I'd like to know how you guys handle these type of things. The goal is to block people (or at least alert) from random connecting their stuff into network ports they find in the office.
We don't have public areas, and all access is restricted or at least someone has to let you in to be able to access the premises. But we had an instance where a printer maintenance guy plugged in his laptop on the printer port and caused an outage because he set his laptop with the same IP as the default gateway of the network, without telling anybody that he was doing so.
Now the obvious answers are:
- port security (i.e. lock down ports by MAC). Easy to implement, but relatively easy to spoof and it is a pain in the ass for the staff, we have hundreds of endpoints.
- 802.1x with NPS or ClearPass: increases complexity a lot, requires NPS / ClearPass HA configs, very expensive, and i have the feeling that it will create a lot more problems that it is trying to fix.
I was thinking of something like Snort, but this would require to set all port in mirroring which will kill the switch CPU.
What i am trying to achieve at the end of the day is to receive an alert (at least) that an "uncommon" device (i.e. a MAC address the switch never saw) accessed the network.
Thanks in advance.
Wednesday, January 31, 2018
Wired ports security
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment