I'm at a stage where I'm looking at potential long-term software replacements. One of the areas I'm looking at is NAC... we had Cisco NAC and then went to SafeConnect. My issues with SafeConnect are no IPv6 and that it doesn't really integrate to the level I'd like with our Cisco wireless system and Prime Infrastructure.
ISE would be an obvious choice to improve in both of these areas, however, endpoint posture and enforcement seems pretty expensive with the Apex licensing. Currently, we require Windows and Mac endpoints on our wireless and residence network wired/wireless to install the policy key which allows us to enforce on banned software, OS versions/updates, AV status, DNS settings, etc. There is no policy key install for Linux, gaming consoles, mobile devices, etc so they pretty much get a pass other than having to sign-in every so often.
I asked one of our Cisco SEs about it and he seemed surprised we were doing that level of enforcement in a BYOD environment. I'm curious what other education environments, especially ones with on-campus housing networks, are doing in this area?
edit Please excuse the badly worded title... probably should have double checked that before submitting.
No comments:
Post a Comment