Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Dolos Cloak : Automated 802.1x Bypass

This thread has been viewed 0 times

  • 1.  Dolos Cloak : Automated 802.1x Bypass

    Posted Oct 02, 2019 11:05 AM

    Hi,  I've read the following article and I'm wondering how Clearpass is reacting on this? Can profiling help to prevent this kind of attacks?

     

    https://kalilinuxtutorials-com.cdn.ampproject.org/c/s/kalilinuxtutorials.com/dolos-cloak-automated-802-1x-bypass-network-penetration/amp/

     



  • 2.  RE: Dolos Cloak : Automated 802.1x Bypass

    EMPLOYEE
    Posted Oct 03, 2019 02:46 AM

    Profiling and proper responses can help and will prevent the attack as described. The core of what is exploited here is that on wired 802.1X the authentication is not bound to encryption. MACSec would offer such binding of encryption with authentication, similar to how it works on WLAN which can't be attacked in this way. However, it is hard to build a solution with that as many switches don't have the encryption capacity needed (hardware support) and I'm not aware of a standard client that supports MACSec.

     

    This risk should be evaluated as part of your larger risk assessments, and a possible compensating control can be to limit, monitor and inspect the physical access to your network and devices attached to it.