Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass - 802x wired auth for OSX - More checks

This thread has been viewed 1 times

  • 1.  ClearPass - 802x wired auth for OSX - More checks

    Posted Jun 11, 2020 06:51 PM

    Hi,

     

    We are testing wired auth for the latest OSX laptops. Our Clearpass Service checks for username and password, but we would like to add a second check to it. For our wireless, we check for user name and password + if the laptop endpoint is in JAMF's database. Is there something similar that we can do on wire auth, or can you give me another solution to verify that this device is a corporate-owned device.?

     



  • 2.  RE: ClearPass - 802x wired auth for OSX - More checks

    EMPLOYEE
    Posted Jun 11, 2020 08:13 PM

    Do 802.1x with EAP-TLS certificates only.  If the device passes and the method is EAP-TLS, it is a corporate device.  You still have to option to allow EAP-PEAP/MsChapV2 but give it a different level of access or NONE.



  • 3.  RE: ClearPass - 802x wired auth for OSX - More checks

    Posted Jun 11, 2020 10:58 PM

    So regardless if they are wired or wireless, we need some context to reference for an authorization;

     

    Are these wired devices also in JAMF

    Are they enrolled in some asset/CMDB

    Are they running some endpoint security, Crowdstrike/Cylance/McAfee etc.

    Do they have a Corporate device cert installed

     

    Any of these and there are other could be used to validate if the device is a corporate mac.