Isolating and Protecting Devices on the Network A database-driven methodology Tom Zeller June 2008.

Slides:

Advertisements

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

Advertisements

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

File Server Organization and Best Practices IT Partners June, 02, 2010.

Access Control Methodologies

Wireless policies & network lockdowns Deb Ranard Scott Matheson.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Wireless and Switch Security NETS David Mitchell.

Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicPresentation_ID 1 Justin Rowling – Systems Engineer Protecting your network with Network Admission.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Electrical and Computer Engineering PeopleFinder Vitaly Gordievsky Alex Trefonas Scott Richard Matt Beckford Midway Design Review.

Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Opening SharePoint to External Users.  Centralize all files  Eliminate the need for Matching Subs RFI’s to our RFI’s (Dan Campbell, ETC)  Create a.

Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.

RADIUS Server (Brocade Controller)

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

Configuring Routing and Remote Access(RRAS) and Wireless Networking

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

LBMS Homeroom is a learning management system which enables teachers and students to send and receive assignments and/or classroom materials.

Common Devices Used In Computer Networks

Mindwrap inc. Wireless Solutions Presentation. 2 Mobile Access to Corporate Document Repositories Available for the Palm VII and other wireless Palm-OS.

Troubleshooting Windows Vista Security Chapter 4.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Module 8: Configuring Network Access Protection

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.

Resnet Enhancements and Directions Part 1, Bruce Campbell, Information Systems and Technology.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.

INDIANAUNIVERSITYINDIANAUNIVERSITY Indiana University Update Tom Zeller

Campus Network upgrade and Wi-Fi Rollout PHASE 3 - CHANGES & HOW THESE AFFECT USERS.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

ITIS 3110 LAB 10 Wireless. configure Pi to use a Wi-Fi dongle New lab Extremely simple.

Module 6: Network Policies and Access Protection.

Beavercreek High School BYOD Student Training: Wi-Fi Login and Authentication Portal.

.  Hubs send data from one computer to all other computers on the network. They are low-cost and low-function and typically operate at Layer 1 of the.

After receiving the confirmation , use the link and Login Id provided to retrieve your password.

Module 5: Network Policies and Access Protection

Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.

Mobile Device Security Management Leyna Belinsky.

Secure Access and Mobility Jason Kunst, Technical Marketing Engineer March 2016 Location Based Services with Mobility Services Engine ISE Location Services.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Munix Bus WiFi Authentication, Log Management, Internet Security, Content Filter & VPN Service Internet Gateway & Business Intelligence

Switchvox SMB 4.6 for your peace of mind

D-Link Wireless AP with NAP 802.1x solution

Advanced Configuration

Munix for Education Content Filter, Bandwidth Control, Location Mapping, Movement Analysis, User Self Management Portal, Time Analysis, and much more ….

LBMS Homeroom is a learning management system which enables teachers and students to send and receive assignments and/or classroom materials.

Virtual Local Area Networks or VLANs

ETHANE: TAKING CONTROL OF THE ENTERPRISE

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS

Introducing To Networking

Introduction to Networking

Printer Admin Print Job Manager

KMIP Entity Object and Client Registration

ENH500 WDS Bridge PtoP Link for IP Camera

Network hardening Chapter 14.

Morgan County Schools And Extreme Networks

6. Application Software Security

Zhihui Sun , Fazhi Qi, Tao Cui

Global One Communications

Presentation transcript:

Isolating and Protecting Devices on the Network A database-driven methodology Tom Zeller June 2008

Purpose Automatically detect special categories of devices and create an appropriate network environment for them

Methodology Overview 802.1x on wired and wireless For non-802.1x devices switch fakes 802.1x authentication using MAC address as username and password Custom RADIUS server recognized username is a MAC address looks up policy

Define Device Categories Work with departments Categories should be easily added Examples: – PCI cash register – Security Camera – Stolen Laptop – RoboDog – Many more

Define Policy Action for Each Category VLAN ID Port ACL Access Denied Alert someone (e.g. stolen laptops) Allow only if in a particular building Allow only if network type matches

MAC Table Input Web application with granular access to categories – e.g. Only physical plant admins can add cameras API for IDS, scanners, etc to add devices on fly Include date for annual refresh Force building restriction for most categories Restrict to wired or wireless only (or both)

Device, Category/Action Tables

Link VLAN names to VLAN Numbers VLAN “Quarantine” is different number in different locations

RADIUS Logic If username is a MAC address – Don’t authenticate via ADS – Look up in registered device table – If present retrieve policy action and building – If building matches requesting switch Send policy via RADIUS attributes to switch

Transparency: The Solution to Complexity Develop web application to allow support personnel to enter MAC address and see what SHOULD have happened (category, building, VLAN, ACL) and/or what ACTUALLY happened (from log file)