Security

Reply
Frequent Contributor I
Posts: 228
Registered: ‎09-14-2011

Best way to diferentiate between Corporate and Personal Smart Phones?

So how do you guys do it? Best way to diferentiate between Corporate and Personal Smart Phones using Clearpass with Active Directory?

 

aaannndddd..... GO!!!

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | ACSP | ACMP | ACMA | BREC
Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

Are you using an MDM for either classification of devices?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 228
Registered: ‎09-14-2011

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

Hiya Cappi! Negative, the client does not have an MDM as there are approximately 80 or so Android phones.

 

So was wondering about other alternatives, possibly with AD/LDAP  queries?

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | ACSP | ACMP | ACMA | BREC
Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

If you're not using an MDM, you'd have to leverage SHLs or Guest Device
Repository with MAC address to identify them. Just keep in mind, MAC address
can be spoofed, so you'll want to use the profile conflict detection
mechanisms with this.



One other alternative is to issue certificates to the corporate devices via
Onboard or an external CA.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 228
Registered: ‎09-14-2011

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

SHLs?

 

 

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | ACSP | ACMP | ACMA | BREC
Guru Elite
Posts: 20,773
Registered: ‎03-29-2007

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

Static host lists in ClearPass or a list of corporate mac addresses.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 228
Registered: ‎09-14-2011

Re: Best way to diferentiate between Corporate and Personal Smart Phones?

There are waaaaaaay too many acronyms in our line of work :-)

 

But yeah, I think that is the direction we are going to go. Thanks for the assistance gang!

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | ACSP | ACMP | ACMA | BREC
Search Airheads
Showing results for 
Search instead for 
Did you mean: