What’s APN? Using a proprietary APN for mobile security
Do you have a large number of employees in your company who are on the move around the world and need to be securely connected at all times? A private APN can be useful here. In the next 2 minutes you will find out what an APN is (no, it’s not an Apple Push Notification) and what advantages a private APN provides for data security.
Many of you will remember the pain and panic experienced in the early days of cell phone roaming especially for international travelers. Unless you were careful to disable cellular data on your phone when connected to another carrier’s network (and rely instead on local wifi for internet services), it would often result in surprising and staggeringly expensive mobile data charges on your next bill. Fortunately, those days are long gone. We can now be online at any time of the day or night virtually anywhere without having to worry about the costs.
The APN is the access point (or gateway) via which the provider's SIM card define how the carrier’s network connect to another network, usually the internet. The APN configuration is usually completely automatic when a new SIM card is put into operation. So we are all dealing with the APN whether we know about it or not.
In general usage, APN is understood to mean the complete profile, which includes all the components required to establish a mobile data connection. To do this, however, additional settings are required beyond the access point name, including the MCCMNC, the APN type and, if necessary, the user name and password (recommended if it is a private APN).
The abbreviation is combination of two acronyms:
- MCC: The Mobile Country Code. A three-digit country code defined for each country worldwide.
- MNC: The Mobile National Code. A two- to three-digit identification of the cellular network specified for each national provider.
Combined, the MCCMNC results in the globally unique identifier for the mobile service provider.
The first 5-6 digits of the IMSI (International Mobile Subscriber Identifier) reflect the MCCMNC. Country code for Germany is 262. The national mobile phone providers start with 01 (MNC). The remaining digits of the IMSI are dedicated to the unique identification of the SIM card - and thus the mobile device user/owner.
The APN type indicates via which network-based communication type is in use. For example, a distinction can be made between “default” (as the name suggests, the use of all types of data connections), “mms” (specializing in sending and receiving multimedia messages), “fota” (firmware updates over the air) and others become. The APN type "default" can basically be used for all common purposes.
There is an option to buy a private APN for your company. The company gets its own access point name from the mobile communications provider, essentially your own private company mobile data network within the carrier’s network using the same MCCMNC.
A great advantage of using private APN is that only SIM cards that you have authorized can be used in your private cellular network. Communication between mobile devices functions as if they were on a local network regardless of location. Mobile internet access within your network can also be restricted and thus made more secure.
Another security advantage is the ability to require user authentication. When connecting to the private APN, a user can be required to enter a password before gaining access. It’s analogous to using client certificates on enterprise wifi networks that do not communicate via TLS, i.e., without active automatic authentication.
With the baramundi Management Suite, you can manage all of your mobile devices from one central, consistent admin interface. This includes the simple, cross-platform and network provider-independent configuration and distribution of APN profiles. To ensure data security, the use of company APNs is only possible on fully managed iOS and Android Enterprise devices. You need that measure of control because all communication between the device and the mobile network is enabled by the APN profile. That’s one reason why baramundi distinguishes between user-registered (BYOD) and fully managed devices.