Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MAC spoofing and clear pass mac authentication

This thread has been viewed 5 times

  • 1.  MAC spoofing and clear pass mac authentication

    Posted Mar 08, 2016 12:32 AM

    Hi team 

     

    I have a concern regarding mac authentication done from the clearpass.

    We are having a BYOD ssid with captive portal authentication . Users have to enter the AD credential to get internet access . 

    We have mac caching service in clearpass so that the users are not directed to captive portal frequently.

    As per the configuration of the services , when a user 1st time connects it will get a captive portal page . After providing AD credentials user will get authenticate and updated in the endpoint repository . 

    Next day when the user comes back, the device will perform the mac auth and will be allowed access.

    In the mac auth service we are checking the authorization time source   mac-auth expiry less then the current time .

     

     Now Here 

    Any one can spoof the mac of the user device and can gain access . 

    Is there any way to stop this ? 



  • 2.  RE: MAC spoofing and clear pass mac authentication

    EMPLOYEE
    Posted Mar 08, 2016 12:35 AM
    You can leverage the conflict attribute which will be tripped if the device category changes. 

    Sent from Nine


  • 3.  RE: MAC spoofing and clear pass mac authentication

    EMPLOYEE


  • 4.  RE: MAC spoofing and clear pass mac authentication

    Posted Mar 08, 2016 01:03 AM

    HI 

     

    Thank you for the solution .. Thats great . If a device profile conflicts occurs i can assign deny access or a role to give a cp page . 

     

    Still one confusion here . What if the mac spoofed is of same device . Like i have a smart phone and i spoofed the mac from the smart phone . The catagory ,family will be the same and will be allowed to access  .. even if spoofing .

     

    Thanks 

    Khalid Shaikh 

     

     



  • 5.  RE: MAC spoofing and clear pass mac authentication

    Posted Mar 08, 2016 01:04 AM

    HI 

     

    Thank you for the solution .. Thats great . If a device profile conflicts occurs i can assign deny access or a role to give a cp page . 

     

    Still one confusion here . What if the mac spoofed is of same device . Like i have a smart phone and i spoofed the mac from the smart phone . The catagory ,family will be the same and will be allowed to access  .. even if spoofing .

     

     

     



  • 6.  RE: MAC spoofing and clear pass mac authentication

    Posted Mar 13, 2016 11:17 AM

    that is unfortunately the case and simply can't be fully stopped. using MAC addresses opens the chance of MAC spoofing. the question is how many people will actually go through the process to do this (it does require a certain amount of skill and isn't that straight forward on several classes of devices) and what do they accomplish then.