Easy alternative to 802.1x? - #60
This certainly made for interesting reading. Up until now, the bulk of customers that I am engaged with have to use 802.1x authentication when trying to secure access to their networks and authorise physical connections to the network. Cisco's NAC primarily relies on 802.1x as well. 802.1x implementations are non-trivial, however someone has found an innovative alternative.
Automated IP address management has been used for years to streamline the administration of IP addresses, but one small company and a couple of its customers have discovered a new use for the tool: to create an extra layer of endpoint security and access control. NAC, NAP and the TNC Architectures discussed in a previous blog all rely on having to check and authorise devices at connect time before allowing access to the network.
MetaInfo, a spinoff of Check Point Software Technologies Ltd., is working with customers and partners to use the point at which users are given access to the corporate network—the IP address assignment—as a mechanism to stop and "frisk" the machine. This lets the company ensure that the device is legitimate and complies with corporate security policies, according to Grant Asplund, president and CEO of the Seattle-based company."That is where the opportunity exists to take control of the machine initially and route it to where you want to send it, inspect it and let it have access," said MetaInfo user James LoTruglio, vice president of IT for Hearst Service Center, the operational arm of Hearst Corp., in Charlotte, N.C. LoTruglio, who had been asking for such functionality for years, said he saw the potential for using DHCP (Dynamic Host Configuration Protocol) services to provide access to a secure area on the corporate network—such as a virtual LAN—and then, he said, "use a secure tool to interrogate the machine for various patch levels and the like."
The advantage of using DHCP is obviously that most corporates already have it installed. I will investigate this further so stay posted...
0 Comments:
Post a Comment
<< Home