Security

last person joined: 4 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

IOT in Financial Environment

Jump to Best Answer
  • 1.  IOT in Financial Environment

    Posted Apr 26, 2018 07:46 PM

    We are trying to find the best way to integrate IOT devices into our wireless environment while still keeping them segmented from our network.  Currently, we have an inherited guest setup that requires T&C acceptance via a captive portal with MAC Authenitication/MAC Caching via guest on the back end.  What is the best practice regarding IOT?  Two things that come to my mind.  One: To create a static host list for the IOT devices, if they match the SHL, then a COA would be sent to change their VLAN to a segmented network.  Then via our Palo Alto Firewall, we would pair down their access based on the assigned vlan. Two: to allow them to connect to guest via an entry in the static host list and leave them there.  

    It seems dirty and that there would be a better way than to use MAC Caching, but I can't think of a way that would trigger the device to another VLAN when it is connecting via the same guest network as all the other smart devices...

    Any thoughts are helpful. 

     

    Thanks! 



  • 2.  RE: IOT in Financial Environment
    Best Answer

    Posted Apr 26, 2018 08:00 PM
    You should use Device Registration instead of Static Host Lists as it provides an account context with role assignment, expiration and custom fields.


  • 3.  RE: IOT in Financial Environment

    Posted Apr 27, 2018 01:55 PM

    So for headless devices though, how would that work if I can't register the device from the device? 



  • 4.  RE: IOT in Financial Environment

    Posted Apr 27, 2018 01:58 PM
    You register them via browser from another device via the Device Registration portal.


  • 5.  RE: IOT in Financial Environment

    Posted Apr 27, 2018 01:59 PM

    Per usual, you are the man!  Thanks!