Security

Reply
Frequent Contributor II

Best way to diferentiate between Corporate and Personal Smart Phones?

So how do you guys do it? Best way to diferentiate between Corporate and Personal Smart Phones using Clearpass with Active Directory?

 

aaannndddd..... GO!!!

Scott McNeil - Sr. Network & Security Engineer, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Guru Elite

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

Are you using an MDM for either classification of devices?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

Hiya Cappi! Negative, the client does not have an MDM as there are approximately 80 or so Android phones.

 

So was wondering about other alternatives, possibly with AD/LDAP  queries?

Scott McNeil - Sr. Network & Security Engineer, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Guru Elite

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

If you're not using an MDM, you'd have to leverage SHLs or Guest Device
Repository with MAC address to identify them. Just keep in mind, MAC address
can be spoofed, so you'll want to use the profile conflict detection
mechanisms with this.



One other alternative is to issue certificates to the corporate devices via
Onboard or an external CA.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

SHLs?

 

 

Scott McNeil - Sr. Network & Security Engineer, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Guru Elite

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

Static host lists in ClearPass or a list of corporate mac addresses.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

There are waaaaaaay too many acronyms in our line of work :-)

 

But yeah, I think that is the direction we are going to go. Thanks for the assistance gang!

Scott McNeil - Sr. Network & Security Engineer, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: