Darksat IT Security Forums

Hardware, Software and Security => IT Security Forum => Topic started by: mobi_khan on December 03, 2008, 05:57:22 am



Title: Automatic equipment identification in network
Post by: mobi_khan on December 03, 2008, 05:57:22 am
Hi guyz,

1. Can you please help me out for deploying control for Automatic equipment identification in network? The requirement is that in case any user tries to connect his/her laptop or PDA to our company network we were able to detect it immediately.

2 Secondly I have passed the CISSP exam, now I wanted to go for one more cert should I go for CISA or CISM? As far as I know CISM contains almost the same domain as of CISSP but I was wondering which one will be better for growth CISA or CISM. I am already doing CCNA & after that will go for CCNA Security.

Thanks & Regards


Title: Re: Automatic equipment identification in network
Post by: Kenf916 on November 06, 2011, 09:04:54 am
Mobi,

What you are proposing is a Network Access Control (NAC) solution.  There are several venders who make this in different hardware implementations.  Cisco and Bluecoat are the 500 lb guerillas in the room in this area.   I have to tell you itís not cheap and requires a fair amount of infrastructure and modification.  For instance you have to set up authorized and unauthorized vlans on the switches, redundant clean access servers, etcÖ  So unless you have 50K in hardware and licensing to spend, you probably are looking for a software only solution.  If thatís the case, then I would look at McAfee ePolicy, which has a NAC and rouge device option.  Either way be prepared for lots of cost.  If you canít afford the implementation, one no cost, high effort solution is to use sticky macs in your switches (https://supportforums.cisco.com/thread/151147).  This however does not provide a reporting component. Hope this was helpful.

Ken

www.kmbl.us