Security

Reply
Contributor I

IOT in Financial Environment

We are trying to find the best way to integrate IOT devices into our wireless environment while still keeping them segmented from our network.  Currently, we have an inherited guest setup that requires T&C acceptance via a captive portal with MAC Authenitication/MAC Caching via guest on the back end.  What is the best practice regarding IOT?  Two things that come to my mind.  One: To create a static host list for the IOT devices, if they match the SHL, then a COA would be sent to change their VLAN to a segmented network.  Then via our Palo Alto Firewall, we would pair down their access based on the assigned vlan. Two: to allow them to connect to guest via an entry in the static host list and leave them there.  

It seems dirty and that there would be a better way than to use MAC Caching, but I can't think of a way that would trigger the device to another VLAN when it is connecting via the same guest network as all the other smart devices...

Any thoughts are helpful. 

 

Thanks! 

Guru Elite

Re: IOT in Financial Environment

You should use Device Registration instead of Static Host Lists as it provides an account context with role assignment, expiration and custom fields.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: IOT in Financial Environment

So for headless devices though, how would that work if I can't register the device from the device? 

Guru Elite

Re: IOT in Financial Environment

You register them via browser from another device via the Device Registration portal.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: IOT in Financial Environment

Per usual, you are the man!  Thanks! 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: