not allowed in a particular country, plan on limited to no use of the internet.
Make sure mobile devices are encrypted and managed with MDM – again if country restrictions allow
- Communication should be limited, even email. Again, assume all communication will be monitored
- Beware if you get a certificate error while downloading anything. This may mean that someone has brokered the connection
Upon return, format all electronic media that made the travel, and under no circumstance should anything be plugged back into a network

Again, these are just a few things to consider when traveling to certain countries that may have a governmental interest in data and communications.

Uncategorized

WannaCry – Worldwide Ransomware Attack – Updated

Post author By David Forrestall
Post date May 13, 2017

A widespread ransomware attack has spread across the globe infecting tens of thousands computers in as many countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in many languages. There have been several versions and updates, but the ways to protect remain the same. Recently, a decryption tool has been discovered – see here.

Technical Details

Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through a Remote Desktop Protocol (RDP) compromise or the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017. According to open sources, one possible infection vector is via phishing emails.

The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named “t.wry.” The malware then uses an embedded 128-bit key to decrypt this file. This DLL, is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user’s files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans. Subsequent versions are manifested differently.

What to do to protect against Wana Decrypt0r aka WannaCry

1. Patch all Windows Operating Systems

For supported Operating Systems see MS17-010
Emergency Patch for Windows XP and Windows 2003 is here

2. Run a port scan and or Vulnerability Assessment against your firewalls.

Ensure that Remote Desktop Protocol (RDP) and SMB protocols are not open to the internet. These are typically on ports 3389, 445, and 139 respectively, but can be mapped to different ports on your firewall. These configurations are security best practice.

Verify Other Protections Are working as expected.

*************************************IMPORTANT******************************************
Do NOT assume you are safe just because you have purchased and installed a product.
**********************************************************************************************

3. Backups

Review your backups to ensure that they are working as expected. Test restores of critical data.

4. SPAM Filter

Enable strong spam filters to prevent phishing e-mails from reaching the end users. Most enterprise filters should detect WannaCry.

5. Antivirus & Malware Protections

Ensure that real-time scanning enabled to detect file downloads, email attachments, and web links
Ensure that scan engines are up to date and that definitions are downloaded and regularly deployed – at least daily. We recommend more frequently
Configure anti-virus and anti-malware solutions to conduct routine scans
Inventory protected machines to ensure that all have products installed and that they are functional

WannaCry Remediation

Isolate compromised computer systems.
1. Unplug from network to prevent spreading
2. Power down other computers or unplug network access switches during eradication
3. Wipe and reload infected machines
4. Paying the ransom does not guarantee you recovery
Ensure that proper logging is enabled and preserved on key systems.
Contact law enforcement. Contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
Implement your security incident response and business continuity plan.
Ideally, organizations should not store critical data on workstations. Critical data should reside on centralized storage systems. Storage systems should have complete, verified, and tested backups. Ofen the most efficient response is to restore data from a known clean backup.

Signatures

File name: @WanaDecryptor@.exe

Confirmed indicators – SHA-256 Hashes:

24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c043e0d0d8b8cda56851f5b853f244f677bd1fd50f869075ef7ba1110771f70c25d26835be2cf4f08f2beeff301c06d05035d0a9ec3afacc71dff22813595c0b976a3666ce9119295104bb69ee7af3f2845d23f40ba48ace7987f79b06312bbdfbe22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844f7c7b5e4b051ea5bd0017803f40af13bed224c4b0fd60b890b6784df5bd63494fc626fe1e0f4d77b34851a8c60cdd11172472da3b9325bfe288ac8342f6c710a09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafaaee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002cc365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aab9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

Yara Signatures

rule Wanna_Cry_Ransomware_Generic {

meta:

description = “Detects WannaCry Ransomware on disk and in virtual page”

author = “US-CERT Code Analysis Team”

reference = “not set”

date = “2017/05/12”

hash0 = “4DA1F312A214C07143ABEEAFB695D904”

strings:

$s0 = {410044004D0049004E0024}

$s1 = “WannaDecryptor”

$s2 = “WANNACRY”

$s3 = “Microsoft Enhanced RSA and AES Cryptographic”

$s4 = “PKS”

$s5 = “StartTask”

$s6 = “wcry@123”

$s7 = {2F6600002F72}

$s8 = “unzip 0.15 Copyrigh”

condition:

$s0 and $s1 and $s2 and $s3 or $s4 or $s5 or $s6 or $s7 or $s8

}

/*The following Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.

rule MS17_010_WanaCry_worm {

meta:

description = “Worm exploiting MS17-010 and dropping WannaCry Ransomware”

author = “Felipe Molina (@felmoltor)”

reference = “https://www.exploit-db.com/exploits/41987/”

date = “2017/05/12”

strings:

$ms17010_str1=”PC NETWORK PROGRAM 1.0″

$ms17010_str2=”LANMAN1.0″

$ms17010_str3=”Windows for Workgroups 3.1a”

$ms17010_str4=”__TREEID__PLACEHOLDER__”

$ms17010_str5=”__USERID__PLACEHOLDER__”

$wannacry_payload_substr1 = “h6agLCqPqVyXi2VSQ8O6Yb9ijBX54j”

$wannacry_payload_substr2 = “h54WfF9cGigWFEx92bzmOd0UOaZlM”

$wannacry_payload_substr3 = “tpGFEoLOU6+5I78Toh/nHs/RAP”

condition:

all of them

}

Information Security>Asset Management|Compliance|Computer & Network Security>Microsoft

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

Post author By David Forrestall
Post date February 18, 2016

Securing Windows Service Accounts Part 2

In the first post I covered best practices for securing service accounts. In this post, I am going to discuss some key elements in securing priveleged access. Keep in mind, Microsoft has published a comprehensive guide to securing an Active Directory.

Keep in mind that many of these things will require additional work on the front end, but that is usually due to poor existing practices. Once processes are in place, these key components should not add significant overhead to administrative tasks.

No users should regularly reside in Domain Admins (DA) or Enterprise Admins (EA) groups
1. Straight from the horse’s mouth: As is the case with the Enterprise Admins (EA) group, membership in the Domain Admins (DA) group should be required only in build or disaster recovery scenarios. There should be no day-to-day user accounts in the DA group with the exception of the built-in Administrator account for the domain, if it has been secured as described in Appendix D: Securing Built-In Administrator Accounts in Active Directory.
2. Follow MS’ recommendations for securing DA and EA accounts.
3. If you are a single forest, single domain then no one needs to be in the enterprise admins period
4. Don’t allow domain admins to logon to workstations
Ensure that priv accounts follow at least the standard password policy
Don’t forget other privileged groups besides DA and EA (Schema Admins, Account Operators, Backup Operators, Administrators, etc.)
Maintain separate admin credentials and standard user accounts
1. Do not use the same account for admin access and for regular access
2. This includes things like browsing the web on member servers or workstations with priv accounts
  1. Block internet access from all servers
3. No remote access with privileged accounts
Use a jump off server for admin tasks.
1. Remote to it with a standard account and then remote from there to perform admin tasks
2. You should allow interactive logons by authorized users and should remove or even block other logon types that are not needed for server access. (https://technet.microsoft.com/en-us/library/dn487449.aspx)
3. Admin functions should require more than one factor of authentication
Use LAPS to generate a different password for all local admins
Either use read only domain controllers in a DMZ or create a separate domain with a one way trust (trade off of complexity and security)

Information Security>Asset Management|Compliance|Computer & Network Security>Microsoft

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

Post author By David Forrestall
Post date February 18, 2016

I recently had a client ask me about our recommendations for securing service accounts within Active Directory. We talked for a bit, and then I decided to write them down. This post will have two parts, the first part is for Service Accounts and then the second post will be about privileged accounts.

What is the minimum privilege needed?

If the account will only use local resources on a single device, use a local account on that device.
If the account needs permission to see users, computers, groups etc use a domain service acct.
When only read access to or minor file manipulation is required a standard domain user is usually sufficient.

For local accounts – typically IIS type service accounts or simple applications, a normal local user account is sufficient

Create a strong password, 25+ characters, and forget the password. If needed, just change the password. If the password is needed regularly, store in an enterprise password manager
Explicitly deny network and remote desktop logon rights
Ensure IUSR accounts and any anonymous accounts do not have access outside of quarantined folders

Any other type of domain account

Create an OU for service accounts to manage separately
Create usernames with a random component such as <creation date>_servicename (to prevent guessing). A compromise of a domain user could allow an attacker to read all users, so even this could go further to just create a random username and use a password manager to keep track of them.
Do not use the description field in AD to keep track of their purpose since all users can read that information.
1. You can use a custom field within the AD schema to store this information set the confidentiality bit (http://windowsitpro.com/active-directory/using-confidentiality-bit-hide-data-active-directory by Guido Grillenmeier) in order to allow only domain admins to see this information.
Ensure your domain functional level is 2008 or greater and set a fine grained password policy for all service accounts. Require strong passwords. Either forget the passwords or use a password manager, preferably just forget them.
1. Passwords should be changed regularly at least 90-180days depending on other mitigating controls
Disable interactive logon for the service accounts
Do not give service accounts domain admin rights. This is rarely necessary and is usually only done out of laziness (I can speak from past experiences).
Create a special group (by Jessica Payne (MSFT))called NoWorkstationAccess or NoLateralMovement and add all service accounts to it. Use the linked blog to assign this group as part of SpecialGroups. Then be sure to add this to any computer that those users should not be logging on it (you may need more than one group), an alert will be generated regarding the login and a logging system can alert on it. This can capture malicious lateral movement.

In addition to the blogs mentioned, Microsoft has some good whitepapers for preventing pass-the-hash which apply in part to this: https://www.microsoft.com/en-us/download/confirmation.aspx?id=36036

Computer & Network Security>Adobe|Compliance|Computer & Network Security>Java|Computer & Network Security>Vulnerabilities

Third Party Apps: Consider The Risks

Post author By David Forrestall
Post date October 1, 2015

What are 3rd party tools?

Everyone, from individuals to enterprises, uses third party tools and applications on their workstations, servers and mobile devices. Some examples are Adobe Reader, Java, WinRAR, and many more. They are applications that are run or installed, but are typically not centrally managed by your organization.

Why are they important to an organization?

Many times these tools are required to carry out critical job functions. These can be running applications that require Java applets, fax services, custom written applications and so on.

What risks can they introduce?

Since these applications are usually not centrally managed, their patches and updates may not be applied as quickly. Just like all software/hardware, vulnerabilities are found every day in third party applications such as a recently exposed flaw in WinRAR. According to Apigee, new attack techniques are emerging as well, including:

Exploitation of mobile and app vulnerabilities with insecure API access
Stealing of sensitive data cached by apps that don’t follow security best practices
Social engineering of developers to gain unauthorized access of developer keys and credentials.

So what can you do?

While this is an accepted risk when choosing these tools, there are several things you need to remember in order to make the tools as secure as possible:

Ensure you stay up-to-date on zero-day vulnerabilities
Always be aware of any updates available
Use strict authentication methods to secure your systems
Consistent monitoring & reporting

In summary, third party tools are an unlocked window into your network and have the potential to cause great damage to your organization when not properly secured. Organizations should consider adopting policies and procedures around approving specific applications and maintaining an inventory of where they are used. This, in addition to a patch management process for these applications can significantly improve the security posture of your organization.

Computer & Network Security>Apple

iOS Malware – The Sky Is (not) Falling!

Post author By David Forrestall
Post date September 26, 2015

By now you should have heard that malware has been detected in apps available from Apple’s App Store. (Let’s take a short break to let the rival Android users stop chuckling) Should you be panicked? Should you contact your IT department and have them wipe all of your company’s iPhones? Should you rush home and trade your teenager’s iPhone for an old Samsung flip phone? No, you shouldn’t – the Appleocalypse is not upon us. (except maybe for the last one – have you seen the trouble teenagers can get into on smart phones? Sheesh!)

Because this is somewhat of a rare event, the Internet has been filled with opinion pieces and editorials concerning iOS malware but the facts, so far, have been hard to nail down. The truth of the matter is that most US, LA, and European users should have little to worry about but that Asia-Pacific iPhone users could be in a bit of trouble.

What actually happened is that some Chinese programmers downloaded a corrupted version of Xcode, which is Apple’s official iOS and OS X app creation tool. Apps were then created with the corrupted tool (which quietly embedded exploits) and were subsequently uploaded to Apple’s App Store. About 50 corrupted apps were eventually identified by security firm Palo Alto Networks, and while these apps have now been removed from the app store, they weren’t removed before being downloaded by several million people. Most of the apps are Asia-Pacific-centric, (like WeChat) but a few are in heavy rotation in the West. (CamCard, a popular business card reader, being the most prominent).

Remediation is simple: If you do have any of the listed apps installed, report this to your IT department so they’re aware of a potential issue. IT Staff and individuals should be checking corporate and personal iPhones for the apps. Change iCloud and other passwords stored on your phone as a precautionary measure, and report any suspicious events to your IT department.

You can find a list of the corrupted apps here: (courtesy of macrumors.com)

Infected iOS apps (as released by Palo Alto Networks)
网易云音乐 2.8.3
微信 6.2.5
讯飞输入法 5.1.1463
滴滴出行 4.0.0.6-4.0.0.0
滴滴打车 3.9.7.1 – 3.9.7
铁路12306 4.5
下厨房 4.3.2
51卡保险箱 5.0.1
中信银行动卡空间 3.3.12
中国联通手机营业厅 3.2
高德地图 7.3.8
简书 2.9.1
开眼 1.8.0
Lifesmart 1.0.44
网易公开课 4.2.8
马拉马拉 1.1.0
药给力 1.12.1
喜马拉雅 4.3.8
口袋记账 1.6.0
同花顺 9.60.01
快速问医生 7.73
懒人周末
微博相机
豆瓣阅读
CamScanner
CamCard
SegmentFault 2.8
炒股公开课
股市热点
新三板
滴滴司机
OPlayer 2.1.05
电话归属地助手 3.6.5
愤怒的小鸟2 2.1.1
夫妻床头话 1.2
穷游 6.6.6
我叫MT 5.0.1
我叫MT 2 1.10.5
自由之战 1.1.0

A more thorough list, according to fox-it.com:

Mercury
WinZip
Musical.ly
PDFReader
guaji_gangtai en
Perfect365
网易云音乐
PDFReader Free
WhiteTile
IHexin
WinZip Standard
MoreLikers2
CamScanner Lite
MobileTicket
iVMS-4500
OPlayer Lite
QYER
golfsense
同花顺
ting
installer
下厨房
golfsensehd
Wallpapers10000
CSMBP-AppStore
礼包助手
MSL108
ChinaUnicom3.x
TinyDeal.com
snapgrab copy
iOBD2
PocketScanner
CuteCUT
AmHexinForPad
SuperJewelsQuest2
air2
InstaFollower
CamScanner Pro
baba
WeLoop
DataMonitor
爱推
MSL070
nice dev
immtdchs
OPlayer
FlappyCircle
高德地图
BiaoQingBao
SaveSnap
WeChat
Guitar Master
jin
WinZip Sector
Quick Save
CamCard

Again, it depends on which version of these apps you might have or from where they were downloaded that would indicate if you have a corrupt copy. Be conservative and remove or update them if you have them.

Information Security>Data Breach|Social Engineering>Phishing

How Does Ashley Madison Threaten Your Organization?

Post author By David Forrestall
Post date August 26, 2015

Extortion is not usually a topic that employers have on their radar regarding their employees. Most employers know they need to protect themselves against viruses, and “hackers”, but they often don’t think about the social engineering tactics that attackers may use to target employees. However, when users put their private information on “secure” websites, they may assume this information is safe. But, as the old adage goes, “assume anything you put online can be made public”, and it is likely that all of the users of the Ashley Madison website failed to consider the implications.

For more details about the Ashley Madison hack there are a number of sources that can reviewed. Brian Krebs has two posts on the subject that are worth reviewing for more detailed information: Was the Database Leaked? and Extortionists Target Ashley Madison Users

Why should this apply to me?

Considering the services offered, and the number of records released, it is likely that most people will have a connection to someone who could be affected. Given this line of thought, it is also plausible that attackers could exploit this, and target users who are on the list of records released. Employers are not likely to be directly concerned about whether their employees are on this list; however, what if their users are put into a situation where they are black mailed, and may do something they would not otherwise think of doing, such as clicking on an illicit link, or downloading a malicious file? Alternately, an attacker could use information from the Ashley Madison list to entice users to click on a link in a phishing email. Employers need to be cognizant of this, and consider some controls which can be put in place to mitigate this threat.

We regularly see organizations where a user falls victim to phishing emails, and these stats will only increase when this specific, targeted threat vector presents itself. This is a real threat, and it is a risk to organizations, as some users are going to be concerned about this, and may act more foolishly than normal in order to conceal their misdeeds.

What should we do?

User Awareness Training – Ensure users can identify a phishing email. Make users especially aware of attacks related to the Ashley Madison hack.

Spam Filtering – It may be worth discussing the merits of blocking or increasing the risk of any emails containing words related to Ashley Madison.

Follow Basic Security and Compliance Practices – Review security practices including Authentication, Access Controls, and Patch Management. Additionally, ensure there are mechanisms for recognizing anomalous behavior within the network.

It’s impossible to prevent users from being targeted, but organizations can use that to better prepare. If their users will be targeted, then training employees is key. Remember, instead of trying to prevent a ‘hack,’ expect one, and be prepared to detect it, slow down or stop the attack, and recover quickly.

Research>The Hitlist

The Hitlist: Remote Access

Post author By David Forrestall
Post date February 17, 2015

Remote access is often one of the weakest points we find in a customer’s network. Corporations allow home users, with no real security on their home network, to remotely connect to their corporate network, access, and even download content. This alone is a breach of security, and could even facilitate a data breach. We have all known of users who email themselves company files, but what if those files contained Personally Identifiable Information (PII) or Personal Health Information (PHI)? We have seen it happen. What if someone is writing a report, and then decides to bring it home to finish it up? What if that report contains intellectual property? To avoid these potential disasters, it is important to have proper controls in place. You should have a secure method of accessing corporate data remotely, and there should be policies and procedures in place to ensure that users are forced to use this to access data. We have outlined some topics to consider below:

SSL VPN/Remote Desktop Solution (not to be confused with Remote Desktop (RDP) for Windows)

Step one, you must have a secure solution in place to access corporate data remotely. Ideally, all users with remote access privilege should be using an encrypted VPN connection, period. If possible, some sort of remote desktop solution should be employed that provides an interface for accessing internal network resources.

Corporate Devices

If you don’t use a remote desktop solution then you should mandate that only corporate devices are allowed to access the internal networks. When employees use personally owned devices for work, they tend to use them however they want. This creates an unneeded vulnerability for your company. Corporate owned devices can help alleviate this gap in security. It will give your IT department increased accountability without taking away the employees productivity.

Policies

Step two, you must have policies in place to enforce the usage of your secure remote access solution. Tell users what they can and can’t do, and set expectations so that if they do not follow company policy there could be repercussions.

Administrative Access

Admins should not use privileged accounts for remote access. It is best practice for admins to have two domain accounts, one with privileged access, and a standard user account that does not have any elevated privileges. The account with administrative access should only be used when administrative duties are required, and should never be used for remote access into your corporate network.

Network Traffic Control

In addition, you need to have tools in place to control the traffic on your network. The resources on your network are not only available at your organizations physical location, but when you add remote access capabilities, it adds an additional increase in the amount of traffic that moves around the network. Look at it like a highway, a highway is made to allow a steady flow of cars to move about from location to location with ease. At any point, there could be a heavy flow of cars that causes the highway to become congested. Depending on the situation, this backup will spread if the cars cannot leave as fast as they are approaching. This is the same for you organization’s network. If you do not have the correct tools or policies and procedures in place to control your network traffic, it could greatly deteriorate the speed of your network. This, in return, could decrease business continuity/productivity?

Application Control

Another essential tool when utilizing remote access is application control. Your network is a combination of different ways to communicate including email, instant messaging, and point to point applications. As more applications are introduced to your network, the number of risks by malicious software also increase. This is why it is very important to have a solid application control policy and assure that it is implemented throughout your organization.

Research>The Hitlist

The Hitlist: BYOD

Post author By David Forrestall
Post date June 13, 2014

“Bring Your Own Device” or BYOD is becoming an ever increasing topic among CIOs and other executives. We are not here to argue the merits of BYOD, but we do want to mention a few key topics to think about if you consider implementing it.

1. Policy

The first thing an organization should have before implementing BYOD are policies that govern it. They should cover topics such as: What is acceptable use, what types of devices can be used, what should I do if my device is lost or stolen, is MDM required, etc.

2. Corporate MDM (Mobile Device Management)

If personal devices will be on your corporate network, you must know where they are have some degree of control over them. Most MDM solutions will enable you to require specific security features, lock or wipe lost/stolen devices, and require or prevent specific types of software from being installed. Enterprise level MDM is a must.

3. Screen Lock Password

All mobile devices should be required to have a screen lock with a minimum of 5 alphanumeric characters in the passcode. Anything less than 5 characters can quickly and easily be hacked. This feature can be enforced through most MDM solutions.

4. Device Encryption

Again, this is another control which can be enforced through a MDM solution, and is a must have. All mobile devices should be encrypted, without exception, ideally using a corporate encryption management system. This is a straight forward way to reduce the impact of a lost or stolen device.

5. Jailbroken/Rooted Devices

No jailbroken or rooted devices should be allowed on your network, bottom line. Even though these hacked devices can have many enticing features, they can also bypass many of the built-in security features on the devices. This is another control which can be enforced though most mobile device management solutions.

6. Regular Updates

For mobile devices, you are at the mercy of the carriers for the latest updates, unfortunately. For laptops and desktops, however, you have much more control. As a matter of policy and enforcement, all devices should be running the latest updates available.

7. Separate Business and Personal Data

Ideally, you should put all corporate data into a separate container on mobile devices (also known as containerization). Many times this is not practical from a user experience perspective. Many containerization applications do not have all of the features that users want or need. Without containerization, it is much more difficult to track corporate data. How this is accomplished is something that should be addressed.

8. Know Where Your Data Resides

If you don’t know where your data is, how can you protect it? Make sure data you thought was secure, doesn’t walk out of your walls on a mobile device.

9. Data Loss Prevention

DLP allows an organization to track its data and to prevent it from leaving its walls. This first requires know where your data is, who can access it, how it can be accessed, and having control over the devices on your network.

BYOD is not something that should start over night. This should be well thought out and considered and weighed against the risk and benefit. Compliance, Remote Access, Network Security, Wireless Configuration and many other facets of the enterprise should be considered before allowing users to bring their own devices.