Security

Reply
Highlighted
Occasional Contributor II

Best security practice on IAP

Guys,

 

What are the best security practices to implement on IAP? Few I can think of;

Block RFC 1918 addresses on Guest wireless.

Block access to instant.arubanetworks.com &  securelogin.arubanetworks.com per SSID on corp. 

 

Is it necessary to block PAPI communication between SSID? 

Aruba Employee

Re: Best security practice on IAP

in my opinion, it is not really necessary to block PAPI, however you can

  • enable cluster security
  • disable telnet access
  • enable "protection from wired attacks"
  • use inbould firewall use to provide mgmt access from a specific subnet
  • use IDS/IPS functionality relevant to your organisation 
  • use the relevant WebCC rules to compliment your egress firewall policies

finally there is a new feature in Instant 8.5 around client isolation.

check this tutorial.

https://community.arubanetworks.com/t5/Controllerless-Networks/Client-Isolation-Feature-with-Instant-8-5/td-p/547605

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: