'It's a BYOD world' – with a catch -- at New York Law School

New York -- The "Bring Your Own Device" trend can cause a lot of disruption, but not at New York Law School, the downtown Manhattan college where students, faculty and visitors have always been allowed to use any mobile device they want on the wireless network. But that doesn't mean anything goes.

"It a BYOD world," says Peter Trimarchi, the technical director at New York Law School (NYLS), whose job includes making sure all those BYOD smartphones, tablets and laptops are truly authorized to use the campus wireless network and that they don't bring in computer viruses.

Trimarchi says he's learned over the years that it's much simpler to do all this without having to install agent software. And on the main campus, which houses a bright and modern building where students in libraries pore over thick legal volumes,  BYOD security is enforced primarily through a ForeScout Technologies hardware appliance called CounterACT that can tackle network access control in an agentless fashion.

[GARTNER:Containerization is no BYOD panacea]

Housed in the law school's humming data center that you reach four stories deep via elevator, the small rack-mounted CounterACT appliance has been given a big job: Monitor the network and ensure each mobile device has been properly registered for authorization of the network according to user group. Visitors get a daily code that would get them on, but students at registration go through a machine Service Set Identifier (SSID) process and their authentication information is tied to Active Directory and CounterACT.

Today, about 3,700 devices that students bring with them (Apple devices predominate) gain access to the network this way through CounterACT, which also watches to see if they might be bringing in malware. "If there's a threat, we get an alert," says Trimarchi, adding that when there's a virus outbreak, most of the time students simply don't know at all what's happening.

Malware-infected devices are blocked and the user is informed why via e-mail. The school makes Symantec anti-malware technology available at the touch of a button to an infected device. Staff and faculty devices use a VPN for access as well. For some Windows-based machines that are owned by the school, a small 100KB software agent from CounterACT will be used to exert greater controls.   Students aren't allowed to do some things on the NYLS network, such as use P2P file-sharing applications. This is a common restriction at universities because it might lead to copyright violations related to content, and P2P tends to do a lot of evasive jumping around, hogging bandwidth. CounterACT blocks P2P.

CounterACT is also set up at NYLS to share some detail via e-mail about device problems with the school's helpdesk so if a student calls to ask what's happening, the helpdesk will have information ready. CounterACT takes on other jobs, too, such as helping Windows Services Update Services provide patch updates to Windows machines.

Today, ForeScout's CounterACT is focused on being an enterprise network access control (NAC) system, and one question is how it might expand that role into cloud-based services. ForeScout says it's working on technologies such as a virtual appliance that would extend its NAC functionality into the cloud, with details about that likely to be revealed early next year.

Trimarchi says cloud-based services are of growing importance, and NYLS today in fact use Microsoft Office 365 for student e-mail. NYLS is also taking a look at whether to use mobile-device management (MDM) software for the relatively small number of smartphones and tablets that don't fall into the BYOD category, such as those issued to school executives.

MDM would address the need for tracking and "bricking" any lost devices that are corporate-owned. If New York Law School pursues an MDM path, ForeScout CounterACT will probably still be part of it all because plug-ins for CounterACT support several MDM software packages.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about anti-malware in Network World's Anti-malware section.

Join the CSO newsletter!

Error: Please check your email address.

Tags consumerization of ITBYODNetworkingsecuritywirelessIT managementanti-malware

More about AppleForeScout TechnologiesIDGManhattanMicrosoftSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts