I started early in 2016 on a project to secure my wired infrastructure network. What I mean is that I want to identify/fingerprint/know what is connected to every single wired Ethernet switch port on my network. My network consists of 326 Cisco or Avaya switches. Each switch is 48port, you can do the math, this is a lot of ports to monitor.
My goal obviously is security in not allowing rogue devices to connect to my network, meaning Rouge AP’s, Computers, printers, etc.… I also wanted to make sure all devices were cataloged in a database and attached to a device user automatically.
I have finally managed to get every single port under authentication management, it has been an uphill battle. Dealing with old devices that cannot use 802.1x or users that have special circumstances, even training the helpdesk techs has been a nightmare. There are so many versions of windows builds and windows updates that break authentication services, it’s a very hard project to tackle.
The biggest thing I learned is how the users were using the network, users will share passwords and find any way around security systems they can. The beauty of this is I can now see more quickly what the user’s issues are and track devices as they go on and offline.
I am currently using a smart radius server to run the login portion of the authentication, and this engine classifies the user or device and places the user in a role or vlan for the proper restrictions for their account. It makes it very easy to regulate users access.
802.1x is an amazing tool that everyone should use, it does have its limitations though. If this is interesting to anyone on the specifics I can make a new post or message me directly for what you are interested in and we can go over it.
Sort: Trending