Security

Hello,

we just completed a new deployment for a customer, involving Airwave + Controllers + ClearPass.

For the guests, we created a classic Captive Portal page on ClearPass + MAC Caching.

Now the customer is concerned about his security... He is afraid that with MAC Caching, someone could just "sniff" one of the mac addresses already cached on clearpass and thus bypass the user+pw authentication on the captive portal (he will use this method even for employees and therefore not only internet navigation but also corporate navigation).

So my question is, what are the layers of security involved here?

Is really the mac address submission between device and clearpass in clear? Is it encrypted?

And what are in general the security layers/methods using captive portal on ClearPass?

Thank you very much for whoever will answer my post

A user can sniff mac addresses and attempt to connect as a user on an open network like that of a Captive Portal, so you don't want to use that for employee traffic.  There are mac spoofing and ip spoofing protections that you can put in place, but you simply don't want your employees on a network that does not have encryption, because all of their traffic will be sent in cleartext.

Wireless that is not encrypted should not be used for employee communications, period.  Employees should use encrypted wireless to communicate.

Guest networks or captive portal networks should only be on a VLAN that is not routable to an internal network and is protected by Aruba Firewall policies to keep that traffic segregated.