BYOD: Device Fingerprinting
One of the most significant trends driving the IT industry toward a consumerization is growing demand for bring-your-own-device (BYOD) wherein employees bring personal devices to work and use them for business purposes. BYOD has created tremendous media attention over the past few years, and it’s progressed to the point that all IT departments must prepare for in it the near future. This means, organizations need to support a variety of devices and their operating systems, and maintaining an expected level of service. The devices are accessing personal applications on the web in contrast to access corporate resources such as e-mail—all from the very same unmanaged devices, balancing such scenario with important actions is imperative for any organization's security team.
Smartphones, notebooks, netbooks, iPads, e-readers, personal Wi-Fi and more—the list of personal devices attempting access to employer networks seems to grow every day in what’s come to be known as the IT consumerization era of network computing.
In order to adopt this change, organizations need to implement a process to onboard and manage the personal devices on the enterprise networks. There are various solutions available today in the market to meet these challenges including Mobile device Management, Wireless Security Management features etc. All of them support an important parameter called Device fingerprinting. It helps organizations to get rid of compliance and regulatory challenges.
Device fingerprinting is the process of scanning a network device and capturing detailed information regarding device responses to various protocol requests. Information about the device is correlated and compared to known device fingerprints.
More on Device Fingerprinting
Device Fingerprinting is the measurement of an anonymous browser, operating system, and connection attributes in order to generate a risk profile of a device in real-time. The information includes can be very detailed or very basic depending upon the types of the solution selected while implementing the BYOD/Fingerprinting.
- Device type
- Device OS
- Wireless setting
- Browser configuration
Detailed Information by using advance Device Fingerprinting along with MDM Solution are HTTP header information, Device host address/IP, IE user data support, Browser cookie enables/disable setting etc.
Few of the Applications of Device fingerprinting
- To prevent transaction fraud
- Prevent from Account abuse
- Protect website from malicious acts.
This information helps in identifying the device used in a transaction. There are various methods available today for of implementing Device fingerprinting:-
- Client based methods: Client-based methods require a software executable to be installed on end device. The advantage of client-based methods is that they have access to otherwise hidden operating system information such as the hard drive serial number and MAC address of the network card.
- Transparent Device Profiling: Transparent Device Profiling methods, on the other hand, rely on information that can be measured remotely via a profiling server. This information is based on anonymous attributes that can be measured or derived from the user’s browser, operating system, and connection.
Mobile security Industry is evolving rapidly, various vendors are working hard to bring unique solutions to the market to relieve enterprises from such concerns. One of the latest solutions shows the use of heuristic based approach for device fingerprinting, device registration and validation process. Following are few important features which are delivered after adopting advanced MDM solutions by using device fingerprinting.
- Fast User Authentication: Once a device has been registered to a user with device fingerprinting, that user is not burdened with multiple authentications for each subsequent session from that device.
- Multiple Devices: user’s profile can house multiple device fingerprints to speed up future validations
- Timed registration: Users can be issued a time-limited registration
- Self-Management: — Users can register themselves, modify their profiles, reset their passwords, and revoke access on their own devices at any time