BYOD Policy

This document is intended to communicate corporate policies established for Bring Your Own Device(BYOD) practices. Devices such as smart devices (i.e. Smart Phones and Tablets PCs) and laptops are concerned by this document. Usage and access to corporate network and corporate resources are provided under the condition that users have carefully read and understood the contents of this document and sign that they agree to adhere to this corporate BYOD policy.

Expectation of Privacy

SLIIT will requests access to the device by technicians to respect their privacy with your personal device and to respond only to security checks or to legitimate requests for discovery resulting from administrative criminal proceedings or civil.

Acceptable Use

·         Devices should not be used by the users in a way that it will not hares others.
·         Devices should not be used by the users to navigate pornography websites, sexist, racist or other offensive material.
·         Users should not be allowed to download third-party applications and pirate versions of applications by using their devices.
·         It is illegal for the users to use hacking tools and unethical tools to perform any kind of attacks or interruptions.
·         There should not be any disturbance for others when you use your devices.
·         All mobile devices should have strong authentication mechanisms.
·         The organizational bandwidth should not be used by the users to engage in outside business activities.
Users may use their devices to access the following resources.
·         Users may use their devices for educational purposes such as refer course materials, download course contents.
·         Devices can be used to upload course materials, upload assignments and upload notices.
·         To access mails.

Device and Support

The following devices are supported:
·         Mobile phones (Samsung s4 s5 s6, iPhone 4s 5s 6, Sony mobiles, HTC mobiles)
·         Tab Devices (Google pixel, iPad, Asus Zen Pad)
·         Laptop (Asus, HP, DELL, LENOVO, MAC book)
·         Storage devices (USB Pen Drive, Portable Hard drive)


The following devices are prohibited:
·         Wireless Signal Transmitters (Ubertooth one, WIFI Pineapple)
·         Hacking Devices (Raspberry Pi 3, Alfa Network board, Rubber Ducky, LAN Turtle, Hack RF One, Proxmark3 Kit, Lockpicks)


·         In SLIIT, Windows and MAC OS are only supported for the Laptop and Tab.       
·         In SLIIT, Windows and MAC OS, Android operating system are only supported for the Mobile  Devices.
·         Connectivity issues are controlling by the IT department of SLIIT. If there are any issues in login to  Wi-Fi network or login issues on accounts in SLIIT need to contact the administrator, in IT  department.
·         Devices should be presented to the IT   Department for Proper job provisioning for configure  devices.
·         IT Department will respond to support request by phone, email or person.
·         All Remote support will be provided in line with the SLIIT policy for remote support.

Security

·         So as to connect a device to the corporate network, a device's password must comply with the password policy of the company.

·         Password policy of the company is as follows: Minimum password length is 8 characters, password must include alpha numeric characters (Both letters and numbers are essential.), password must contain at least 1 special character. Passwords cannot be common dictionary words. Passwords must be changed once in 3 months.

·         Device Software must be updated with latest updates and security patches provided by the respective software vendors.

·         It is mandatory for users to have Antivirus/ Antimalware services installed and ensure that automatic download of malware definitions is enabled.

·         Users must use VeraCrypt software to encrypt corporate data saved in to the hard disks of laptops.

·         Users must ensure that email clients are up to date and ensure that spam filters are in order.

·         Users must remove all corporate data from the devices before transferring the ownership of a device used to connect to the corporate network.

·         In the event, where a user's device used to connect to corporate networks, were lost/ stolen etc. users must be capable of remotely destroying corporate information contained in the device. Software’s that enable remote wiping should be installed, configured and tested on the devices used to connect to the corporate networks.

·         Smart devices which have been rooted or jailbroken cannot access the corporate network.
·         Devices must have automatic screen locking when the device connected to the corporate network is in idle.

·         Users must scan removable media inserted to devices for malware before usage.

Risks / Liabilities / Disclaimers

·         IT Department of SLIIT will take every safeguard precaution to prevent the company data as well as employee’s personal data from being hijack by intruders.

·         And it is a responsibility of each and every employee and student to protect inside information from the outsiders.

·         When you are dealing with wiping out the data from a device it’s a must you have to back up all the contacts, emails and all the necessary data in case if you need later on.

·         When bringing your own device to the premises you are only allowed to connect your device only with our network.

·         We will be noticed if you have connected to other networks rather than our company network and we have all authority to takedown measures even if to suspend if any circumstances occurred.  

·         Students and staff should report a case to the IT Department if any of the device has been lost.
·         Department of IT Team will have all the authority to wipeout data or to disable services without a notification in any circumstances.

·         The consumer of the device is expected to use the device in an ethical manner.
SLIIT authority will not be liable for all costs associated with device or to an operating system errors, crash, viruses, bugs, malware, and other software or hardware failures, or the device unusableness. 

Comments

Post a Comment

Popular posts from this blog

Phishing

Image
Phishing on Course web at SLIIT What Is Phishing?                   Phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details , often for malicious reasons, by disgusting as a trustworthy entity in electronic communication. What is spear phishing attack ?                   S pear phishing  is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. Introduction ?         First you need know some details about how it will be work. Phishing attack can be done creating web pages like original web sites. Attacker create similar site like original one and host that site in the server and send that link to the target person o...
Read more

CySCA 2014 Web Penetration Testing Write-up

Image
Hellow Peeps !!! Today I bring some interesting hacking challenge walkthrough. Let's see what it is, CySCA2014 Web Penetration Testing Write-up We need to first setup the cysca2014 box in VM. When the VM configuring we can check connectivity is their using ping commands. Web Penetration Testing 1 – Club Status Turn on the intercept in the burp suit and go to the web site using cysca2014 IP address. Then you can see the GET request. There are two cookies called PHPSESSID and VIP. Then we have to edit the VIP cookie value from 0 to 1 and forward the request. Then we need to forward this packet in burp suite. Then we can get a website. Index.php Now we cannot access the blog. Now we need to change VIP 0 to 1 then we can access the blog.   Now we can access Blog. Web Penetration Testing 2 – Om nom nom nom After completing challenge 1, you can browse on the Blog page. There is...
Read more

Double Submit Cookies Patterns

Image
Cross-Site Request Forgery (CSRF)  Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed. Impacts of successful CSRF exploits vary greatly based on the privileges of each victim. When targeting a normal user, a successful CSRF attack can compromise end-user data and their associated functions. If the targeted end user is an...
Read more