A Review of Security

Challenges for Control of

Access to Wi-Fi Networks in
Tertiary Institutions
1

18/12/2018
Computação Móvel Aplicada
2

Summary:
1. Introduction
2. Objectives
3. Methodology
4. Challenges that BYOD presents in Tertiary Institutions
5. Considerations and Best Practices for BYOD
6. Existing Control Methods of BYOD
7. Guidelines Towards Improving BYOD in Tertiary Institutions
8. Findings and Discussion
9. Conclusion

Computação Móvel Aplicada 18/12/2018

3 Introduction

 The use of wireless networks has significantly increased and has become
the most ideal method to share computer resources in many organizations.
Today, many companies are implementing enterprise mobility strategies in
order to improve efficiency and gain competitive advantage. In tertiary
institutions, wireless network has become a critical part of IT infrastructure as
large number of users use mobile devices to access educational resources.
 The adoption of BYOD in tertiary institutions allows staff and students to
connect personal mobile devices to institution’s wireless networks to access
networked resources. The fact that many universities experience budgetary
constraints, BYOD adoption has gained popularity as a cost-effective way
to enhance technological progress, by which instructors can engage
students to improve learning.

Computação Móvel Aplicada 18/12/2018

4 Objectives

 The main objective of the study was to review the extent of wireless security
challenges presented by the adoption of BYOD in tertiary institutions. The
study also analyzed the existing solutions that have been employed by
tertiary institutions to control BYOD in wireless network infrastructure, it
assessed whether these measures have been effective in dealing with the
security problem and what were shortfalls. Elements which are required to
ensure success of these solutions were identified.

Computação Móvel Aplicada 18/12/2018

5 Methodology

 A combination of desktop review and qualitative analysis methodology

was employed to carry out this research. Desktop review is an important
method of collecting, organizing and evaluating available information to
gain an understanding the subject matter from different important sources.
Information from these sources was then analyzed and evaluated using
qualitative methods as defined.

Computação Móvel Aplicada 18/12/2018

6 Challenges that BYOD presents in Tertiary
Institutions
 Although many cases of information security breaches are mostly reported
in organizations of different sectors, tertiary institutions are also faced with
numerous challenges in maintaining security. Wireless networks are
vulnerable to various kinds of attacks. This is mainly because wireless signals
can extend outside the physical boundaries of offices or buildings, thereby
permitting network access the public. This situation is worsened by the
adoption of BYOD. With the adoption of BYOD, managing these mobile
devices and the provision of flexibility and openness to access the network
with effective security at the same time has become a nightmare.

Computação Móvel Aplicada 18/12/2018

7 Challenges that BYOD presents in Tertiary
Institutions
 Increased network breach points
 Prevent network visibility
 BYOD presents dynamic mobile devices running on different platforms
 Difficult to provide flexibility, openness and security at the same time
 Huge number of personal mobile devices joining campus, thereby
presenting wireless access control challenge
 BYOD is continuously evolving and changing
 BYOD opens gaps for new phishing and ransomware attacks

Computação Móvel Aplicada 18/12/2018

8 Considerations and Best Practices for
BYOD
 Organizations can respond to the rapid pace at which threats, technology
and risks emerge by implementing various policies, procedures and
strategies that can assist in the protection of corporate information. This
section will give a brief description on the best practices related to
information security, as outlined in ISO/IEC 27001:2013 standard and the
best practices for BYOD as reported by Citrix Systems, Inc.
 The requirements set out in ISO/IEC 27001:2013 are generic and are
intended to be applicable to all organizations, regardless of type, size or
nature. There are 118 information security controls categorized in 14
domain controls in ISO/IEC 27001:2013 framework. Organizations can
respond to information security risks with a risk treatment plan by choosing
appropriate domains within the 14 domains.

Computação Móvel Aplicada 18/12/2018

9 Considerations and Best Practices for
BYOD
The 1st domain of ISO/IEC 27001:2013 of information security is the most important
guideline that can be adopted by all organizations of different types and sizes. It
states about the need for implementing information security policies. Citrix Systems,
Inc. provides policy guidelines which are given below as follows:
 Eligibility
 Allowed Devices
 Service Availability
 Rollout
 Cost Sharing
 Security
 Acceptable use
 Support and maintenance
Computação Móvel Aplicada 18/12/2018
10 Existing Control Methods of BYOD

A number of security solutions have emerged that address the issues

surrounding control of BYOD environments:
 Network Access Controls (NACs)
 IDS, firewalls and antivirus
 Captive portals
 Network segmentation

Computação Móvel Aplicada 18/12/2018

11 Guidelines Towards Improving BYOD in
Tertiary Institutions
The existing control methods can be improved by developing a policy using
some of the guidelines derived from Citrix Systems Inc. report as stated in
section 5 above:
 Eligibility
 Allowed Devices
 Service Availability
 Rollout
 Security and Compliance

Computação Móvel Aplicada 18/12/2018

12 Findings and Discussion

 Over the past few years there is influx of low cost smartphones which
penetrated in most African countries according to a 2015 IDG Connect
report. As a result, it is not surprising that many people have now upgraded
to a state of the art device. However, on the other hand, there is still lack of
understanding of risks associated with the use of these devices and how to
mitigate those risks. Most smartphone users do little or almost nothing, to
protect data on their mobile devices. Users frequently connect their mobile
devices to unsecured public wireless networks such restaurants and
shopping malls negligently without taking into consideration of risks such as
viruses, worms, spyware and other malware programs on such networks
which may cause devastating effects to personal information.

Computação Móvel Aplicada 18/12/2018

13 Findings and Discussion
The challenges and risks that are faced by many organizations due to the
increase trend of BYOD adoption are similar to those experienced by tertiary
institutions. Tertiary institutions are usually characterized by lager number of
network users which makes it even more difficult to control BYOD.
 How to provide support and maintenance to diverse personal mobile
devices
 How to implement integrated BYOD security solution in different and
dynamic mobile platforms
 How to implement security policies
 How to monitor BYOD security and how to know who is doing what on the
network
 How to balance security, performance and opennes

Computação Móvel Aplicada 18/12/2018

14 Conclusion

 The adoption of BYOD is helps tertiary institutions to move from the

traditional classroom to a virtual setup where teaching and learning is
facilitated by information communication technologies in tertiary
institutions. BYOD comes with new security issues to wireless networks in
tertiary institution. Network administrators are now faced with new
challenges of controlling mobile device access to campus Wi-Fi networks.
This paper explored the benefits and security issues of using personal mobile
devices to access teaching and learning resources in tertiary institutions.
Current control mechanisms and their effectiveness were also evaluated.
Researchers pointed to different strategies for control of BYOD in wireless
network environments. It is evident new strategies are needed as BYOD is
evolving and as new malware and viruses continue to emerge. Available
approaches and strategies need to continue being improved.

Computação Móvel Aplicada 18/12/2018