08-12-2013 05:25 AM
I work at a USGS facility and have been trying to come up with solutions for BYOD that will be acceptable to our DOI superiors. I am just wondering how other government agencies are dealing with the increasing number of personally owned devices and GFE (Government Furnished Equipment) that seem to be popping up every day. We have currently use WPA2 Enterprise to authenticate users using a radius server that queries the AD domain for authentication. Users that are savvy have figured out that if the enter their credentials and setup their phones or IPADS correctly they can technical and get wireless. I am planning on using DHCP device signatures to capture these users in a role that has a Firewall Policy that denies everything. I will also have a separate SSID that we will use MAC address verification to provide authorized wireless access for users that have complied with our policies
I would like to see how others are dealing with this and maybe get some other ideas on how to allow access for GFE and deny access for others. Clearpass may be the solution at some future date but now in the immediate horizon.
Thanks in advance!
08-13-2013 07:26 AM
Aruba ClearPass Policy Manger can simplify the administration, setup, and issuing of machine-based certificates. With an incorporated CA (Certificate of Authority) the process of creating, distributing, and even revoking these certificates is simplified even to the level of minimal to no user intervention required. Along with the Guest and On-Board software modules, CPPM is the answer to many BYOD challenges that federal customers face.
Without the introduction of CPPM into the wireless network authentication stream, the available solutions are limited and the administration often becomes cumbersome, requiring several point products that do not work well together.